OpenVPN on Asus RT-Ax88U.

[Tim4short]

I am attempting to set up OpenVPN on my Asus RT-AX88U.

I have folowed serveral tutorals, both asus provided and others. To the best of my abilty, I think I got it right, but I cannot connect. In the OpenVPN client, it resolves my dns name to the ip, but then fails there. I'm at a loss as to what to check next. thank you

• I have Port Forwarding enabled.
• I have set up VPN user
• Registered my DNS
• Exported the client

 

[ColinTaylor]

Don't enable Port Forwarding.

 

[Tim4short]

Thank you, but how does an outside client get in if there's not a port open for that call?

 

[ColinTaylor]

The router opens the appropriate port as part of the OpenVPN server initialisation process. You don't need to do it yourself as a separate step.

To clarify; you were talking about creating port forwarding rule in WAN - Virtual Server / Port Forwarding?

Have you confirmed your RT-AX88U has a public IP address?

 

[Tim4short]

Thank you. Not aware .

Yes, public address. Lipharos.asuscomm.com

I'll try it.

Thanks again

 

[Tim4short]

Yes re port forward. Wan. Changed the default port based on recommendations.

I also turned off port Fwd. No go

Currently PF is off.
I do have a public ip because of DDNS

 

[ColinTaylor]

I do have a public ip because of DDNS

It looks like you're using IPv6? I'm not sure how reliable the Asus OpenVPN server is when using IPv6. I suggest you disable IPv6, re-register your DDNS address and try again.

Confirm that your WAN IP address shown in the router's GUI (Network Map > WAN IP) matches your DDNS address (67.185.24.240).

When connecting look in the router's System Log for the connection attempt and any error messages.

 

[Tim4short]

Thanks. I appreciate your effort.

I just enabled IP6 today as I saw something about "ip6 false" in the log. Hoping it might help to enable. I will disable.

DDNS match. Will do.

Will refresh and watch logs.

News to focus to the family now. Will post when I've followed your advice

 

[Tim4short]

OK. my router is getting a WAN IP for 10.0.0.39 from the Xfinity Modem. The Xfinity modem's outside address is the 67.185.24.240. When attempting a external connection using the OpenVPN client, the client log show it finds and resolves the DDNS name (LIPHAROS.asuscomm.com) , but stops there. It get no response from the ASUS VPN Server. I'm going to look at the logs today and also snapshot screen settings. Maybe this will help provide better insight. Thank you again.

 

[ColinTaylor]

OK. my router is getting a WAN IP for 10.0.0.39 from the Xfinity Modem.

So this is your problem. It looks like the Xfinity is operating as a router. If possible you need to change the Xfinity device from "router/gateway mode" to "modem/passthrough mode". The terminology might be slightly different depending on the device in question. If that's not possible you could either create a port forwarding rule on the Xfinity for your VPN port, or put the Asus's IP address in the Xfinity's DMZ.

 

[Tim4short]

OK.. thank you! I put the Xfinity Modem in BRIDGE mode when i originally set up the network. I think the reasoning was to either use MOCA (which I am not any longer) OR to make sure I was using the ASUS router for routing, DHCP etc. I believe it was the latter.

So, should bridge mode be allowing this or do I still need to make the changes you recommended?

 

[ColinTaylor]

So, should bridge mode be allowing this or do I still need to make the changes you recommended?

If your Xfinity Modem/Router is "bridged" then your Asus' WAN IP will be a public IP address like 67.185.xxx.yyy. At the moment the WAN IP is 10.0.0.39 which is a private IP address which suggests that the Xfinity is not bridged.

 

[Tim4short]

OK. I just realized I recently had to change modems for Xfinity and I did not put hte new one is bridge mode. I am executing that now and will update

That did it. I'm connected. Thank you!!!!