Hi,
new AC66U user here. I just bought it tired of fighting with OpenWRT routers limitations.
Anyway, one thing is left unconfigured, and it's my custom OpenVPN configuration. Since it uses some settings that I wasn't able to do even in advanced config, I copied it over into jffs subdirectory and launched openvpn to test it. After correcting input rules (as NAT was not working to open my vpn port for some reason), I'm able to connect to VPN but have no access to internal network.
My (sanitized) config:
up.sh for reference
So TL;DR:
10.x is local (router) LAN
12.x is subnet for VPN
11.x is LAN on another location, routed via vpn client
I need access from each subnet to all other, and this is how it worked back on OpenWRT. Obviously tap0 was added on LAN side to firewall there.
Currently I have no access from VPN clients even to 12.1. I believe I need to add some iptables rules, however my knowledge is not enough to setup it properly. And Merlin seems to have some asuswrt-specific rules already setup. Can someone help me with this configuration?
[e]
up.sh
+remove everthing in down.sh. Works as intended. Note that openvpn needs tun module to be loaded.
new AC66U user here. I just bought it tired of fighting with OpenWRT routers limitations.
Anyway, one thing is left unconfigured, and it's my custom OpenVPN configuration. Since it uses some settings that I wasn't able to do even in advanced config, I copied it over into jffs subdirectory and launched openvpn to test it. After correcting input rules (as NAT was not working to open my vpn port for some reason), I'm able to connect to VPN but have no access to internal network.
My (sanitized) config:
Code:
dev tap0
port ***
proto tcp4-server
mode server
tls-server
(...)
client-to-client
ifconfig 192.168.12.1 255.255.255.0
ifconfig-pool 192.168.12.10 192.168.12.100
ifconfig-pool-persist ipp.txt 0
script-security 2
up /jffs/openvpn_kitor/up.sh #this script just adds route to another subnet via one of vpn clients...
route 192.168.9.0 255.255.255.0
route 192.168.10.0 255.255.255.0
route 192.168.11.0 255.255.255.0
push "route-gateway 192.168.12.1"
push "route 192.168.9.0 255.255.255.0"
push "route 192.168.10.0 255.255.255.0"
push "route 192.168.11.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"up.sh for reference
Code:
#!/bin/sh
route add -net 192.168.11.0 netmask 255.255.255.0 gw 192.168.12.2 tap0So TL;DR:
10.x is local (router) LAN
12.x is subnet for VPN
11.x is LAN on another location, routed via vpn client
I need access from each subnet to all other, and this is how it worked back on OpenWRT. Obviously tap0 was added on LAN side to firewall there.
Currently I have no access from VPN clients even to 12.1. I believe I need to add some iptables rules, however my knowledge is not enough to setup it properly. And Merlin seems to have some asuswrt-specific rules already setup. Can someone help me with this configuration?
[e]
up.sh
Code:
#!/bin/sh
route add -net 192.168.11.0 netmask 255.255.255.0 gw 192.168.12.2 tap0
iptables -I INPUT -i tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -j ACCEPT+remove everthing in down.sh. Works as intended. Note that openvpn needs tun module to be loaded.
Last edited:
