Openvpn with RT-N56UB1

[plex]

Hello

Case:
I need to access a remote vmware esxi server.

I've bought the cheapest Asus router with gbit lan for the job - the RT-N56UB1. I'm a little familiar with openvpn, since I've tried it out, on my home RT-AC68U with Merlin. Did work perfectly first try, using this setup:

https://www.snbforums.com/threads/how-to-setup-a-vpn-server-with-asus-routers.33638/



But server can't start:
OpenVPN server daemon failed to start.
Please check your device environment or contents on the Advanced Setting page.

From system log:
Jan 24 19:16:55 rc_service: httpd 4104:notify_rc restart_vpnd;restart_chpass
Jan 24 19:16:58 openvpn[5411]: OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Jul 13 2015
Jan 24 19:16:58 openvpn[5411]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Jan 24 19:16:58 openvpn[5411]: Diffie-Hellman initialized with 2048 bit key
Jan 24 19:16:58 openvpn[5411]: Socket Buffers: R=[116736->131072] S=[116736->131072]
Jan 24 19:16:58 openvpn[5411]: TUN/TAP device tun21 opened
Jan 24 19:16:58 openvpn[5411]: TUN/TAP TX queue length set to 100
Jan 24 19:16:58 openvpn[5411]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jan 24 19:16:58 openvpn[5411]: /usr/sbin/ifconfig tun21 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Jan 24 19:16:58 openvpn[5411]: Linux ifconfig failed: could not execute external program
Jan 24 19:16:58 openvpn[5411]: Exiting due to fatal error

Content modification of Keys & Certification - was empty. So I've copy pasted from my AC-68U.

Any help would be very appreciated )

And yes - I admit that I don't have many skills here

 

[szdaisy0228]

Did you want RT-N56B1 as client or server to access a remote vmware esxi server?
others,if you OpenVPN server advance page the Authorization choose TLS, then doesn't need the Keys & Certification.

 

[plex]

Did you want RT-N56B1 as client or server to access a remote vmware esxi server?
others,if you OpenVPN server advance page the Authorization choose TLS, then doesn't need the Keys & Certification.

The rt-n56u should act server, and clients connects with mac or iOS devices.

First I've tried without TLS keys, and doesn't work neither

 

[szdaisy0228]

If there are no special requirements, just enable OpenVPN and use the default settings,try it.

 

[plex]

Nothing else than a new router seems to work... The RT-N66U and RT-AC68U works perfect, so I guess the N56 was a bad choice. RT-AC68U ordered for the job

 

[sfx2000]

I need to access a remote vmware esxi server.

Enable pass-thru and you're done - don't need to mess with VPN client or server... that option is for the router itself.

 

[plex]

Enable pass-thru and you're done - don't need to mess with VPN client or server... that option is for the router itself.

What about security? I don't want my server visible with a public IP address

 

[sfx2000]

What about security? I don't want my server visible with a public IP address

Yep - since you have ESXi, set up a small ubuntu server or centos image on the vmware box, and then port forward the guest out - or put it in the DMZ.

Digital Ocean has some nice writeups on how to do this.

 

[plex]

Yep - since you have ESXi, set up a small ubuntu server or centos image on the vmware box, and then port forward the guest out - or put it in the DMZ.

Digital Ocean has some nice writeups on how to do this.

Thanks for the tip [emoji846]

But since I've got OpenVPN working with a new router - isn't the problem solved? I only need to access the server during maintenance, elsewhere the server is hosting a administrative system, with http access on port 80.

I'm pretty novice here [emoji17]


Sent from my iPad using Tapatalk

 

[BigManz]

Protocol: TCP (if you care at all about the traffic.. since it is an ESXi host)
Auth Mode: TLS
Make sure the following keys are in there, and copied correctly. (spaces, etc will mess it up)
* Static Key
* CA
* Server Certificate
* Server Key
* Diffie Hellman Parms

Suggestions:
Username/Password auth = Yes
Username/Password Auth Only = No
Auth Digest = SHA256 (or whatever you made your certs to be)
Push LAN to clients = Yes (for what your trying to do...)

Hope some of this helps

 

[szdaisy0228]

The router WAN IP need public IP ,or both OpenVPN Serve and OpenVPN client in same network ,how about your's?