What's new

Tutorial How to setup a VPN Server with Asus routers 380.68 updated 08.24

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

yorgi

Very Senior Member
In this new version 380.68 there are no new features for VPN server.

This guide will show you how to setup a VPN server with your Asus routers
This works with native ASUS firmware or Merlin Firmware

*** I suggest that every time you update to a new firmware do a Default on OpenVPN server then reboot the router and enter the data again. Also export a new .ovpn file and import to your device in order to have smooth results. Otherwise you may get into issues where you cannot see windows shared folders.

With the ASUS router you can have up to 2 separate VPN servers.
In this example I am using VPN server 1
simply enable OpenVPN server and by default the admin username and password is in the list. You can create up to 32 username and passwords in the appropriate fields.

In VPN details click on the advanced menu.
Use the VPN advanced image below and setup the values accordingly.

Main Page.jpg


server.jpg


***Important***
With the latest firmware 380.66.4 and up You need to enable Respond to DNS and Enable Advertise DNS to clients otherwise you will not be able to connect to your Local Network. This was not the case in the past.

Finally in order for file shares to work properly you need to Have the router DHCP do the static addresses so this way the Arp entries are stored properly and the router can access shares.
in LAN tab, DCHP server, Basic Config

IP Pool Starting Address 192.168.1.97
IP Pool Ending Address 192.168.1.254

and in LAN/DHCP tab enable "Enable Manual Assignment"
Look for a network PC MAC address that you want to manage as Static IP and assign static IP address that are from the static range pool of 192.168.1.99 next PC .98 and .97
For first PC assign .99 and so on.
if you need more PC set the IP pool to reserve all the PC's you want and do them one by one to make sure that the PC gets the address you want.
This way you let the router handle the static addresses and you will have any problems sharing files via the VPN. If you do not do this and assign IP address manually on the PC's it may happen that you cannot share files because the router ARP tables don't see that computer you are trying to access even though you can Ping that PC. Having the router do the static IP ensures a proper ARP table and making sure you get access to the PC's you want to.
Even if you have the PC have a dynamic IP from the router chances are you may still get into problems where you cannot see the shares because the IP address changed.
In the second part of the tutorial I show you how to setup firewall rules on windows PC in order to access shares properly.
Some features to explore;

Interface Type: TAP or TUN?

TUN is the preferred method because it supports windows, iOS, Android, Linux
You can file share SAMBA, remote desktop, print share etc.
You will have to configure windows firewall explained in the end of this article.

TAP supports windows but not iOS or Android.
by choosing TAP, you tell the VPN to make remote machines feel like they're on the LAN, with broadcast Ethernet packets and raw Ethernet protocols available for communicating with printers and file servers and for powering their Network Neighborhood display.
Great if you don't want to configure windows firewalls on each PC

Push LAN to clients: allows you to access your network via the tunnel,
such as remote desktop, file sharing and print sharing.

Direct clients to redirect internet traffic: If this feature is enabled all traffic will go via the router and depending on your bandwidth speeds it can be very slow on the clients receiving end.

Ideally the majority of users should keep the Redirect Internet Traffic option disabled. It means the remote client will still use his own WAN access for all Internet traffic, and only use the VPN tunnel when trying to access a resource in the home LAN network. This is what VPNs were originally designed to do.

Respond to DNS: enable this along with Advertise DNS to clients and when you connect you will be using the DNS of the VPN server.

Advertise DNS to clients: this needs to be enabled if you want to have access to file shares and remote computer access.

Manage Client-Specific Options: Using this option, you can have full bidirectional site-to-site TLS VPNs with no Custom Configuration or init scripts. I have never got this to work but here is how it's suppose to work;

Selecting this option displays a table where you fill in the Common Name (from when you generated the TLS certificates), subnet (optional), and netmask (optional). If you fill in the subnet and netmask of the client, your server LAN will be able to communicate with your client LAN whenever it's connected (be sure not to choose the NAT option on the client router). Without this, you're stuck with just client->server communication.

