Tutorial How to setup a VPN Server with Asus routers 380.68 updated 08.24

[yorgi]

I finally managed to ping my client machine from the local machine by setting the Protocol type to `Any` (instead of `UDP`) and by switching the 2 ip addresses of the scope. Is it safe though?

You cannot use PING to see if your lan is working. You would have to make a rule on a win PC to let PING go throught.
Microsoft over the years has become super secure and they block everything.
Instead of pinging the PC do a file share and see if you see it through your server.
if you need to use ping then make a rule that ICMPv6 be allowed. now if you ping that PC it will work.
Also if you are using win10 update to the anniversary edition because they fixed these issues and you don/t need special firewall rules to establish a share.
Use TCP protocol instead of UDP on your windows firewall instead of any.

At the bottom of the article you have this

Windows firewall fix that blocks VPN server:

If you enable LAN to clients option and are connecting to a win 10 computer
you will only be able to use remote desktop, File and printer sharing won't work.
Here is a fix for the firewall in order to have file and sharing work when connected to the VPN server.

go to control panel and start windows firewall. Then click on advanced settings.
Now create a new Inbound rule. Program/All Programs/Allow the connection/Domain, public and private enabled, then save the rule as VPN TCP.
Look for the rule you created in the inbound rules and double click on it so you can see the properties. Go to protocols and Ports and put Protocol TCP on all local ports and remote ports. In scope "Local IP addresses" add the local IP address of the win 10 pc you want to have access to file sharing "these IP addresses" example 192.168.1.124 and in "Remote IP address" "These IP addresses" put the IP address of the VPN server sunbet. example 10.8.0.0/24
Check and see the "VPN Subnet / Netmask" in advanced settings in VPN server to make sure you put the right address.

 

[yorgi]

I finally managed to ping my client machine from the local machine by setting the Protocol type to `Any` (instead of `UDP`) and by switching the 2 ip addresses of the scope. Is it safe though?

use TCP instead of UDP or ANY in the firewall rule.
Read my article at the bottom of the article I explain how to fix the windows bug.
if you use the latest updates from microsoft anniversary edition you wont need to put any rules
it works without any issues.

 

[inutile]

Hey yorgi thanks so much for the quick reply. It's amazing, I really appreciate it!!

Your info about PING and win10 anniversary really helped out. I do have the anniversary edition. So I found out that my problem was somewhere else.

What I was actually trying to achieve was to access a local instance of Redmine running on Docker. It was a vboxheadless firewall rule that was blocking the access. I needed to allow the public connection. I gave the local scope 10.8.0.0/24, and the remote scope 192.168.2.1/24 && 10.8.0.0/24.

Everything works now. Would you just confirm that it is safe to do so?

Also, I would now like my laptop hosting Redmine to have a static IP when connecting to the VPN. I have read online that it is possible if you can access the client config directory on the server side, but I cannot since OpenVPN is on my asus router... Is there a way to do so?

 

[yorgi]

I gave the local scope 10.8.0.0/24, and the remote scope 192.168.2.1/24 && 10.8.0.0/24.
Everything works now. Would you just confirm that it is safe to do so?
Also, I would now like my laptop hosting Redmine to have a static IP when connecting to the VPN. I have read online that it is possible if you can access the client config directory on the server side, but I cannot since OpenVPN is on my asus router... Is there a way to do so?

What is the word safe really mean? What I suggest is try those rules one at a time and see if you need 3 rules to make your setup work. the less subnets open on the firewall the better.
As far as having a static IP why is it that you can't do it?
I don't get your question.
You have a VPN server setup in point A and a VPN client that connects to your server at point B
Are these in independent locations?
If you want to share folders you need to have different IP on the VPN server and different on the Client
so give the VPN Server 192.168.1.1 and the VPN client 192.168.2.1 and for the laptop which I would assume is on the VPN client
you can give it 192.168.2.3
as long as the VPN server and the client have different ip range you can give any static ip to any device on your router.
Just make sure that you go to VPN CLIENT ROUTER's LAN/DHCP/IP Pool Starting Address 192.168.2.100 and IP Pool ending Address 192.168.2.254
Do the same for the VPN server but the address would be 192.168.1.100-192.168.1.254
this way you make sure that your static IP are separated from the DHCP so you won't get any conflicts and you can assign Static IP addresses to any device and have it share files on the server.
I would also suggest in the server section option direct clients to internet traffic to disable that. Unless you want all your traffic to get redirected to your Server and then your client which needs a lot of bandwidth if you don't need that feature take it off.
This way you can browse internet from Local ISP where you are and when you need to file share print etc it will go via your VPN server.

