1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

How to setup a VPN Server with Asus routers 380.68 updated 08.24

Discussion in 'VPN' started by yorgi, Jul 14, 2016.

  1. Samir

    Samir Very Senior Member

    Joined:
    Apr 1, 2013
    Messages:
    793
    Location:
    HSV
    This is quite interesting. Let me see if I'm understanding this correctly. Is this basically a native function that works just like an ipsec site-to-site vpn tunnel?
     
  2. Sir Dan Baker

    Sir Dan Baker Occasional Visitor

    Joined:
    Feb 12, 2012
    Messages:
    46
    Thanks a lot for this manual, was searching my *$$ off for the pptp option on my iphone but this works like a charm and now I can safely access my cameras without opening all kinds of http ports where they spill all the passwords.
     
  3. Sir Dan Baker

    Sir Dan Baker Occasional Visitor

    Joined:
    Feb 12, 2012
    Messages:
    46
    So, this stopped working without having changed anything, my phone tells me the vpn is active but I cannot access my synology or my camera's usgin it. Is there anything I should check first?
     
  4. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,839
    Location:
    The Land of Smiles
    I found that compression setting of None no longer worked for me with OpenVPV 2.4 on Merlin 380.65 + releases. Disabled, LZ4 and LZO adaptive worked though. I had to export a new opvn file after making the change.
     
  5. cdbma

    cdbma Occasional Visitor

    Joined:
    Nov 28, 2012
    Messages:
    28
    Trying to get connected to my 56U. Of course, I'm stuck with PPTP for now. I'll upgrade the router at some point.

    I set up the VPN server, then tried to connect with my Android phone, using the built-in VPN capability. I've tried dozens of configurations and settings, but I always get this error:

    Apr 1 10:40:30 pptp[13979]: pppd 2.4.7 started by xxxxxxxxxxxx, uid 0
    Apr 1 10:40:30 pptp[13979]: Using interface ppp10
    Apr 1 10:40:30 pptp[13979]: Connect: ppp10 <--> pptp (66.87.9.252)
    Apr 1 10:41:00 pptp[13979]: LCP: timeout sending Config-Requests
    Apr 1 10:41:00 pptp[13979]: Connection terminated.
    Apr 1 10:41:00 pptp[13979]: Modem hangup

    While I realize that it's goofy, I can connect inside my LAN, so that tells me that something is working. I don't know enough about VPN to figure out what's wrong. I would like some feedback before I give up. Thanks,
     
  6. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,839
    Location:
    The Land of Smiles
    Instead of using the built in option, try this instead.

    In the guide, there is the step to export the certificate. Save the certificate to your laptop. Connect your phone to the laptop and copy the certificate to a location on the phone. Install the OpenVPN Conmect app on your phone. Open the app. Click the three dots in the right hand corner and select import. Select the certificate that you saved previously. It will know create a profile for your router. To test, connect to another wifi location and Select the profile that got created when you imported the certificate.
     
  7. cdbma

    cdbma Occasional Visitor

    Joined:
    Nov 28, 2012
    Messages:
    28
    Alas, I don't see an "export" feature on the VPN page. Unless I'm missing something, it appears that I need a newer router to get the OpenVPN features. Thanks.
     
  8. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,839
    Location:
    The Land of Smiles
    What firmware version are you on? Are you trying to setup a VPN Server on your router so you can connect to it remotely? That was my understanding since that is the topic of this forum. Did you use the yorgi's guide on post 1 to set it up? Following is a screen shot of the export button. It only appears after you configure advance settings in VPN Details and apply the settings. Then, when you go to General, the export button appears..

    upload_2017-4-3_0-40-38.png
     
  9. cdbma

    cdbma Occasional Visitor

    Joined:
    Nov 28, 2012
    Messages:
    28
    It's an RT-N56U. No OpenVPN.

    My VPN screen title is "VPN Server - PPTP"

    3.0.0.4.380_7378-g7a25649
     
  10. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,839
    Location:
    The Land of Smiles
    Okay. Thanks for clarifying. Sorry I can't help you. If you upgrade to Merlin Firmware, then my recommendation will work.
     