If you select the "Allow Client<->Client" option, another checkbox appears in the table that, when selected, allows other clients (or client LANs) to communicate with this client LAN. So, now you can have multiple sites all connected together with communication between any of them as desired.

An "allow only these clients" option is also present. With this selected, clients that aren't in the table are not allowed to connect. If you want to allow a client that doesn't have a LAN behind it (or you don't want to allow access to it), just put it in the table and leave the subnet/netmask blank.

With these options, this release removed the biggest limitation that's been present since the first release: having the VPN limited to client-initiated connections.

You can further customize the VPN server by changing its server port other than the default 1194 and change the auth digest and encryption cipher to whatever you want
AES-128-CBC and auth digest to SHA1 is sufficient encryption for maintaining a proper security when connecting to your Server. Howerver feel free to change to whatever encryption or cipher that suites your needs.

Now that the server is running you need to setup your devices to use the VPN server.

***it is very important that any device you use to connect to the VPN Server must have a different subnet then the router otherwise you will not be able to see the networks if you enable Push LAN to clients
Example:
Router A VPN Server IP 192.168.1.1
Router B VPN Client IP 192.168.2.1

Look for the Export button under the General menu and click on it.
it will create a .ovpn file which you will need to configure your devices.
This client1.ovpn file contains everything you need including certificates.


For Android:

Download the OpenVPN app and install it on your device.
Teather your Android device to a computer and copy the client1.ovpn file to your device. Preferably the download folder.
Start the OPENVPN app and then on the top right there are 3 vertical dots, click on the dots and choose import then import profile from SD card, use ES file manager, if you don't have that program download it from the playstore and navigate to the download folder and import that client1.ovpn to openvpn app.
Once you have done that, simply hit on connect and you should have connection established to the VPN server.

AUSUS routers with stock firmware:

You can also import the client1.ovpn into another ASUS router with stock or Merlin Firmware VPN client. It will automatically configure everything you need to connect to the VPN Server, including certificates.
Simply go to the VPN client on your ASUS router and look for "Import .ovpn file" use the browse button to find the client1.ovpn file then click on upload.
That's it. you should be ready to connect. Turn the service state button to ON
You can enable start to WAN option if you want the Client to automatically connect to the VPN server when router gets rebooted.
Make sure that the client router has a different IP then the Server Router or you will not be able to see shares or print.

AUSUS routers with Merlin firmware:
Follow the exact steps as with ASUS stock firmware. With Merlin you need to set Accept DNS Configuration to Exclusive.

MAC:

A popular OpenVPN client for MacOSX is Tunnelblick. It can be obtained for free from https://tunnelblick.net. Follow these basic steps to use Tunnelblick with OpenVPN Access Server:

  • Download the Tunnelblick disk image file (a ".dmg" file) from https://tunnelblick.net
  • Open the downloaded disk image file (which mounts the disk image).
  • Double-click the Tunnelblick icon (it may be labelled "Tunnelblick.app") and you will be guided through the installation of the program.
  • Once you have installed Tunnelblick, you can download and install the configuration file. After logging in to the Access Server's Client Web Server, download the client.ovpn file and double-click it. This will launch Tunnelblick if necessary, and Tunnelblick will install and secure the configuration.
  • Run Tunnelblick by double-clicking its icon in the Applications folder. If left running when you logout or shut down your computer, Tunnelblick will be launched automatically when you next log in or start your computer.
The first time Tunnelblick is run on a given Mac, it will ask the user for the an system administrator's username and password. This is necessary because Tunnelblick must have root privileges to run, as it modifies network settings as part of connecting to the VPN.

For more information on using Tunnelblick, see the Using Tunnelblick at https://tunnelblick.net/czUsing.html.

Please go to section B of the article for more.
 
