Using AMTM scripts on your devices through VPN when you leave home - Guide

[Amwjujo]

Hi everyone,

As I don't want to flood other specific threads I was wondering if a guide can be created on how we can benefit from the scripts installed in our home router through OpenVPN when we leave home and connect through mobile, hotspots etc.
I saw some users comments on how they are using such a configuration and it will be great if more of us can benefit from it .
Everybody feel free to contribute - I am looking at:

1. How to set up OpneVpn to be able to connect through it in order to benefit from all the goodies
2. Any specific applications (IoS , Android & Windows) used for that purpose - I also read a post mention an application that can automate al of this processes and as soon as you leave your home network, your devices automatically connects to your VPN.
3. Pros & Cons(if there are any).

Thank you all!

 

[heysoundude]

a couple of comments:
1 - if you've an ac86u or newer, you could also try wireguard as the vpn server on your router. There is an app for ios, android, and I believe windows now as well to use for your various devices.
https://www.snbforums.com/threads/experimental-wireguard-for-rt-ac86u-ax88u.46164/
2 - CloudFlare's WARP app connects you to their...stuff, if you're of a mind to pay for it, that you can configure to connect/disconnect automagically as you hop on and off wifi that you can choose to exclude. I'm not certain but the Wireguard app may do that as well. https://www.wireguard.com/install/
3 - because I've suggested wireguard, I'll re-iterate what has been said by people here and wireguard themselves: this is new(-ish) technology that has yet to be thoroughly tested and proven to be as secure as incumbent methods that have been audited/vetted/tested. indications so far are that it is a contender, but I wouldn't do anything that would cause you to lose sleep using it, if it should fail or prove insecure. only you can decide is what's best for you - do your own research; trust but verify.

 

[elorimer]

Just use a terminal program like putty to SSH into the router after connecting to the OpenVPN server.

 

[L&LD]

On a Windows PC, I use this.

https://openvpn.net/community-downloads/

On an Android device, I use this.

https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=en_US

On your, RMerlin powered Asus router (current version 384.17_0 or later), create an OpenVPN Server. Export the OVPN configuration file with the 'Export OpenVPN configuration file' 'Export' button.

Use the defaults (above) to make sure this works for you first, before you start customizing it and nothing works as it's supposed to.

Import into your device.

Leave the house.

Connect to the internet via any method possible and then connect back to your router using the OVPN file you imported above.

Automate things? No.

Be in control and be happy.

Once you have the above working and you can connect back to your home or office, see what other requirements you may need and ask here for quick help to do so (if possible).

HTH.

 

[Amwjujo]

On a Windows PC, I use this.

https://openvpn.net/community-downloads/

On an Android device, I use this.

https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=en_US

On your, RMerlin powered Asus router (current version 384.17_0 or later), create an OpenVPN Server. Export the OVPN configuration file with the 'Export OpenVPN configuration file' 'Export' button.

Use the defaults (above) to make sure this works for you first, before you start customizing it and nothing works as it's supposed to.

Import into your device.

Leave the house.

Connect to the internet via any method possible and then connect back to your router using the OVPN file you imported above.

Automate things? No.

Be in control and be happy.

Once you have the above working and you can connect back to your home or office, see what other requirements you may need and ask here for quick help to do so (if possible).

HTH.

Thank you.
Really helpful as usual.
Much appreciated. I'm on it
Also, will de defeults of the OpenVpn will work out of the box with Diversion + Skynet
+ Unbound + YAzFi?
Later on I would like to ask you about how you setup your VPN server and the VPN client - I have my AC86U at home and an AC66_B1 & AC68 on another 2 locations where I would like to connect to when I am at home but the other way around as well.

 

[L&LD]

@Amwjujo, like I said, using the defaults is all I've ever needed. I'm sure others can help once you can establish a connection successfully to all your locations and you want further control.

 

[Amwjujo]

@Amwjujo, like I said, using the defaults is all I've ever needed. I'm sure others can help once you can establish a connection successfully to all your locations and you want further control.

Cheers,
I'll keep you posted.

 

[Opasen]

Later on I would like to ask you about how you setup your VPN server and the VPN client - I have my AC86U at home and an AC66_B1 & AC68 on another 2 locations where I would like to connect to when I am at home but the other way around as well.

You may want to start here - VPN Server will host two clients...

 

[GSpock]

On an Android device, I use this.

https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=en_US

Hi L&LD,
any reason to use "your" version iso this one: https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en_US

Thanks,
GS

 

[Martineau]

Hi L&LD,
any reason to use "your" version iso this one: https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en_US

Thanks,
GS

+1 for Arne Schwabe

I don't think the official App supports routing selective Android Apps through the tunnel?

However, a simple forum search should give you confidence in the recommendation.

 

[Jack Yaz]

+1 for Arne Schwabe

I don't think the official App supports routing selective Android Apps through the tunnel?

