1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

How to setup a VPN Server with Asus routers 380.68 updated 08.24

Discussion in 'VPN' started by yorgi, Jul 14, 2016.

  1. yorgi

    yorgi Very Senior Member

    Joined:
    Jan 28, 2015
    Messages:
    847
    Location:
    Canada
    You cannot use PING to see if your lan is working. You would have to make a rule on a win PC to let PING go throught.
    Microsoft over the years has become super secure and they block everything.
    Instead of pinging the PC do a file share and see if you see it through your server.
    if you need to use ping then make a rule that ICMPv6 be allowed. now if you ping that PC it will work.
    Also if you are using win10 update to the anniversary edition because they fixed these issues and you don/t need special firewall rules to establish a share.
    Use TCP protocol instead of UDP on your windows firewall instead of any.

    At the bottom of the article you have this

    Windows firewall fix that blocks VPN server:

    If you enable LAN to clients option and are connecting to a win 10 computer
    you will only be able to use remote desktop, File and printer sharing won't work.
    Here is a fix for the firewall in order to have file and sharing work when connected to the VPN server.

    go to control panel and start windows firewall. Then click on advanced settings.
    Now create a new Inbound rule. Program/All Programs/Allow the connection/Domain, public and private enabled, then save the rule as VPN TCP.
    Look for the rule you created in the inbound rules and double click on it so you can see the properties. Go to protocols and Ports and put Protocol TCP on all local ports and remote ports. In scope "Local IP addresses" add the local IP address of the win 10 pc you want to have access to file sharing "these IP addresses" example 192.168.1.124 and in "Remote IP address" "These IP addresses" put the IP address of the VPN server sunbet. example 10.8.0.0/24
    Check and see the "VPN Subnet / Netmask" in advanced settings in VPN server to make sure you put the right address.
     
  2. yorgi

    yorgi Very Senior Member

    Joined:
    Jan 28, 2015
    Messages:
    847
    Location:
    Canada
    use TCP instead of UDP or ANY in the firewall rule.
    Read my article at the bottom of the article I explain how to fix the windows bug.
    if you use the latest updates from microsoft anniversary edition you wont need to put any rules
    it works without any issues.
     
  3. inutile

    inutile New Around Here

    Joined:
    Oct 14, 2016
    Messages:
    3
    Hey yorgi thanks so much for the quick reply. It's amazing, I really appreciate it!!

    Your info about PING and win10 anniversary really helped out. I do have the anniversary edition. So I found out that my problem was somewhere else.

    What I was actually trying to achieve was to access a local instance of Redmine running on Docker. It was a vboxheadless firewall rule that was blocking the access. I needed to allow the public connection. I gave the local scope 10.8.0.0/24, and the remote scope 192.168.2.1/24 && 10.8.0.0/24.

    Everything works now. Would you just confirm that it is safe to do so?

    Also, I would now like my laptop hosting Redmine to have a static IP when connecting to the VPN. I have read online that it is possible if you can access the client config directory on the server side, but I cannot since OpenVPN is on my asus router... Is there a way to do so?
     
  4. yorgi

    yorgi Very Senior Member

    Joined:
    Jan 28, 2015
    Messages:
    847
    Location:
    Canada
    What is the word safe really mean? What I suggest is try those rules one at a time and see if you need 3 rules to make your setup work. the less subnets open on the firewall the better.
    As far as having a static IP why is it that you can't do it?
    I don't get your question.
    You have a VPN server setup in point A and a VPN client that connects to your server at point B
    Are these in independent locations?
    If you want to share folders you need to have different IP on the VPN server and different on the Client
    so give the VPN Server 192.168.1.1 and the VPN client 192.168.2.1 and for the laptop which I would assume is on the VPN client
    you can give it 192.168.2.3
    as long as the VPN server and the client have different ip range you can give any static ip to any device on your router.
    Just make sure that you go to VPN CLIENT ROUTER's LAN/DHCP/IP Pool Starting Address 192.168.2.100 and IP Pool ending Address 192.168.2.254
    Do the same for the VPN server but the address would be 192.168.1.100-192.168.1.254
    this way you make sure that your static IP are separated from the DHCP so you won't get any conflicts and you can assign Static IP addresses to any device and have it share files on the server.
    I would also suggest in the server section option direct clients to internet traffic to disable that. Unless you want all your traffic to get redirected to your Server and then your client which needs a lot of bandwidth if you don't need that feature take it off.
    This way you can browse internet from Local ISP where you are and when you need to file share print etc it will go via your VPN server.

