OpenVPN setup in asuswrt-Merlin: easiest approach using username/password

[oneuser]

Dear friends,

I'm trying to setup the VPN using username/password approach, but facing some problem now.

Background:
I’m trying to setup a VPN connection for the following purpose:

1. the client PC inside homework A connects to the VPN server on home B’s Asus router;
2. Efficient bandwidth utilization of this connection.
3. It would be good if after the OpenVPN connection is established, the PC running OpenVPN client could have the IP of 192.168.5.x, but this is not compulsory.

Here's the proposed diagram. I need to set static IP for all the physical machines in home B. To setup the OpenVPN server on Router B, I'm using the easiest RMerlin's built-in username/password method, without any manual modification of cert, etc.

and here is the LAN setting of Router B:

Problem:
I tried either of the following setting (TAP, TUN) but none works. (Attached are my settings.) May I know where the problem is and how to correct it?


Using TAP interface: The Desktop at home A could connect to the Router B VPN server, but could not get an IP address.

Using TUN interface: The Desktop at home A could connect to the router B VPN server, and was able to get an IP address of 192.168.5.x; however, it could not access/ping Internet nor any website other than 192.168.5.1 - which is router B itself.
(Q: In this case, what exactly should I put in for the VPN Subnet /Netmask fields respectively?)

Can anyone help take a look and check out what's wrong?

Any help is sincerely appreciated. Thank you!

 

[Ford Prefect]

...TUN is a routing interface, it needs a complete different subnet than that from your LAN.
Like 192.168.200.0/255.255.255.0
The LAN network is then pushed to the client with the setting "push LAN to clients".

...for TAP, try enabling "allocate from DHCP" to YES and set the client IPs to what you want.
TAP is a bridging interface and will use the same same subnet as LAN.

 

[oneuser]

Thank you for the help.

I set the VPN Subnet as: 192.168.6.0
Netmask: 255.255.255.0

Now the PC with OpenVPN client running could get an IP of 192.168.6.6, however, this PC can now only view the intranet of home B, ping other laptops, but could not get internet access to any website at all.

Is the Advanced settings in this page correct? such as "Push LAN to client", "Direct clients to redirect Internet traffic", "Respond to DNS", etc? Can someone please help?

 

[oneuser]

Anyone could kindly help on this?

Still having the same problem: VPN could connect, but can only access/view router's address; any WWW pages such as google.com could not be loaded.

 

[Ford Prefect]

Now the PC with OpenVPN client running could get an IP of 192.168.6.6, however, this PC can now only view the intranet of home B, ping other laptops, but could not get internet access to any website at all.

Is the Advanced settings in this page correct? such as "Push LAN to client", "Direct clients to redirect Internet traffic", "Respond to DNS", etc? Can someone please help?

...in the advanced section, only set "push LAN to clients" to YES and disable the others related to DNS and internet-traffic redirect.

This should enable the client to access the I-net with the same connection through which it
established the VPN session and reach the network on the LAN-side router/VPN-Tunnel.

 

[oneuser]

Thank you Ford_Prefect for the patient assistance!

in the advanced section, only set "push LAN to clients" to YES and disable the others related to DNS and internet-traffic redirect.

This should enable the client to access the I-net with the same connection through which it
established the VPN session and reach the network on the LAN-side router/VPN-Tunnel.

I tried this, but still didn't work.

My goal is to make the PC at home A to have the same public IP address as the router in home B. Reason being is that due to some restrictions, home A is behind firewall and could not access certain websites, and with this VPN setup hopefully home A could access those websites (which home B could access).

I read somewhere in order to do so the "Direct client to redirect Internet traffic" has to be set so that all traffic from A will be via this VPN tunnel, then via home B's internet connection to the destination websites. is it true? I tried but didn't work...

 

[cyborgpunte]

I think I have this setup kinda
individual VPN clients in home B
accessing internet as coming from home A

However one question :
Have you tried ping IP-adresses (not names) on internet ??

 

[Ford Prefect]

I read somewhere in order to do so the "Direct client to redirect Internet traffic" has to be set so that all traffic from A will be via this VPN tunnel, then via home B's internet connection to the destination websites. is it true? I tried but didn't work...

Well, for that usecase the settings should do what you want, I believe.
However, I do not run my own that way, so cannot deliver proof, sorry.