Menu
What's new
By:
Filters Better Search

Help a Noob understand how to set up VPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Thanks. Yep did that. Maybe my ddns is off. Do I have to use a specific DNS server address that will recognize my new xx.asuscomm.com address?
 
smetlydc2 said:
Thanks. Yep did that. Maybe my ddns is off. Do I have to use a specific DNS server address that will recognize my new xx.asuscomm.com address?
Click to expand...

No, but some DNS servers will be slower or faster to pick up a change or addition. I find Google's DNS servers to be frighteningly fast at registering a change.
 
Nullity said:
No, but some DNS servers will be slower or faster to pick up a change or addition. I find Google's DNS servers to be frighteningly fast at registering a change.
Click to expand...

Propagation speed should always be based off a zone's TTL. If a DNS server somehow gets updates faster, then someone isn't obeying the TTL values...
 
RMerlin said:
Propagation speed should always be based off a zone's TTL. If a DNS server somehow gets updates faster, then someone isn't obeying the TTL values...
Click to expand...

My ISP's DNS was consistently slow (15min+?) when I changed my DynDNS IP, while Google would register the change within a few minutes.

I dunno, maybe my ISP ignored the TTL and Google obeyed, or maybe Google preempted it? Hell, my ISP's DNS now includes ads for NX domains, which I doubt is part of the DNS specification...
 
Nullity said:
My ISP's DNS was consistently slow (15min+?) when I changed my DynDNS IP, while Google would register the change within a few minutes.

I dunno, maybe my ISP ignored the TTL and Google obeyed, or maybe Google preempted it? Hell, my ISP's DNS now includes ads for NX domains, which I doubt is part of the DNS specification...
Click to expand...

That's possible. I know a major local ISP used to run some aggressive DNS caching that would totally ignore TTLs. Stuff could take up to 24 hours to refresh... That was nearly 15 years ago however. That ISP did quite a few stupid things over the years. I'm still not that thrilled by the fact that they only attempt SMTP delivery for 1 day before bouncing back, unlike the typical 5 days recommended (but, mind you, not required) in SMTP RFCs, and used by most other servers out there. It means if a customer's mail server goes down during the weekend, mails will be lost if we only resolve the issue on Monday morning.

NO-IP uses 10 minutes from what I can see from my own DDNS record.

If your ISP is replacing NXDOMAIN responses with ads, then it's a definitive sign that you should not use their DNS servers (unless they offer some kind of opt-out, but even then I'm not sure I would trust them). I remember when NetSol tried to pull that trick onto root servers a few years ago. Worst. Idea. Ever. Didn't last long... First thing that comes to mind that would break due to this were mail server's spam filtering.

That some ISPs would fail to learn from the past is... well, not surprising unfortunately. Just sad.
 
Ok there was something wrong with the DDNS. I had an Ooma set up between the modem and the Asus and I think that was killing the DDNS.

DDNS now says registered but connection is being refused

Now I have a problem with the keys.

Certification Authentication / Server certification / Server Key field error!

Please check the Keys and Certification contents on the Advanced Settings page.

I saw another thread... looks like there is a tmp file where I can delete the keys?
 
Ok so here's the latest...

spoke to Asus support again.. told them I got DDNS working but was still having issues with the OpenVPN software and the keys created in the router.

level 2 support asked for the serial # on the router and told me that some of the RT-AC32oo's dont work with OpenVPN and mine happened to be one of those.... very frustrating they took that long to figure this out. Every damn support person i talked to just wanted me to do a factory reset.

hopefully the next one works.
 
smetlydc2 said:
level 2 support asked for the serial # on the router and told me that some of the RT-AC32oo's dont work with OpenVPN and mine happened to be one of those....
Click to expand...

...Uh?!

Short of having a batch having a corrupted/missing JFFS partition (and still I have no idea how that could happen), let me say that this answer makes me scratch my head, and I fail to see how OpenVPN might "not work" on some batches.
 
RMerlin said:
...Uh?!

Short of having a batch having a corrupted/missing JFFS partition (and still I have no idea how that could happen), let me say that this answer makes me scratch my head, and I fail to see how OpenVPN might "not work" on some batches.
Click to expand...