Last edited:
Section B

Windows 7,8, 8.1 and 10

Download the openvpn program from this link https://openvpn.net/index.php/open-source/downloads.html
After you install the program go to c:\windows\program files\openvpn\config
and copy the client1.ovpn file that exported from the VPN server.
If you don't want to put a password each time it prompts you then do the following.
in the same directory where you have the config file create a new text document and call it vpnpass.txt
Open the vpnpass.txt and enter your username and pass like the example below, assuming the username is don and the pass is xxx do it like this, you need to have username in one line and underneath the password like in the example below and save the text file.
don
xxx
now open the .ovpn file with notepad ++ and where you see auth-user-pass add the txt file you created in your config file like this;
auth-user-pass vpnpass.txt
Now when you start the openvpn program you have to right click and start as administrator in order for it to work right.
Right click on openvpn program and start as admin.
You will see the openvpn gui on the system tray icons, right click then look for the client1.ovpn file and connect. If you called it clien1.ovpn thats what you are looking for. You can rename the .ovpn to any name you like.
You should now be connected to your VPN server.

Windows Computers over the years have become bullet proof with security therefore we have to create a firewall fix to allow remote desktop, file and printer sharing to work.

If you enable "Push LAN to clients" in advanced configuration of the VPN server and you try connecting to a win 10 computer, you will not be able to use remote desktop or File and printer shares.
***Besides "Push LAN to clients" you need to also enable "Respond to DNS" and "Advertise DNS to clients" in the advanced section of the VPN server, otherwise you will not be able to see the shares or remote desktop.
You will need to write a firewall rule in order to fix this problem.

Go to windows search and type in windows firewall with advanced security and right click and run as administrator.
For windows 7 pc go to control panel and firewall then advanced. You need to have administrator rights to do this process.
Then right click on inbound rules to create a new Inbound rule.
run as administrator. Then right click on inbound rules to create a new Inbound rule.
Rule type click on - Program
Program click on - All Programs
Action click on - Allow the connection
Profile enable Domain, public and private enabled,
Now give it a name for example Allow VPN Server and then click on SAVE.
Next Look for the rule you created in the inbound rules section and double click on it so you can see the properties.
Go to Protocols and Ports tab and In "protocol type" enter "TCP"
In "local port" enter "All Ports"
In "Remote port" enter "All Ports"
Then click on the "Scope" tab and in "Local IP addresses" click on "these IP addresses" and enter the computers IP address that you want to access for example 192.168.1.124 which is the IP of the computer you are configuring its Firewall.
Next go to "Remote IP address" and enable "These IP addresses" and enter the IP range of your VPN server subnet. example 10.8.0.0/24
Please make sure you check and see the "VPN Subnet / Netmask" in advanced settings in VPN server to make sure you put the right address for the VPN server subnet if you changed the default addresses while configuring the server.

You will not be able to see the network computer through network you will have to map the drive in order to have access.
Go to file manager and look for network icon. Right click and look for map network.
Click on map network, you need to type in the IP address and folder name share like the following example.

\\192.168.xx.xxx\foldersharename
Lets assume the PC you want to map a network drive is 192.168.1.50 and the folder name share is documents then you will have to enter it like this
\\192.168.1.50\documents.

If you want to remote desktop you will have to put the IP address of the PC you want to connect too.
Open remote desktop and type in 192.168.1.50 and enter credentials when asked.

After reading this article if you still have problems please drop a line and one of us will try and help you out :)
 
Last edited:
Love the clarity and steps descriptions as, if you're like me, have the curiosity, that you want to KNOW what that 'option' is for, though, you will very likely NEVER use it!

I will be trying this soon, as I love to tinker.
 
Great guide!

I could establish a VPN connection but I couldn't connect to my server running Windows 10.
Just followed your guide and could access my servers shares directly.

Thanks a lot!
 
Great guide!

I could establish a VPN connection but I couldn't connect to my server running Windows 10.
Just followed your guide and could access my servers shares directly.

Thanks a lot!