    I hope this helps. if not please give me a more detail view of your setup
     
  5. eighteen

    eighteen Regular Contributor

    Joined:
    Nov 5, 2016
    Messages:
    69
    In my Netgear R7000 I have configured an openvpn server connection and wanted the data that passed through this connection to go through the vpn client connection that I have also configured.

    Can someone help me with the steps?

    Thank you.
     
  6. yorgi

    yorgi Very Senior Member

    Joined:
    Jan 28, 2015
    Messages:
    847
    Location:
    Canada
    Can you be more specific? Your VPN client is another Router or a PC?
    You want to share networks on from both routers?
    Or you want the data to get redirected to your server when browsing?
    I don't understand your question
     
  7. eighteen

    eighteen Regular Contributor

    Joined:
    Nov 5, 2016
    Messages:
    69
    What I basically intend is to create a vpn server on my Router in which traffic passing through this server is redirected to the vpn client (ipvanish) service that I have configured on the same Router.

    And why?
    Because, I want have the adblock protection installed on the Router and I want data encryption.
     
  8. yorgi

    yorgi Very Senior Member

    Joined:
    Jan 28, 2015
    Messages:
    847
    Location:
    Canada
    Ok that is simple.
    Use my guides to create a VPN server and Client.
    on the server go to advance and look fot the option
    Direct clients to redirect Internet traffic and enable that
    Also you can enable Advertise DNS to clients this way you are sure you are connected to your server.
    when you connect to the server with your client go to https://dnsleaktest.com/ and do an advanced test and see if the DNS and IP is that of your server.
     
  9. eighteen

    eighteen Regular Contributor

    Joined:
    Nov 5, 2016
    Messages:
    69
    I already had these options enabled, but in the vpn client configuration I have the "Redirect Internet traffic: policy rules" option enabled because I have some equipment in my network that I do not want their traffic to pass through vpn.

    So your suggestion no longer works, because I have to define in the vpn client configuration the ip's that I want to pass through vpn.

    If I set the virtual ip assigned by the vpn server does not work.

    [​IMG]

    [​IMG]
     
  10. yorgi

    yorgi Very Senior Member

    Joined:
    Jan 28, 2015
    Messages:
    847
    Location:
    Canada
    Lets try this before anything. Instead of policy rules put it to all traffic and see if that works.
    if it works then I will help you in the rules department. I cannot see your rules therefore I can't assess the problem.
    It works I assure you that. I have one setup and I have no issues.
    One question, are both routers using the same modem? or are they in separate locations with different ISP provider?
    because if you have both of them on your LAN it will never work. each router has to have its own ISP
     
  11. eighteen

    eighteen Regular Contributor

    Joined:
    Nov 5, 2016
    Messages:
    69
    The router and the modem is only one.

    I intended to see if it was possible to do everything with the same router.
     
  12. yorgi

    yorgi Very Senior Member

    Joined:
    Jan 28, 2015
    Messages:
    847
    Location:
    Canada
    That will never work I assure you that.
    You need to have a separate ISP in order for it to work. and 2 different routers.
    You are wasting your time stop right now and move on :)
     
  13. eighteen

    eighteen Regular Contributor

    Joined:
    Nov 5, 2016
    Messages:
    69
    Okay, thanks, I've seen it, too. :)
     
  14. element6

    element6 New Around Here

    Joined:
    Dec 14, 2016
    Messages:
    3
    This is an awesome guide. Thank you yorgi for taking the time to put this together!