I hope this helps. if not please give me a more detail view of your setup

 

[eighteen]

In my Netgear R7000 I have configured an openvpn server connection and wanted the data that passed through this connection to go through the vpn client connection that I have also configured.

Can someone help me with the steps?

Thank you.

 

[yorgi]

In my Netgear R7000 I have configured an openvpn server connection and wanted the data that passed through this connection to go through the vpn client connection that I have also configured.

Can someone help me with the steps?

Thank you.

Can you be more specific? Your VPN client is another Router or a PC?
You want to share networks on from both routers?
Or you want the data to get redirected to your server when browsing?
I don't understand your question

 

[eighteen]

Can you be more specific? Your VPN client is another Router or a PC?
You want to share networks on from both routers?
Or you want the data to get redirected to your server when browsing?
I don't understand your question

What I basically intend is to create a vpn server on my Router in which traffic passing through this server is redirected to the vpn client (ipvanish) service that I have configured on the same Router.

And why?
Because, I want have the adblock protection installed on the Router and I want data encryption.

 

[yorgi]

What I basically intend is to create a vpn server on my Router in which traffic passing through this server is redirected to the vpn client (ipvanish) service that I have configured on the same Router.

And why?
Because, I want have the adblock protection installed on the Router and I want data encryption.

Ok that is simple.
Use my guides to create a VPN server and Client.
on the server go to advance and look fot the option
Direct clients to redirect Internet traffic and enable that
Also you can enable Advertise DNS to clients this way you are sure you are connected to your server.
when you connect to the server with your client go to https://dnsleaktest.com/ and do an advanced test and see if the DNS and IP is that of your server.

 

[eighteen]

Ok that is simple.
Use my guides to create a VPN server and Client.
on the server go to advance and look fot the option
Direct clients to redirect Internet traffic and enable that
Also you can enable Advertise DNS to clients this way you are sure you are connected to your server.
when you connect to the server with your client go to https://dnsleaktest.com/ and do an advanced test and see if the DNS and IP is that of your server.

I already had these options enabled, but in the vpn client configuration I have the "Redirect Internet traffic: policy rules" option enabled because I have some equipment in my network that I do not want their traffic to pass through vpn.

So your suggestion no longer works, because I have to define in the vpn client configuration the ip's that I want to pass through vpn.

If I set the virtual ip assigned by the vpn server does not work.

 

[yorgi]

I already had these options enabled, but in the vpn client configuration I have the "Redirect Internet traffic: policy rules" option enabled because I have some equipment in my network that I do not want their traffic to pass through vpn.

So your suggestion no longer works, because I have to define in the vpn client configuration the ip's that I want to pass through vpn.

If I set the virtual ip assigned by the vpn server does not work.

Lets try this before anything. Instead of policy rules put it to all traffic and see if that works.
if it works then I will help you in the rules department. I cannot see your rules therefore I can't assess the problem.
It works I assure you that. I have one setup and I have no issues.
One question, are both routers using the same modem? or are they in separate locations with different ISP provider?
because if you have both of them on your LAN it will never work. each router has to have its own ISP

 

[eighteen]

Lets try this before anything. Instead of policy rules put it to all traffic and see if that works.
if it works then I will help you in the rules department. I cannot see your rules therefore I can't assess the problem.
It works I assure you that. I have one setup and I have no issues.
One question, are both routers using the same modem? or are they in separate locations with different ISP provider?
because if you have both of them on your LAN it will never work. each router has to have its own ISP

The router and the modem is only one.

I intended to see if it was possible to do everything with the same router.

 

[yorgi]

The router and the modem is only one.

I intended to see if it was possible to do everything with the same router.

That will never work I assure you that.
You need to have a separate ISP in order for it to work. and 2 different routers.
You are wasting your time stop right now and move on

 

[eighteen]

That will never work I assure you that.
You need to have a separate ISP in order for it to work. and 2 different routers.
You are wasting your time stop right now and move on

Okay, thanks, I've seen it, too.

 

[element6]

This is an awesome guide. Thank you yorgi for taking the time to put this together!

I realize the scope of this guide is by using the OpenVPN server built into our routers, but has anyone had any success with the PPTP VPN server? I've watched several youtube videos and read several posts on other forums and this forum regarding the setup of the PPTP VPN server, and no matter what, I can't get that one to allow a remote machine to connect to it.