However, a simple forum search should give you confidence in the recommendation.

View attachment 23486

+1 from me as well

 

[GSpock]

@Martineau & @Jack Yaz, thanks for your feedback.
To be clear, I was not questionning the confidence of Arne Schwabe application, my question was rather on functionality (and you are right about selective apps in the offcial app).
Rgds,
GS

 

[L&LD]

@GSpock, simply because it just works.

I'll have to look into the Arne Schwabe OpenVPN app though. Maybe I am missing something I don't know about yet?

 

[Amwjujo]

I have tested both of the applications ( Android & Windows) and everything works great. Thank you for your help.
The only 2 things I have changed: Enabled DDNS and changed VPN access from LAN to Both.

Now

• How can access my network shared files via VPN when i am outside my network.
• Will RDP work without opening ports to internet - or I need some changed as well to use it over VPN?
• If I set my other work router (ac66_B1) as VPN client that means I can have access to my work shared files ? Leaving the router always connected as VPN client will have any performance impact on my network?

I can confirm that both of the tested clients (Android & windows pc) benefits from the amtm scripts when used outside my network.
Thank you in advance

 

[L&LD]

How do you access your shared files inside your network? You would do the same from outside when connected via OpenVPN.

RDP works as-is. Once you've connected to the OpenVPN Server.

No, you need to set that router as another OpenVPN Server too. Then just access what you need the same as for your home network.

 

[elorimer]

If I set my other work router (ac66_B1) as VPN client that means I can have access to my work shared files ? Leaving the router always connected as VPN client will have any performance impact on my network?

You might want to look at your upload and download speeds at each location and what your usage pattern is before you set all this in place.

For example, call the 86 and its local network site1, and the 66 and its network site2. Say both have 100/25 service (100 download, 25 upload). If you connect site2 client to site1 server set to both, then site2 will be accessing the internet over the tunnel. Site2 will request a site, which will be downloaded to site1 and then uploaded to site2. So the download speed from the internet to site2 will be capped at 25 instead of 100. You may want site1 to be set to LAN only so that internet traffic to site2 remains at 100, while LAN traffic is limited to 25 (you can't do anything about that).

Instead, you may want to let the client decide, or you may want to set up two servers, one where the client connects to the internet over the tunnel, and one where it does not.

Also, if you want to access site2 LAN from site1 while site2 is connected to site1 as a client, I think you need to add a route. Not sure, as I do it as @L&LD suggests.

Also, make sure that all three networks have all six address schemes set differently (that is, modem to router, and internal LAN for each location should be unique).

 

[elorimer]

I'll have to look into the Arne Schwabe OpenVPN app though. Maybe I am missing something I don't know about yet?

I have found it is more reliable than the official app. I'm a little confused though, because the blinkt.de app IS the Arne Schwabe unofficial app.

 

[Amwjujo]

You might want to look at your upload and download speeds at each location and what your usage pattern is before you set all this in place.

For example, call the 86 and its local network site1, and the 66 and its network site2. Say both have 100/25 service (100 download, 25 upload). If you connect site2 client to site1 server set to both, then site2 will be accessing the internet over the tunnel. Site2 will request a site, which will be downloaded to site1 and then uploaded to site2. So the download speed from the internet to site2 will be capped at 25 instead of 100. You may want site1 to be set to LAN only so that internet traffic to site2 remains at 100, while LAN traffic is limited to 25 (you can't do anything about that).

Instead, you may want to let the client decide, or you may want to set up two servers, one where the client connects to the internet over the tunnel, and one where it does not.

Also, if you want to access site2 LAN from site1 while site2 is connected to site1 as a client, I think you need to add a route. Not sure, as I do it as @L&LD suggests.

Also, make sure that all three networks have all six address schemes set differently (that is, modem to router, and internal LAN for each location should be unique).

Thank you for explaining.
Also. I think I am doing something wrong as RDP refuse to connect to my home address. When I am connected to the VPN it shows my server IP and if I do a ping test to 10.8.0.1 or 10.8.0.2 it all works fine ,,,, any suggestions?

 

[Amwjujo]

How do you access your shared files inside your network? You would do the same from outside when connected via OpenVPN.

I am not
Looking for a way of doing it.
Thanks.

 

[elorimer]

Also. I think I am doing something wrong as RDP refuse to connect to my home address.

To spell it out, not sure what client you are using for RDP, but let's say you are using the standard Windows client within your LAN. The computer field will be the LAN IP of the computer you are going to connect to. I'm assuming that works. Then, from a computer outside your LAN, if you connect to the router's OpenVPN server, you will use that same LAN IP as the computer field, and it should work the same. The LAN or Both setting for the OpenVPN server will add a route from your client computer to the LAN, including the LAN IP of the computer you want to RDP into.