How to configure VPN with Certificates?

[kfmfe04]

If I want to configure VPN with certificates, will I have to use OpenVPN (I can't seem to find any options in the STOCK 3.0.0.4.260 build)?

Will I need to use dd-wrt or RMerlin's builds?

If so, are there alternatives, like using a really long random password, etc?

I prefer to have something that just works (rather than tweak things indefinitely). Robustness/security/reliability is paramount.

Before this, I used ssh/tunnels to get my work done - I really love the convenience and speed of VPN over ssh, but I'd like to lock it down some more if I can.

Any suggestions? TIA.

 

[RMerlin]

If you want security, then forget PPTP. Even with a long password, it's still easy to crack.

You will want either OpenVPN or SSH tunneling, both of which will require a third party firmware. Stock firmware only offers PPTP.

 

[kfmfe04]

If you want security, then forget PPTP. Even with a long password, it's still easy to crack.

You will want either OpenVPN or SSH tunneling, both of which will require a third party firmware. Stock firmware only offers PPTP.

Thank you for the warning - I have turned off PPTP and downloaded

RT-N66U_3.0.0.4_270.24.zip

I will go over this blog several times:

http://blog.bertelsen.co/2013/04/asus-rt-n66u-with-openvpn-server.html

until I feel comfortable with the procedure and then make an attempt at an install.

 

[RMerlin]

Thank you for the warning - I have turned off PPTP and downloaded

RT-N66U_3.0.0.4_270.24.zip

I will go over this blog several times:

http://blog.bertelsen.co/2013/04/asus-rt-n66u-with-openvpn-server.html

until I feel comfortable with the procedure and then make an attempt at an install.

270.24 is old. Get the latest non-beta, which is 270.26b.

 

[anthr4x]

I personally like openvpn configuration. here is a great tutorial to use with tomato firmware http://www.howtogeek.com/60774/connect-to-your-home-network-from-anywhere-with-openvpn-and-tomato/

also you can create Openvpn to start automatically when you start your pc with
https://www.my-private-network.co.uk/knowledge-base/windows-related-questions/ovpnauto.html

I hope this work.

 

[kfmfe04]

Thank you for those useful links.

It was definitely harder to configure openVPN (too many settings) compared to PPTP, but considering that the out-of-the-box PPTP is bogus (maybe we should call it a Virtual-Public-Network?), I can't really complain.

The part that tripped me up the most, initially, was not clearly distinguishing between TUN (tunneling) and TAP (bridge), and noting their impact on subnet allocation.

By configuring the client subnet without understanding how TUN vs TAP work first, I semi-bricked my N66U. But I guess that's hardly surprising, considering the number of settings available for tweaking in openVPN.

Luckily, RMerlin set me straight.

FWIW, it ended up taking about a day to get openVPN working on:

RT-N66U_3.0.0.4_270.26b.trx​

One thing I would like to test later is TCP vs UDP. From what I could google, TCP appears to be better for closer, more reliable connections whereas UDP appears to be better for more distant, flaky connections.

Since RMerlin has allowed us to run both servers at the same time, it should be easy to try out, but my guess is, for most non-realtime applications, it probably doesn't make much of a difference.