Run OpenVPN Server but not as a router?

3ajs

New Around Here
Hello, does anyone have any ideas about how to run an Asuswrt-Rmerlin AC68U device as an OpenVPN server without running it as the router? It would be WAN to Another Router with port forward 1194 to AC-68U running OpenVPN Server.

Would I have to disable NAT or Firewall or DHCP on the AC68U to allow the remote VPN clients to see the other devices on the network?

Thanks a million
 

SoFluffy

Occasional Visitor
Do you really need it to not be a router? Maybe I'm not sure your exact requirements but I do something similar with an RT-AC68U that has fried 2.4/5 radios, and sitting at my mother-in-law's house.

AC68U runs Merlin with OpenVPN server. WAN port of AC68U is connected to LAN port of main network, picking up a 192.168.0.x address. AC68U has routing enabled, but no clients. DHCP needs to be a different subnet (I use 192.168.10.1, but could be anything as long as it's different than the LAN subnet of main network.) UDP port 1194 is forwarded to the AC68U, and voila. I can route internet thru it, and hit the main LAN 192.168.0.x addresses. Again, routing/DHCP is enabled, but there are no clients and doesn't matter.

Note 1 that you can't use built in DDNS on the same device as it is only aware of the LAN IP as its WAN IP. (There are scripts to solve this problem within these forums.)

Note 2 that you should set your AC68U to static IP within the main LAN'S subnet or use DHCP reservation so your port forwarding doesn't go kaput.

Edit:
Note 3 - My radios are fried on my device, but I also disabled both radios in the interface as well. I'd suggest you do the same for your needs.
 
Last edited:

eibgrad

Part of the Furniture
It should work as long you daisy-chain the OpenVPN router w/ its WAN to the LAN of the primary router and configure "Client will use VPN to access" on the server as either Internet only or Both (even if the router itself doesn't have active clients, you might find it necessary to remotely manage the router itself as a LAN accessible device).

Another option would be to install FreshTomato on the VPN router and configure it as a bridged device (i.e., no active WAN) and connect it LAN to LAN wrt the primary router. That's possible because the OpenVPN server (among other features as well) is NOT disabled in AP only mode the way it is w/ ASUS/Merlin. But you have to take extra steps to make sure that you either add static routes to the primary router that point to that VPN router as the gateway to the OpenVPN server's IP network on the tunnel, OR, NAT the traffic from the OpenVPN server's tunnel as it's dropped on the private network (br0).

If you're more familiar w/ Merlin and his implementation of OpenVPN server, it may be the better option despite being routed wrt the primary router, but I did want to at least mention there are other options.
 

3ajs

New Around Here
Do you really need it to not be a router? Maybe I'm not sure your exact requirements but I do something similar with an RT-AC68U that has fried 2.4/5 radios, and sitting at my mother-in-law's house.

AC68U runs Merlin with OpenVPN server. WAN port of AC68U is connected to LAN port of main network, picking up a 192.168.0.x address. AC68U has routing enabled, but no clients. DHCP needs to be a different subnet (I use 192.168.10.1, but could be anything as long as it's different than the LAN subnet of main network.) UDP port 1194 is forwarded to the AC68U, and voila. I can route internet thru it, and hit the main LAN 192.168.0.x addresses. Again, routing/DHCP is enabled, but there are no clients and doesn't matter.

Note 1 that you can't use built in DDNS on the same device as it is only aware of the LAN IP as its WAN IP. (There are scripts to solve this problem within these forums.)

Note 2 that you should set your AC68U to static IP within the main LAN'S subnet or use DHCP reservation so your port forwarding doesn't go kaput.

Edit:
Note 3 - My radios are fried on my device, but I also disabled both radios in the interface as well. I'd suggest you do the same for your needs.
Thank you so much for this detailed post. Super helpful! I was just thinking about managing the OpenVPN Server from remotely. I guess I could enable the WAN management to allow the Asus router to be managed from a device on the main network, and that would take care of it?
 

3ajs

New Around Here
It should work as long you daisy-chain the OpenVPN router w/ its WAN to the LAN of the primary router and configure "Client will use VPN to access" on the server as either Internet only or Both (even if the router itself doesn't have active clients, you might find it necessary to remotely manage the router itself as a LAN accessible device).

Another option would be to install FreshTomato on the VPN router and configure it as a bridged device (i.e., no active WAN) and connect it LAN to LAN wrt the primary router. That's possible because the OpenVPN server (among other features as well) is NOT disabled in AP only mode the way it is w/ ASUS/Merlin. But you have to take extra steps to make sure that you either add static routes to the primary router that point to that VPN router as the gateway to the OpenVPN server's IP network on the tunnel, OR, NAT the traffic from the OpenVPN server's tunnel as it's dropped on the private network (br0).

If you're more familiar w/ Merlin and his implementation of OpenVPN server, it may be the better option despite being routed wrt the primary router, but I did want to at least mention there are other options.
Thank you, you've both been amazingly helpful!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top