Every time I try, I get "Error 619", like so:

It's extremely frustrating. I wish I could get to the bottom of it seeing as some people have clearly been able to use this method successfully. I only like the idea of the PPTP VPN because it's very Windows friendly and I can use the built in VPN functionality within Windows to connect from any Win7 system.

Here's my setup:

• Default PPTP VPN Server settings on a
• ASUS RT-AC87U (latest stock fw)
• Directly behind an Arris CM820A (one of the most basic cable modems of all)
• Remote laptop: Windows 7 x64 Pro
• Laptop has Windows Firewall completely disabled
• Followed this video for my VPN Server and client settings:

On the same laptop and same router listed above, I was able to successfully utilize the OpenVPN server and client and connect to it just fine.. so what gives? Anyone have any experiencing using the PPTP Server in the later ASUS firmwares?


PS, I have diag logs from the last set of unsuccessful VPN connection attempts (the Windows diagnostic logs that you can generate from a VPN connection). If they would be useful, let me know and I'll post them. I'm not seeing anything special in them beyond some disconnect alerts.

 

[yorgi]

This is an awesome guide. Thank you yorgi for taking the time to put this together!

I realize the scope of this guide is by using the OpenVPN server built into our routers, but has anyone had any success with the PPTP VPN server? I've watched several youtube videos and read several posts on other forums and this forum regarding the setup of the PPTP VPN server, and no matter what, I can't get that one to allow a remote machine to connect to it.

Every time I try, I get "Error 619", like so:

It's extremely frustrating. I wish I could get to the bottom of it seeing as some people have clearly been able to use this method successfully. I only like the idea of the PPTP VPN because it's very Windows friendly and I can use the built in VPN functionality within Windows to connect from any Win7 system.

Here's my setup:

• Default PPTP VPN Server settings on a
• ASUS RT-AC87U (latest stock fw)
• Directly behind an Arris CM820A (one of the most basic cable modems of all)
• Remote laptop: Windows 7 x64 Pro
• Laptop has Windows Firewall completely disabled
• Followed this video for my VPN Server and client settings:

On the same laptop and same router listed above, I was able to successfully utilize the OpenVPN server and client and connect to it just fine.. so what gives? Anyone have any experiencing using the PPTP Server in the later ASUS firmwares?


PS, I have diag logs from the last set of unsuccessful VPN connection attempts (the Windows diagnostic logs that you can generate from a VPN connection). If they would be useful, let me know and I'll post them. I'm not seeing anything special in them beyond some disconnect alerts.

I would not suggest you use PPTP its old and not very secure.
You are better off with OpenVPN server

 

[zubesuch]

Hi.

Thank you so much for the great instruction.
The connection working well except one small issue.

I am using the RT-AC68U with stock software (3.0.0.4.380).
The client is an Iphone 7 (latest firmware).

The tunnel is up and running and I can connect some servers via safari browser.
But I cannot use the apps ... they say no connection.

I think It could be an routing issue. Because of the 2 different IP (192.168.2.1 and 10.8.0.0). But I really don't know.
Sorry for my bad english ... I am german.

Kind regards
Tobi

 

[jjulez]

I took my vpn out of the router because whenever there's a power outage or reboot the vpn comes on

 

[goldriver]

Thanks for this guide, unfortunatly, I can't get my iphone to connect to my ASUS router, Here is the log I have on my phone and below my asus config.

I tried changing the port to 9098, 6765 but still can't connect. When I try the connection I can see on the ASUS VPN status page that something is happening (see the image at the butom)

Any idea what the problem could be ?