    I realize the scope of this guide is by using the OpenVPN server built into our routers, but has anyone had any success with the PPTP VPN server? I've watched several youtube videos and read several posts on other forums and this forum regarding the setup of the PPTP VPN server, and no matter what, I can't get that one to allow a remote machine to connect to it.

    Every time I try, I get "Error 619", like so:
    [​IMG]

    It's extremely frustrating. I wish I could get to the bottom of it seeing as some people have clearly been able to use this method successfully. I only like the idea of the PPTP VPN because it's very Windows friendly and I can use the built in VPN functionality within Windows to connect from any Win7 system.

    Here's my setup:
    • Default PPTP VPN Server settings on a
    • ASUS RT-AC87U (latest stock fw)
    • Directly behind an Arris CM820A (one of the most basic cable modems of all)
    • Remote laptop: Windows 7 x64 Pro
    • Laptop has Windows Firewall completely disabled
    • Followed this video for my VPN Server and client settings:
    On the same laptop and same router listed above, I was able to successfully utilize the OpenVPN server and client and connect to it just fine.. so what gives? Anyone have any experiencing using the PPTP Server in the later ASUS firmwares?


    PS, I have diag logs from the last set of unsuccessful VPN connection attempts (the Windows diagnostic logs that you can generate from a VPN connection). If they would be useful, let me know and I'll post them. I'm not seeing anything special in them beyond some disconnect alerts.
     
  15. yorgi

    yorgi Very Senior Member

    Joined:
    Jan 28, 2015
    Messages:
    847
    Location:
    Canada
    I would not suggest you use PPTP its old and not very secure.
    You are better off with OpenVPN server
     
  16. zubesuch

    zubesuch New Around Here

    Joined:
    Jan 23, 2017
    Messages:
    2
    Hi.

    Thank you so much for the great instruction.
    The connection working well except one small issue.

    I am using the RT-AC68U with stock software (3.0.0.4.380).
    The client is an Iphone 7 (latest firmware).

    The tunnel is up and running and I can connect some servers via safari browser.
    But I cannot use the apps ... they say no connection.

    I think It could be an routing issue. Because of the 2 different IP (192.168.2.1 and 10.8.0.0). But I really don't know.
    Sorry for my bad english ... I am german.

    Kind regards
    Tobi
     
    Last edited: Jan 24, 2017
  17. jjulez

    jjulez Regular Contributor

    Joined:
    Oct 18, 2014
    Messages:
    55
    I took my vpn out of the router because whenever there's a power outage or reboot the vpn comes on
     
  18. goldriver

    goldriver New Around Here

    Joined:
    Feb 11, 2017
    Messages:
    1
    Thanks for this guide, unfortunatly, I can't get my iphone to connect to my ASUS router, Here is the log I have on my phone and below my asus config.

    I tried changing the port to 9098, 6765 but still can't connect. When I try the connection I can see on the ASUS VPN status page that something is happening (see the image at the butom)

    Any idea what the problem could be ?