I reformatted my win 10 with the anniversary edition and I think it was a bug that they fixed. You no longer need to create a firewall rule if you have the latest win 10 :)
happy the guide helped you out :)
 
This guide will show you how to setup a VPN server with your Asus routers
This works with native ASUS firmware or Merlin Firmware

With the ASUS router you can have up to 2 separate VPN servers.
In this example I am using VPN server 1
simply enable OpenVPN server and by default the admin username and password is in the list. You can create up to 32 username and passwords in the appropriate fields.

In VPN details click on the advanced menu.
Use the VPN advanced image below and setup the values accordingly.

View attachment 6789

Some features to explore;

Interface Type: TAP or TUN?

TUN is the preferred method because it supports windows, iOS, Android, Linux
You can file share SAMBA, remote desktop, print share etc.
You will have to configure windows firewall explained in the end of this article.

TAP supports windows but not iOS or Android.
by choosing TAP, you tell the VPN to make remote machines feel like they're on the LAN, with broadcast Ethernet packets and raw Ethernet protocols available for communicating with printers and file servers and for powering their Network Neighborhood display.
Great if you don't want to configure windows firewalls on each PC

Push LAN to clients: allows you to access your network via the tunnel,
such as remote desktop, file sharing and print sharing.

Direct clients to redirect internet traffic: If this feature is enabled all traffic will go via the router and depending on your bandwidth speeds it can be very slow on the clients receiving end.

Ideally the majority of users should keep the Redirect Internet Traffic option disabled. It means the remote client will still use his own WAN access for all Internet traffic, and only use the VPN tunnel when trying to access a resource in the home LAN network. This is what VPNs were originally designed to do.

Respond to DNS: enable this along with Advertise DNS to clients and when you connect you will be using the DNS of the VPN server.

Manage Client-Specific Options: Using this option, you can have full bidirectional site-to-site TLS VPNs with no Custom Configuration or init scripts.

Selecting this option displays a table where you fill in the Common Name (from when you generated the TLS certificates), subnet (optional), and netmask (optional). If you fill in the subnet and netmask of the client, your server LAN will be able to communicate with your client LAN whenever it's connected (be sure not to choose the NAT option on the client router). Without this, you're stuck with just client->server communication.

If you also select the "Allow Client<->Client" option, another checkbox appears in the table that, when selected, allows other clients (or client LANs) to communicate with this client LAN. So, now you can have multiple sites all connected together with communication between any of them as desired.

An "allow only these clients" option is also present. With this selected, clients that aren't in the table are not allowed to connect. If you want to allow a client that doesn't have a LAN behind it (or you don't want to allow access to it), just put it in the table and leave the subnet/netmask blank.

With these options, this release removed the biggest limitation that's been present since the first release: having the VPN limited to client-initiated connections.

You can further customize the VPN server by changing its server port other than the default 1194 and change the auth digest and encryption cipher to whatever you want
AES-128-CBC and auth digest to SHA1 is sufficient encryption for maintaining a proper security when connecting to your Server. Howerver feel free to change to whatever encryption or cipher that suites your needs.

Now that the server is running you need to setup your devices to use the VPN server.

***it is very important that any device you use to connect to the VPN Server must have a different subnet then the router otherwise you will not be able to see the networks if you enable Push LAN to clients
Example:
Router A VPN Server IP 192.168.1.1
Router B VPN Client IP 192.168.2.1

Look for the Export button under the General menu and click on it.
it will create a .ovpn file which you will need to configure your devices.
This client1.ovpn file contains everything you need including certificates.