If Asus' Customer Service is anything like my ISP's, they will tell you practically anything, maybe in an attempt to make the customer think that the problem is solved when they really have no idea what the problem really is.

Rather than getting into technical details, they might just say "Yes, that modem was apparently made out of cheddar cheese, our apologies. A replacement is in the mail.".
 
When I get the replacement I'll call back and demand they walk me thru the setup.

Frustrating.
 
Last edited:
Nullity said:
If Asus' Customer Service is anything like my ISP's, they will tell you practically anything, maybe in an attempt to make the customer think that the problem is solved when they really have no idea what the problem really is.

Rather than getting into technical details, they might just say "Yes, that modem was apparently made out of cheddar cheese, our apologies. A replacement is in the mail.".
Click to expand...
I do not buy that certain routers where not able to connect to the VPN. I agree with Nullity.
I think they gave you a cheep excuse so they can give you an RMA
I dealt with ASUS once on the phone and their support is pretty basic. It was for a motherboard, they had no clue, they just gave me a RMA and that was it. I think that's the way they handle things. You have a problem? send it back if its under warranty, they will try to fix it and send it back to you. It would be nice if you had another ASUS router to compare.
 
Ok got the new RT-AC3200 yesterday.

saw in the ovpn file a dns name so I will assume it should work now that my ddns is working.

Does upnp need to be enabled?




RMerlin said:
OpenVPN GUI is for clients, not for server. No command line work required.

You need to install it, then go to C:\Program Files\OpenVPN\config\ and copy the client1.ovpn file you exported from your router into that folder.

When you run OpenVPN GUI, it will automatically try to use any config in that folder by default. Connect through the system tray icon.

(adjust the path according to your specific OpenVPN location, it will vary depending on the Windows version and whether it's 32-bit or 64-bit).
Click to expand...
 
smetlydc2 said:
Ok got the new RT-AC3200 yesterday.

saw in the ovpn file a dns name so I will assume it should work now that my ddns is working.

Does upnp need to be enabled?
Click to expand...

UPNP has no relation with VPNs.
 
new router.... still no luck.

since I have 2 and 1 is going back to Amazon Monday, I'm going to try the Merlin firmware on it and see if I can get OpenVPN going with that.

If not I'm calling Asus support back Monday and will tell them that I don't think they have anyone who really knows how to set up OpenVPN.
 
question... before I install Merlin....when I set connection to the router from HTTP to HTTPS... does this affect OpenVPN?

I did try editing the ovpn file and added :8443 to the end of the dns name but that didn't help.
 
It does not seem to be an issue on Asus' end? I suggest you start with a 'simple' connection to verify the hardware is working and then try the more complex setups you seem to need or want.
 
Obviously I'm doing something wrong. The problem with Asus support is that they wont walk me thru setting it up or at very least verify some settings that I may have missed. Their only offering is outdated documentation.

L&LD said:
It does not seem to be an issue on Asus' end? I suggest you start with a 'simple' connection to verify the hardware is working and then try the more complex setups you seem to need or want.
Click to expand...
 
smetlydc2 said:
Obviously I'm doing something wrong. The problem with Asus support is that they wont walk me thru setting it up or at very least verify some settings that I may have missed. Their only offering is outdated documentation.
Click to expand...

I think you're asking the wrong support? Ask the vpn provider instead.
 
smetlydc2 said:
Obviously I'm doing something wrong. The problem with Asus support is that they wont walk me thru setting it up or at very least verify some settings that I may have missed. Their only offering is outdated documentation.
Click to expand...
Check VPN provider forum. Someone could have posted an updated tutorial.
 
You must log in or register to reply here.

Similar threads

gdgross
Setting up VPN server (router?) for offsite access
Replies
13
Views
907
gdgross
gdgross
A
Best way to set up vpn on router for gaming?
Replies
13
Views
1K
Benbrode
B
M
VPN for a Cruise Ship
Replies
11
Views
671
sfx2000
sfx2000
M
Help Me Understand OpenVPN
Replies
5
Views
564
Tech9
Tech9
F
Router for VPN with AES-NI
Replies
8
Views
833
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
M Help Me Understand OpenVPN VPN 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,025 (members: 38, guests: 987)
Top