    2017-02-11 07:16:48 ----- OpenVPN Start ----- OpenVPN core 3.1.2 ios arm64 64-bit built on Dec 5 2016 12:50:25
    2017-02-11 07:16:48 Frame=512/2048/512 mssfix-ctrl=1250
    2017-02-11 07:16:48 UNUSED OPTIONS
    14 [resolv-retry] [infinite]
    15 [nobind]
    2017-02-11 07:16:48 EVENT: RESOLVE
    2017-02-11 07:16:49 Contacting xxx.xxx.xxx.xxx:1194 via UDP
    2017-02-11 07:16:49 EVENT: WAIT
    2017-02-11 07:16:49 SetTunnelSocket returned 1
    2017-02-11 07:16:49 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
    2017-02-11 07:16:49 NET Internet:ReachableViaWiFi/-R t------
    2017-02-11 07:16:58 Server poll timeout, trying next remote entry...
    2017-02-11 07:16:58 EVENT: RECONNECTING
    2017-02-11 07:16:58 EVENT: RESOLVE
    2017-02-11 07:16:58 Contacting xxx.xxx.xxx.xxx:1194 via UDP
    2017-02-11 07:16:58 EVENT: WAIT
    2017-02-11 07:16:58 SetTunnelSocket returned 1
    2017-02-11 07:16:58 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
    2017-02-11 07:17:08 Server poll timeout, trying next remote entry...
    2017-02-11 07:17:08 EVENT: RECONNECTING
    2017-02-11 07:17:08 EVENT: RESOLVE
    2017-02-11 07:17:08 Contacting xxx.xxx.xxx.xxx:1194 via UDP
    2017-02-11 07:17:08 EVENT: WAIT
    2017-02-11 07:17:08 SetTunnelSocket returned 1
    2017-02-11 07:17:08 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
    2017-02-11 07:17:18 Server poll timeout, trying next remote entry...
    2017-02-11 07:17:18 EVENT: RECONNECTING
    2017-02-11 07:17:18 EVENT: RESOLVE
    2017-02-11 07:17:18 Contacting xxx.xxx.xxx.xxx:1194 via UDP
    2017-02-11 07:17:18 EVENT: WAIT
    2017-02-11 07:17:18 SetTunnelSocket returned 1
    2017-02-11 07:17:18 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
    2017-02-11 07:17:28 Server poll timeout, trying next remote entry...
    2017-02-11 07:17:28 EVENT: RECONNECTING
    2017-02-11 07:17:28 EVENT: RESOLVE
    2017-02-11 07:17:28 Contacting xxx.xxx.xxx.xxx:1194 via UDP
    2017-02-11 07:17:28 EVENT: WAIT
    2017-02-11 07:17:28 SetTunnelSocket returned 1
    2017-02-11 07:17:28 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
    2017-02-11 07:17:38 Server poll timeout, trying next remote entry...
    2017-02-11 07:17:38 EVENT: RECONNECTING
    2017-02-11 07:17:38 EVENT: RESOLVE
    2017-02-11 07:17:38 Contacting xxx.xxx.xxx.xxx:1194 via UDP
    2017-02-11 07:17:38 EVENT: WAIT
    2017-02-11 07:17:38 SetTunnelSocket returned 1
    2017-02-11 07:17:38 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
    2017-02-11 07:17:48 EVENT: CONNECTION_TIMEOUT [ERR]
    2017-02-11 07:17:48 EVENT: DISCONNECTED
    2017-02-11 07:17:48 Raw stats on disconnect:
    BYTES_OUT : 840
    PACKETS_OUT : 60
    CONNECTION_TIMEOUT : 1
    N_RECONNECT : 5
    2017-02-11 07:17:48 Performance stats on disconnect:
    CPU usage (microseconds): 45505
    Network bytes per CPU second: 18459
    Tunnel bytes per CPU second: 0
    2017-02-11 07:17:48 EVENT: DISCONNECT_PENDING
    2017-02-11 07:17:48 ----- OpenVPN Stop -----

    here is my router setup:

    upload_2017-2-11_7-23-25.png

    upload_2017-2-11_7-27-40.png
     
  19. yorgi

    yorgi Very Senior Member

    Joined:
    Jan 28, 2015
    Messages:
    847
    Location:
    Canada
    PPTP is not safe. Use OpenVPN its way better..PPTP is old technology and not recommended.
     
  20. yorgi

    yorgi Very Senior Member

    Joined:
    Jan 28, 2015
    Messages:
    847
    Location:
    Canada
    Did you follow these steps for the iphone?
    https://www.asus.com/support/Knowledge-Detail/11/2/RTAC68U/37EC8F08-3F50-4F82-807E-6D2DCFE5146A/
    you shouldn't have any problems connecting your iphone to the server.