Windows: You need to download openvpn program from here
https://openvpn.net/index.php/open-source/downloads.html
After you install the program go to c:\windows\program files\openvpn\config
and copy the client1.ovpn file that exported from the VPN server.
Right click on openvpn program and start as admin.
Click on client1.ovpn
You should now be connected to your VPN server.

more info here for windows
http://www.asus.com/support/Knowledge-Detail/11/2/RTAC68U/1A935B95-C237-4281-AE86-C824737D11F9/

Mac OS here are step by step instructions;

http://www.asus.com/support/Knowledge-Detail/11/2/RTAC68U/C77ADCBF-F5C4-46B4-8A0D-B64F09AB881F/

iPhone/iPad here are step by step instructions;

http://www.asus.com/support/Knowledge-Detail/11/2/RTAC68U/37EC8F08-3F50-4F82-807E-6D2DCFE5146A/

For Android:

Download the OpenVPN app and install it on your device.
Teather your Android device to a computer and copy the client1.ovpn file to your device. Preferably the download folder.
Start the OPENVPN app and then on the top right there are 3 vertical dots, click on the dots and choose import then import profile from SD card, use ES file manager, if you don't have that program download it from the playstore and navigate to the download folder and import that client1.ovpn to openvpn app.
Once you have done that, simply hit on connect and you should have connection established to the VPN server.

more info click the link;
http://www.asus.com/support/Knowledge-Detail/11/2/RTAC68U/8DCA7DA6-E5A0-40C2-8AED-B9361E89C844/

AUSUS routers with stock firmware:

You can also import the client1.ovpn into another ASUS router with stock or Merlin Firmware VPN client. It will automatically configure everything you need to connect to the VPN Server, including certificates.
Simply go to the VPN client on your ASUS router and look for "Import .ovpn file" use the browse button to find the client1.ovpn file then click on upload.
That's it. you should be ready to connect. Turn the service state button to ON
You can enable start to WAN option if you want the Client to automatically connect to the VPN server when router gets rebooted.
Make sure that the client router has a different IP then the Server Router or you will not be able to see shares or print.

AUSUS routers with Merlin firmware:
Follow the exact steps as with ASUS stock firmware with the exception that you set Accept DNS Configuration to "Strict"

If you enable Push LAN to clients and enabled Manage Client-Specific Options: and then enabled client to client the only way you can access the shares is by the following:
example:
Router A Device name Work which has the VPN server with router IP 192.168.1.1
Router B Device name Home which has the VPN client with router IP 192.168.2.1
to share you need to map a drive in the following way.
\\192.168.1.1\Work
\\192.168.2.1\Home

The same follows if you are connecting to a server which has only push to LAN enabled
you will need to access the Server share by the following
\\192.168.1.1\Work

Windows firewall fix that blocks VPN server:

If you enable LAN to clients option and are connecting to a win 10 computer
you will only be able to use remote desktop, File and printer sharing won't work.
Here is a fix for the firewall in order to have file and sharing work when connected to the VPN server.

go to control panel and start windows firewall. Then click on advanced settings.
Now create a new Inbound rule. Program/All Programs/Allow the connection/Domain, public and private enabled, then save the rule as VPN TCP.
Look for the rule you created in the inbound rules and double click on it so you can see the properties. Go to protocols and Ports and put Protocol TCP on all local ports and remote ports. In scope "Local IP addresses" add the local IP address of the win 10 pc you want to have access to file sharing "these IP addresses" example 192.168.1.124 and in "Remote IP address" "These IP addresses" put the IP address of the VPN server sunbet. example 10.8.0.0/24
Check and see the "VPN Subnet / Netmask" in advanced settings in VPN server to make sure you put the right address.


I've followed these directions to a T but I can't seem to get network shares to connect. I can connect and RDP into my machine but I can't access any network shares. Any tips and/or ideas as to what's wrong?
 
I've followed these directions to a T but I can't seem to get network shares to connect. I can connect and RDP into my machine but I can't access any network shares. Any tips and/or ideas as to what's wrong?
When you connect with RDP you should see your local shares because you are using windows..
try connecting remote desktop without the VPN server and see if you see the shares.
 
When you connect with RDP you should see your local shares because you are using windows..
try connecting remote desktop without the VPN server and see if you see the shares.
I don't think I was clear enough on this. I have a network drive mapped on my laptop that I can't get to. When I connect with the VPN I can RDP into the machine the network drive is on but I can't hit the mapped drive by itself. I tried connecting via hostname and IP address but neither worked.
 
