Hi all,
I have recently stumbled across ASUS Merlin firmware, great extra features! I’m in no way expert on any of this, I’ve tried to learn as much as possible before asking anything but was wondering if someone could assist me in a review of my config.
I’ve configured an OpenVPN Server (Site1: RT-AX56U and Site2: Client RT-AX58U both running the latest merlin FW).
The Client OpenVPN Router at site 2 will be connected to a primary router by ethernet to the AX58U WAN port, this routers only purpose will be to act as a VPN tunnel AP, for wireless and wired clients at Site 2.
My requirement is that there be no chance of internet connection at Site 2’s RT-AX58U if the VPN is not established, whether that through manual VPN deactivation, tunnel drop, or misconfiguration Server/Client side.
So far so good in testing...
I have applied the killswitch setting and “Redirect Internet traffic through tunnel” and tested it works via the “kill $(ps | grep [v]pnclient1 | awk '{print $1}')” command, I can see the “prohibited default” in the ip route tables of ovpnc1.
But also aware there are other scenarios reading through the forum where the VPN could deactivate and a WAN connection could be established revealing the real external IP address of Site 2.
As the Site2 Router is piggybacking another router, I have disabled NAT. I found this stops any internet connection for AP Clients when the Routers OpenVPN Client is disabled.
Question is, given this router should only serve via VPN and its imperative it doesn't reveal its true non VPN WAN IP. Is there anything else I should do, can I block all routes out via a static route block other than the VPN’s connection? (Router LAN: 192.168.50.1).
Sorry if rambled.
I have recently stumbled across ASUS Merlin firmware, great extra features! I’m in no way expert on any of this, I’ve tried to learn as much as possible before asking anything but was wondering if someone could assist me in a review of my config.
I’ve configured an OpenVPN Server (Site1: RT-AX56U and Site2: Client RT-AX58U both running the latest merlin FW).
The Client OpenVPN Router at site 2 will be connected to a primary router by ethernet to the AX58U WAN port, this routers only purpose will be to act as a VPN tunnel AP, for wireless and wired clients at Site 2.
My requirement is that there be no chance of internet connection at Site 2’s RT-AX58U if the VPN is not established, whether that through manual VPN deactivation, tunnel drop, or misconfiguration Server/Client side.
So far so good in testing...
I have applied the killswitch setting and “Redirect Internet traffic through tunnel” and tested it works via the “kill $(ps | grep [v]pnclient1 | awk '{print $1}')” command, I can see the “prohibited default” in the ip route tables of ovpnc1.
But also aware there are other scenarios reading through the forum where the VPN could deactivate and a WAN connection could be established revealing the real external IP address of Site 2.
As the Site2 Router is piggybacking another router, I have disabled NAT. I found this stops any internet connection for AP Clients when the Routers OpenVPN Client is disabled.
Question is, given this router should only serve via VPN and its imperative it doesn't reveal its true non VPN WAN IP. Is there anything else I should do, can I block all routes out via a static route block other than the VPN’s connection? (Router LAN: 192.168.50.1).
Sorry if rambled.
are there any fool proof methods to stop connections if a OpenVPN Site to Site VPN (Asus Routers) drops. One side being a dedicated VPN connection AP.
