SystemF
Regular Contributor
Hello! I'm trying to setup a connection between 2 machines in 2 near buildings. The client is under windows 7 with public IP - no NAT (router), only software firewall. Both server and client using public IPs from same ISP same subnet - static IPs.
Server is behing RT-AC88U (stock firmware) running openvpn in tun mode with settings:
Router LAN: 192.16.170.0/24
Interface Type: TUN
Protocol:UDP
Server Port: 49xxx
Respond to DNS: Yes
Advertise DNS to clients: No
Encryption cipher: AES-192-CBC
HMAC Authentication: SHA1
Compression: Disable
Username / Password Auth. Only: No
Authorization Mode: TLS
RSA Encryption: 1024 bit
Extra HMAC authorization: Incoming (0) (TLS-Auth)
VPN Subnet / Netmask 10.92.4.0/255.255.255.0
Push LAN to clients: Yes
Direct clients to redirect Internet traffic: No
TLS Renegotiation Time: -1
Manage Client-Specific Options:Yes
Allow Client <-> No
Allow only specified clients
Allowed Clients
Common Name(CN)
client
Subnet:xxx.xxx.xxx.xxx
I want only 1-2 clients to be able to connect to the server for sharing files throw smb. Make a lots of tests with diffrent settings on the router. Need to reset 1 time things go wrong. I want to use CN instead of username/password option. In the field Allowed Clients - Common Name(CN) i enter: client, for subnet and mask I tested with random private address like 172.16.100.0/24 and 10.189.249.0/24 diffrent from the router vpn and private lan. The client everytime connect succefully. Only when type something diffrent from "client"in the filed Common Name(CN) the second machine can't connect. Making all of this because i see a lot of scans and attack in the subnet of my isp. Someone made success with Asuswrt instead of Merlin to manage this with CN? Even is it possible? If the client wich is connection to the router is not behing NAT, what subnet and mask I must use or enter in Allowed Clients - Subnet and Mask ?
Server is behing RT-AC88U (stock firmware) running openvpn in tun mode with settings:
Router LAN: 192.16.170.0/24
Interface Type: TUN
Protocol:UDP
Server Port: 49xxx
Respond to DNS: Yes
Advertise DNS to clients: No
Encryption cipher: AES-192-CBC
HMAC Authentication: SHA1
Compression: Disable
Username / Password Auth. Only: No
Authorization Mode: TLS
RSA Encryption: 1024 bit
Extra HMAC authorization: Incoming (0) (TLS-Auth)
VPN Subnet / Netmask 10.92.4.0/255.255.255.0
Push LAN to clients: Yes
Direct clients to redirect Internet traffic: No
TLS Renegotiation Time: -1
Manage Client-Specific Options:Yes
Allow Client <-> No
Allow only specified clients
Allowed Clients
Common Name(CN)
client
Subnet:xxx.xxx.xxx.xxx
I want only 1-2 clients to be able to connect to the server for sharing files throw smb. Make a lots of tests with diffrent settings on the router. Need to reset 1 time things go wrong. I want to use CN instead of username/password option. In the field Allowed Clients - Common Name(CN) i enter: client, for subnet and mask I tested with random private address like 172.16.100.0/24 and 10.189.249.0/24 diffrent from the router vpn and private lan. The client everytime connect succefully. Only when type something diffrent from "client"in the filed Common Name(CN) the second machine can't connect. Making all of this because i see a lot of scans and attack in the subnet of my isp. Someone made success with Asuswrt instead of Merlin to manage this with CN? Even is it possible? If the client wich is connection to the router is not behing NAT, what subnet and mask I must use or enter in Allowed Clients - Subnet and Mask ?