I don't think I was clear enough on this. I have a network drive mapped on my laptop that I can't get to. When I connect with the VPN I can RDP into the machine the network drive is on but I can't hit the mapped drive by itself. I tried connecting via hostname and IP address but neither worked.
The problem you are having is got nothing to do with the thread or VPN servers.
You need to learn how to create shares. Do a google search on that its really simple.
Also if you map a drive on a PC you can see it directly from file manager why would you want to see it via a share?
When you share a drive it is to view from other computers or devices.
 
This guide will show you how to setup a VPN server with your Asus routers
This works with native ASUS firmware or Merlin Firmware

With the ASUS router you can have up to 2 separate VPN servers.
In this example I am using VPN server 1
simply enable OpenVPN server and by default the admin username and password is in the list. You can create up to 32 username and passwords in the appropriate fields.

In VPN details click on the advanced menu.
Use the VPN advanced image below and setup the values accordingly.

View attachment 6789

Some features to explore;

Interface Type: TAP or TUN?

TUN is the preferred method because it supports windows, iOS, Android, Linux
You can file share SAMBA, remote desktop, print share etc.
You will have to configure windows firewall explained in the end of this article.

TAP supports windows but not iOS or Android.
by choosing TAP, you tell the VPN to make remote machines feel like they're on the LAN, with broadcast Ethernet packets and raw Ethernet protocols available for communicating with printers and file servers and for powering their Network Neighborhood display.
Great if you don't want to configure windows firewalls on each PC

Push LAN to clients: allows you to access your network via the tunnel,
such as remote desktop, file sharing and print sharing.

Direct clients to redirect internet traffic: If this feature is enabled all traffic will go via the router and depending on your bandwidth speeds it can be very slow on the clients receiving end.

Ideally the majority of users should keep the Redirect Internet Traffic option disabled. It means the remote client will still use his own WAN access for all Internet traffic, and only use the VPN tunnel when trying to access a resource in the home LAN network. This is what VPNs were originally designed to do.

Respond to DNS: enable this along with Advertise DNS to clients and when you connect you will be using the DNS of the VPN server.

Manage Client-Specific Options: Using this option, you can have full bidirectional site-to-site TLS VPNs with no Custom Configuration or init scripts.

Selecting this option displays a table where you fill in the Common Name (from when you generated the TLS certificates), subnet (optional), and netmask (optional). If you fill in the subnet and netmask of the client, your server LAN will be able to communicate with your client LAN whenever it's connected (be sure not to choose the NAT option on the client router). Without this, you're stuck with just client->server communication.

If you also select the "Allow Client<->Client" option, another checkbox appears in the table that, when selected, allows other clients (or client LANs) to communicate with this client LAN. So, now you can have multiple sites all connected together with communication between any of them as desired.

An "allow only these clients" option is also present. With this selected, clients that aren't in the table are not allowed to connect. If you want to allow a client that doesn't have a LAN behind it (or you don't want to allow access to it), just put it in the table and leave the subnet/netmask blank.

With these options, this release removed the biggest limitation that's been present since the first release: having the VPN limited to client-initiated connections.

You can further customize the VPN server by changing its server port other than the default 1194 and change the auth digest and encryption cipher to whatever you want
AES-128-CBC and auth digest to SHA1 is sufficient encryption for maintaining a proper security when connecting to your Server. Howerver feel free to change to whatever encryption or cipher that suites your needs.

Now that the server is running you need to setup your devices to use the VPN server.

***it is very important that any device you use to connect to the VPN Server must have a different subnet then the router otherwise you will not be able to see the networks if you enable Push LAN to clients
Example:
Router A VPN Server IP 192.168.1.1
Router B VPN Client IP 192.168.2.1

Look for the Export button under the General menu and click on it.
it will create a .ovpn file which you will need to configure your devices.
This client1.ovpn file contains everything you need including certificates.