2017-02-11 07:16:48 ----- OpenVPN Start ----- OpenVPN core 3.1.2 ios arm64 64-bit built on Dec 5 2016 12:50:25
2017-02-11 07:16:48 Frame=512/2048/512 mssfix-ctrl=1250
2017-02-11 07:16:48 UNUSED OPTIONS
14 [resolv-retry] [infinite]
15 [nobind]
2017-02-11 07:16:48 EVENT: RESOLVE
2017-02-11 07:16:49 Contacting xxx.xxx.xxx.xxx:1194 via UDP
2017-02-11 07:16:49 EVENT: WAIT
2017-02-11 07:16:49 SetTunnelSocket returned 1
2017-02-11 07:16:49 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2017-02-11 07:16:49 NET Internet:ReachableViaWiFi/-R t------
2017-02-11 07:16:58 Server poll timeout, trying next remote entry...
2017-02-11 07:16:58 EVENT: RECONNECTING
2017-02-11 07:16:58 EVENT: RESOLVE
2017-02-11 07:16:58 Contacting xxx.xxx.xxx.xxx:1194 via UDP
2017-02-11 07:16:58 EVENT: WAIT
2017-02-11 07:16:58 SetTunnelSocket returned 1
2017-02-11 07:16:58 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2017-02-11 07:17:08 Server poll timeout, trying next remote entry...
2017-02-11 07:17:08 EVENT: RECONNECTING
2017-02-11 07:17:08 EVENT: RESOLVE
2017-02-11 07:17:08 Contacting xxx.xxx.xxx.xxx:1194 via UDP
2017-02-11 07:17:08 EVENT: WAIT
2017-02-11 07:17:08 SetTunnelSocket returned 1
2017-02-11 07:17:08 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2017-02-11 07:17:18 Server poll timeout, trying next remote entry...
2017-02-11 07:17:18 EVENT: RECONNECTING
2017-02-11 07:17:18 EVENT: RESOLVE
2017-02-11 07:17:18 Contacting xxx.xxx.xxx.xxx:1194 via UDP
2017-02-11 07:17:18 EVENT: WAIT
2017-02-11 07:17:18 SetTunnelSocket returned 1
2017-02-11 07:17:18 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2017-02-11 07:17:28 Server poll timeout, trying next remote entry...
2017-02-11 07:17:28 EVENT: RECONNECTING
2017-02-11 07:17:28 EVENT: RESOLVE
2017-02-11 07:17:28 Contacting xxx.xxx.xxx.xxx:1194 via UDP
2017-02-11 07:17:28 EVENT: WAIT
2017-02-11 07:17:28 SetTunnelSocket returned 1
2017-02-11 07:17:28 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2017-02-11 07:17:38 Server poll timeout, trying next remote entry...
2017-02-11 07:17:38 EVENT: RECONNECTING
2017-02-11 07:17:38 EVENT: RESOLVE
2017-02-11 07:17:38 Contacting xxx.xxx.xxx.xxx:1194 via UDP
2017-02-11 07:17:38 EVENT: WAIT
2017-02-11 07:17:38 SetTunnelSocket returned 1
2017-02-11 07:17:38 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2017-02-11 07:17:48 EVENT: CONNECTION_TIMEOUT [ERR]
2017-02-11 07:17:48 EVENT: DISCONNECTED
2017-02-11 07:17:48 Raw stats on disconnect:
BYTES_OUT : 840
PACKETS_OUT : 60
CONNECTION_TIMEOUT : 1
N_RECONNECT : 5
2017-02-11 07:17:48 Performance stats on disconnect:
CPU usage (microseconds): 45505
Network bytes per CPU second: 18459
Tunnel bytes per CPU second: 0
2017-02-11 07:17:48 EVENT: DISCONNECT_PENDING
2017-02-11 07:17:48 ----- OpenVPN Stop -----

here is my router setup:

 

[yorgi]

This is an awesome guide. Thank you yorgi for taking the time to put this together!

I realize the scope of this guide is by using the OpenVPN server built into our routers, but has anyone had any success with the PPTP VPN server? I've watched several youtube videos and read several posts on other forums and this forum regarding the setup of the PPTP VPN server, and no matter what, I can't get that one to allow a remote machine to connect to it.

Every time I try, I get "Error 619", like so:

It's extremely frustrating. I wish I could get to the bottom of it seeing as some people have clearly been able to use this method successfully. I only like the idea of the PPTP VPN because it's very Windows friendly and I can use the built in VPN functionality within Windows to connect from any Win7 system.

Here's my setup:

• Default PPTP VPN Server settings on a
• ASUS RT-AC87U (latest stock fw)
• Directly behind an Arris CM820A (one of the most basic cable modems of all)
• Remote laptop: Windows 7 x64 Pro
• Laptop has Windows Firewall completely disabled
• Followed this video for my VPN Server and client settings:

On the same laptop and same router listed above, I was able to successfully utilize the OpenVPN server and client and connect to it just fine.. so what gives? Anyone have any experiencing using the PPTP Server in the later ASUS firmwares?


PS, I have diag logs from the last set of unsuccessful VPN connection attempts (the Windows diagnostic logs that you can generate from a VPN connection). If they would be useful, let me know and I'll post them. I'm not seeing anything special in them beyond some disconnect alerts.

PPTP is not safe. Use OpenVPN its way better..PPTP is old technology and not recommended.