  11. cdbma

    cdbma Occasional Visitor

    Joined:
    Nov 28, 2012
    Messages:
    28
    No worries. My bad for not being clear from the start. I just checked Merlin, and the 56U is not on the list. I could try Padavan bits or just get a new router. Cheers.
     
  12. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,839
    Location:
    The Land of Smiles
    I thought you had an AC56U. My bad.

    Get a new router! Now you have a perfect excuse. You can turn the old one into an access point to expand your coverage.
     
  13. marcm

    marcm New Around Here

    Joined:
    Jan 22, 2016
    Messages:
    3
    This is thread is old but I am posting anyway because it is timely to me. I have an T-mobile AC-1900 re-branded ASUS RT-AC68U router. I have been using the VPN server to remote desktop in without problem. Yesterday I signed up with a VPN service and installed it in the router VPN client. Both are using opvn. I can connect my Android phone using OpenVPN Connect app but when the client is enabled with the VPN provider I cannot tunnel in. Is it even possible to this?

    I should explain that I would like to keep the VPN service always running on the router client when I am home. I also need to tunnel in to remote desktop my home PC when away (I use Splashtop but I can also use Windows RDT). The problem is that I know I will often forget to disable the VPN client on the router before I leave the house. If it is running I cannot connect remotely. I do have an old Linksys WRT-54GL with Tomato running on it. Maybe there is a way to connect the 2 routers and tunnel in that way?

    Thanks.............MM
     
    Last edited: Apr 5, 2017
  14. 56kbps

    56kbps Occasional Visitor

    Joined:
    Jun 24, 2013
    Messages:
    14
    I have tried all methods didn't work for me gave up reversed back 380.64
     
  15. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,839
    Location:
    The Land of Smiles
    Here is a screen shot of a working OpenVPN 2.4 Server on AC88U release 380.65_4. Hope it helps. I have no settings in custom configuration section.

    upload_2017-4-9_10-2-28.png
     
  16. 56kbps

    56kbps Occasional Visitor

    Joined:
    Jun 24, 2013
    Messages:
    14
    @Xentrk I did tried the same config as screen shot on AC 56U still not work ,but will try again for a last time. Thanks for your help.
     
  17. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,839
    Location:
    The Land of Smiles
    You're welcome. Try and export a new opvn file from the OpenVPN Server screen and install it on your client as well.
     
    56kbps likes this.
  18. 56kbps

    56kbps Occasional Visitor

    Joined:
    Jun 24, 2013
    Messages:
    14
    I have found the problem with HGG 380.65_6 after switched to Merlin 380.65_4 everything works.
    @Xentrk again Thank You.
     
  19. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,839
    Location:
    The Land of Smiles
    I just noticed this behavior...With 380.65 releases, OpenVPN Server will automatically push encryption AES-256-GCM to the clients if Cipher Negotiation is set to Disabled, overriding the cipher specified in the web gui and client ovpn file.

    upload_2017-4-13_11-19-41.png

    To fix this, add the option ncp-disable to Custom Configuration.

    https://www.snbforums.com/threads/r...65-is-now-available.37295/page-37#post-318182

    Note: New OpenVPN 2.4.1 -- released on 2017.03.22. Can be obtained from:
    https://openvpn.net/index.php/download/58-open-source/downloads.html
     
  20. madfusker

    madfusker Regular Contributor

    Joined:
    Jul 20, 2014
    Messages:
    157
    Hello,

    Running 380.65_4 and with everything setup I export the .ovpn file and the cert and key are blank. I assumed it would generate one for the device but it didn't. Without this I am getting: OpenVPN core error : PolarSSL: error parsing ca certificate : X509 - The CRT/CRL/CSR format is invalid.

    when trying to connect on Android "OpenVPN Connect" app.

    client
    dev tun
    proto udp
    remote xxxxxxxxxx.xxxxxxx.com 1194
    float
    cipher AES-128-CBC
    auth SHA1
    comp-lzo no
    keepalive 15 60
    auth-user-pass
    ns-cert-type server
    <ca>
    no
    </ca>
    <cert>
    paste client certificate data here
    </cert>
    <key>
    paste client key data here
    </key>
    resolv-retry infinite
    nobind

    Any idea how to fix this? On the router I see there is a static key, but no CA.