Windows: You need to download openvpn program from here
https://openvpn.net/index.php/open-source/downloads.html
After you install the program go to c:\windows\program files\openvpn\config
and copy the client1.ovpn file that exported from the VPN server.
Right click on openvpn program and start as admin.
Click on client1.ovpn
You should now be connected to your VPN server.

more info here for windows
http://www.asus.com/support/Knowledge-Detail/11/2/RTAC68U/1A935B95-C237-4281-AE86-C824737D11F9/

Mac OS here are step by step instructions;

http://www.asus.com/support/Knowledge-Detail/11/2/RTAC68U/C77ADCBF-F5C4-46B4-8A0D-B64F09AB881F/

iPhone/iPad here are step by step instructions;

http://www.asus.com/support/Knowledge-Detail/11/2/RTAC68U/37EC8F08-3F50-4F82-807E-6D2DCFE5146A/

For Android:

Download the OpenVPN app and install it on your device.
Teather your Android device to a computer and copy the client1.ovpn file to your device. Preferably the download folder.
Start the OPENVPN app and then on the top right there are 3 vertical dots, click on the dots and choose import then import profile from SD card, use ES file manager, if you don't have that program download it from the playstore and navigate to the download folder and import that client1.ovpn to openvpn app.
Once you have done that, simply hit on connect and you should have connection established to the VPN server.

more info click the link;
http://www.asus.com/support/Knowledge-Detail/11/2/RTAC68U/8DCA7DA6-E5A0-40C2-8AED-B9361E89C844/

AUSUS routers with stock firmware:

You can also import the client1.ovpn into another ASUS router with stock or Merlin Firmware VPN client. It will automatically configure everything you need to connect to the VPN Server, including certificates.
Simply go to the VPN client on your ASUS router and look for "Import .ovpn file" use the browse button to find the client1.ovpn file then click on upload.
That's it. you should be ready to connect. Turn the service state button to ON
You can enable start to WAN option if you want the Client to automatically connect to the VPN server when router gets rebooted.
Make sure that the client router has a different IP then the Server Router or you will not be able to see shares or print.

AUSUS routers with Merlin firmware:
Follow the exact steps as with ASUS stock firmware with the exception that you set Accept DNS Configuration to "Strict"

If you enable Push LAN to clients and enabled Manage Client-Specific Options: and then enabled client to client the only way you can access the shares is by the following:
example:
Router A Device name Work which has the VPN server with router IP 192.168.1.1
Router B Device name Home which has the VPN client with router IP 192.168.2.1
to share you need to map a drive in the following way.
\\192.168.1.1\Work
\\192.168.2.1\Home

The same follows if you are connecting to a server which has only push to LAN enabled
you will need to access the Server share by the following
\\192.168.1.1\Work

Windows firewall fix that blocks VPN server:

If you enable LAN to clients option and are connecting to a win 10 computer
you will only be able to use remote desktop, File and printer sharing won't work.
Here is a fix for the firewall in order to have file and sharing work when connected to the VPN server.

go to control panel and start windows firewall. Then click on advanced settings.
Now create a new Inbound rule. Program/All Programs/Allow the connection/Domain, public and private enabled, then save the rule as VPN TCP.
Look for the rule you created in the inbound rules and double click on it so you can see the properties. Go to protocols and Ports and put Protocol TCP on all local ports and remote ports. In scope "Local IP addresses" add the local IP address of the win 10 pc you want to have access to file sharing "these IP addresses" example 192.168.1.124 and in "Remote IP address" "These IP addresses" put the IP address of the VPN server sunbet. example 10.8.0.0/24
Check and see the "VPN Subnet / Netmask" in advanced settings in VPN server to make sure you put the right address.
Hello,
I have selected "Direct clients to redirect Internet traffic" on my Asus RT-AC1900P, and would like to verify that all internet traffic from my client is actually going to the WAN port of my router's VPN server. While having a VPN connection from my cell phone, this router's "Traffic Analyzer" feature does not seem to offer any proof that the Cell phone's internet traffic is being routed to the WAN port of the router.