 

[yorgi]

Thanks for this guide, unfortunatly, I can't get my iphone to connect to my ASUS router, Here is the log I have on my phone and below my asus config.

I tried changing the port to 9098, 6765 but still can't connect. When I try the connection I can see on the ASUS VPN status page that something is happening (see the image at the butom)

Any idea what the problem could be ?

2017-02-11 07:16:48 ----- OpenVPN Start ----- OpenVPN core 3.1.2 ios arm64 64-bit built on Dec 5 2016 12:50:25
2017-02-11 07:16:48 Frame=512/2048/512 mssfix-ctrl=1250
2017-02-11 07:16:48 UNUSED OPTIONS
14 [resolv-retry] [infinite]
15 [nobind]
2017-02-11 07:16:48 EVENT: RESOLVE
2017-02-11 07:16:49 Contacting xxx.xxx.xxx.xxx:1194 via UDP
2017-02-11 07:16:49 EVENT: WAIT
2017-02-11 07:16:49 SetTunnelSocket returned 1
2017-02-11 07:16:49 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2017-02-11 07:16:49 NET Internet:ReachableViaWiFi/-R t------
2017-02-11 07:16:58 Server poll timeout, trying next remote entry...
2017-02-11 07:16:58 EVENT: RECONNECTING
2017-02-11 07:16:58 EVENT: RESOLVE
2017-02-11 07:16:58 Contacting xxx.xxx.xxx.xxx:1194 via UDP
2017-02-11 07:16:58 EVENT: WAIT
2017-02-11 07:16:58 SetTunnelSocket returned 1
2017-02-11 07:16:58 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2017-02-11 07:17:08 Server poll timeout, trying next remote entry...
2017-02-11 07:17:08 EVENT: RECONNECTING
2017-02-11 07:17:08 EVENT: RESOLVE
2017-02-11 07:17:08 Contacting xxx.xxx.xxx.xxx:1194 via UDP
2017-02-11 07:17:08 EVENT: WAIT
2017-02-11 07:17:08 SetTunnelSocket returned 1
2017-02-11 07:17:08 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2017-02-11 07:17:18 Server poll timeout, trying next remote entry...
2017-02-11 07:17:18 EVENT: RECONNECTING
2017-02-11 07:17:18 EVENT: RESOLVE
2017-02-11 07:17:18 Contacting xxx.xxx.xxx.xxx:1194 via UDP
2017-02-11 07:17:18 EVENT: WAIT
2017-02-11 07:17:18 SetTunnelSocket returned 1
2017-02-11 07:17:18 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2017-02-11 07:17:28 Server poll timeout, trying next remote entry...
2017-02-11 07:17:28 EVENT: RECONNECTING
2017-02-11 07:17:28 EVENT: RESOLVE
2017-02-11 07:17:28 Contacting xxx.xxx.xxx.xxx:1194 via UDP
2017-02-11 07:17:28 EVENT: WAIT
2017-02-11 07:17:28 SetTunnelSocket returned 1
2017-02-11 07:17:28 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2017-02-11 07:17:38 Server poll timeout, trying next remote entry...
2017-02-11 07:17:38 EVENT: RECONNECTING
2017-02-11 07:17:38 EVENT: RESOLVE
2017-02-11 07:17:38 Contacting xxx.xxx.xxx.xxx:1194 via UDP
2017-02-11 07:17:38 EVENT: WAIT
2017-02-11 07:17:38 SetTunnelSocket returned 1
2017-02-11 07:17:38 Connecting to [xxxxxxxx.dyndns.tv]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2017-02-11 07:17:48 EVENT: CONNECTION_TIMEOUT [ERR]
2017-02-11 07:17:48 EVENT: DISCONNECTED
2017-02-11 07:17:48 Raw stats on disconnect:
BYTES_OUT : 840
PACKETS_OUT : 60
CONNECTION_TIMEOUT : 1
N_RECONNECT : 5
2017-02-11 07:17:48 Performance stats on disconnect:
CPU usage (microseconds): 45505
Network bytes per CPU second: 18459
Tunnel bytes per CPU second: 0
2017-02-11 07:17:48 EVENT: DISCONNECT_PENDING
2017-02-11 07:17:48 ----- OpenVPN Stop -----

here is my router setup:

View attachment 8507

View attachment 8508

Did you follow these steps for the iphone?
https://www.asus.com/support/Knowledge-Detail/11/2/RTAC68U/37EC8F08-3F50-4F82-807E-6D2DCFE5146A/
you shouldn't have any problems connecting your iphone to the server.