Is there any way to verify this?
Does the RMerlin firmware or DD-WRT give some feedback of VPN traffic going thru the router?

Do I have to re-generate the CLIENT.OVPN file after enabling the option to "Direct clients to redirect Internet traffic"?

I'm a noob...

Dieter
 
Thanks Yorgi, working well for me. I was using PPTP and it was working well with my iPad and iPhone to access my security cameras and automation when away. But since iOS10 Apple does not support PPTP anymore so needed another solution and OpenVPN is working great.
 
Hello,
I have selected "Direct clients to redirect Internet traffic" on my Asus RT-AC1900P, and would like to verify that all internet traffic from my client is actually going to the WAN port of my router's VPN server. While having a VPN connection from my cell phone, this router's "Traffic Analyzer" feature does not seem to offer any proof that the Cell phone's internet traffic is being routed to the WAN port of the router.

Is there any way to verify this?
Does the RMerlin firmware or DD-WRT give some feedback of VPN traffic going thru the router?

Do I have to re-generate the CLIENT.OVPN file after enabling the option to "Direct clients to redirect Internet traffic"?

I'm a noob...

Dieter
If you enable Advertise DNS to clients and Respond to DNS when you Direct clients to redirect Internet traffic and you do a dns leak test you will see the IP address of your WAN and DNS
thats proof enough :)
 
There are NO IP addresses listed in the results of DNSLEAK. It shows 5 servers, but no addresses. Does this mean it is working?

To fix DNS leaks, DNSLEAK FAQ says to add: " block-outside-dns" to the Client.ovpn file?
This line is not in the Asus created client.ovpn file.

Thanks much.
 
I tried again. it now shows 6 servers, and 6 Google ip addresses, and Hostname NONE.
I guess it is working.

But please answer my previous question re the Client.opvn.
Thanks.
 
Here use this one as well.
https://ipleak.net/
When you do a check it will show you your IP address and DNS
when you are home do a test and see the IP and DNS you get
when you go to a cafe and log on to your VPN server test it with ipleak and you should get the IP address of your house and DNS. if you get another address then its not working.
Your previous post has nothing to do with client open vpn file.
If you setup your server properly and you are able to connect and redirect all the traffic via a your server
a simple test like the addresses I gave you will show your area.
In https://dnsleaktest.com where it says HELLO and the address next to it is the IP address
 
Hi,
i tried now openvpn instead of pptp.
I reach all of my devices in my network. But i can't reach any internet address over the vpn.
What i need: i connect my android tablet with asus rt-ac88u (works) and then i want to reach an internet address. This is because i need the home connection in other countries.

I hope i explained it good enough.

Thanks for help
Chris


Mobil gesendet über eine Höllenmaschine
 
Hi yorgi, thanks for this thread, it gave me hope!
... Sadly it didn't work for me. I am using OpenVPN, set up via the asus RT-AC68U.
I can ping my client machine from my local machine only if I disable the client machine firewall, but creating the inbound rule as you described does not work.

Here's my config:

upload_2016-10-14_17-12-52.png


Suppose the LAN subnet of the router is 192.168.2.1/24, then the custom config was `push "route 192.168.2.1 255.255.255.0"`.
Now, suppose the VPN Subnet is 10.8.0.0/24 and my client gets assigned the ip 10.8.0.8. From my local machine, pinging 10.8.0.8 would work only if my client firewall is disabled.

I have created the inbound rule on both machines to play it safe, but it doesn't work. Here's how the rule looks like:

upload_2016-10-14_17-21-55.png


I have also tried on Protocol type TCP.

I really don't know how to fix my firewall. Thanks in advance for your precious help!
 
I finally managed to ping my client machine from the local machine by setting the Protocol type to `Any` (instead of `UDP`) and by switching the 2 ip addresses of the scope. Is it safe though?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top