SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Wireless Networking > ASUS Wireless > Asuswrt-Merlin

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 01-08-2013, 10:07 AM
gbguy71 gbguy71 is offline
New Member
 
Join Date: Dec 2012
Location: Northern CA
Posts: 18
Thanks: 0
Thanked 5 Times in 1 Post
gbguy71 is just starting out
Default Setting up Merlin VPN and OpenVPN Server and Windows Client

Setting up Merlin VPN and OpenVPN 2.2.2 Server and Windows Client

[NOTE: there are unresolved issues with the Windows installation of OpenVPN 2.3.3 due to the separation of Easy-RSA from the OpenVPN install package. As of this date the issues are being worked. You may be able to find answers here https://forums.openvpn.net/server-ad...ation-f4.html]

I encountered some issues/Ēlearning opportunitiesĒ when setting up my ASUS RT-N66U as a VPN server. I noticed that others had similar experiences, so this post may be helpful to future VPN users. Iím a noob at this, so experts feel free to correct me. Iíll edit this as needed. Iím not an Apple guy, so Iíll concentrate on Windows clients and youíll need to go elsewhere for setting up the router as an OpenVPN client.

My approach is to reference other posts/articles, but with additional notes so that some issues can be avoided.

First, the Merlin firmware offers two VPN implementations: the basic ASUS PPTP (Point to Point Tunnel Protocol) and OpenVPN. PPTP is simple to set up but not totally secure. OpenVPN is more complex to set up, but much more secure. Look at their Wikipedia entries for more information.

First, before you do anything else, determine if your router has a public or an internal IP address. You need to have a public one for any of this work. This post on the ASUS forum tells you how using www.whatismyip.com. My ISPís DSL modem was configured as a router. They changed it to a bridge for a one-time charge (you do NOT need to get a static IP address assigned. Weíll talk later about assigning a hostname that will handle a routerís possibly changing IP address).

Setting Up the ASUS PPTP Server

Even if you know you want to exclusively use OpenVPN you might want to go ahead and try the PPTP server just to make sure all your connections work before you jump into setting up OpenVPN. ASUS provides a good guide here. Windows has PPTP client support built into it, so once the router is set up you can get going in a heartbeat. There are a number of good articles on how to set up a VPN client on the web. This one is pretty good. If you decide you donít want to continue using the PPTP server be sure and disable it in the router. No sense wasting router resources.

NOTE: When you look at the Windows Network and Sharing Center youíll see the VPN connection.

Setting up the OpenVPN Server

The key article is this one about configuring a Tomato router and Windows clients (skip down to Configuring OpenVPN). You obviously donít need to add the OpenVPN software to the router, but the setup instructions for the router and the windows client are good. Here are some additional points:
  1. The article assumes youíll use the OpenVPN GUI that is part of the OpenVPN distribution. From what Iíve heard it isnít the most current. Instead, install this version from SourceForge (openvpn-gui.exe). [My guess at the installation instructions:] You need to download it and copy it into the OpenVPN\bin directory once OpenVPN, including its OpenVPN GUI, has been installed. I renamed the original openvpn-gui, but kept it around.
  2. When you edit the files (e.g., vars.bat) run Notepad++ as administrator.
  3. When you generate the keys, certificates, etc. you may get some error messages regarding ďcanít open config file Ö openssl.cnfĒ. Donít worry about them. They wonít affect the results.
  4. Be sure and include the -----BEGIN CERTIFICATE-----/ -----END CERTIFICATE----- , -----BEGIN PRIVATE KEY-----/ -----END PRIVATE KEY-----, and -----BEGIN DH PARAMETERS----- , -----END DH PARAMETERS----- lines of text in the router parameters.
  5. The OpenVPN download is for everything, server and client. I donít know if there is a minimal download for a strict client, one in which the keys are generated on a different machine.
  6. Donít ask me about their recommended VPN server parameters (Push LAN to clients, etc.) I donít know what they mean

NOTE: The VPN connection will NOT be visible in the Windows Network and Sharing Center. Youíll be able check the status from the Open GUI hidden icon.

This article covers much of the same stuff, though in less detail. Its main advantage is that it is from the OpenVPN group, so that if something changes it should be up to date.



Miscellaneous Goodies

If your router provides it, use the ASUS DDNS service to provide a hostname for your router. It will automatically be updated if your routerís IP address changes. Many of the tutorial articles suggest using DynDNS. However, in their free version your hostname registration will expire if your IP address doesnít change for 30 days [I canít find a concise reference for this].

How to set up your router so that it can be managed outside your local network.

If you want to be able to ping your router (good for testing) go the Firewall section and enable ďRespond Ping Request from WANĒ

If you are interested in a Static Key OpenVPN set up, this mini-article explains how.

General How To topics on ďall things OpenVPNĒ.

Hope this will make things a little easier for you.

Last edited by gbguy71; 11-07-2013 at 12:39 PM. Reason: OpenVPN 2.3.2
Reply With Quote
The Following 5 Users Say Thank You to gbguy71 For This Useful Post:
  #2  
Old 07-14-2013, 05:06 AM
rescapind rescapind is offline
New Member
 
Join Date: Jul 2013
Posts: 14
Thanks: 0
Thanked 0 Times in 0 Posts
rescapind is just starting out
Default Revoke client

Hi,
I'm using RT-N66U with Merlin build 3.0.0.4.372.30_3.
I have successfully set up OpenVPN server on the router.
May I know how I can revoke client cert?
Thanks a lot.
Reply With Quote
  #3  
Old 04-19-2014, 01:31 AM
wayner wayner is offline
Member
 
Join Date: Dec 2012
Location: Toronto, ON, Canada
Posts: 56
Thanks: 0
Thanked 0 Times in 0 Posts
wayner is just starting out
Default

I am trying to set this up and the screens on Tomato shown in the HowToGeek tutorial are somewhat different than the 37.40 Merlin pages. In particular I don't see any place in the Merlin pages where you import the Keys generated on your PC. Am I missing something? Where to you input the keys in Merlin?
Reply With Quote
  #4  
Old 04-19-2014, 02:11 AM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 10,114
Thanks: 54
Thanked 5,596 Times in 2,299 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by wayner View Post
I am trying to set this up and the screens on Tomato shown in the HowToGeek tutorial are somewhat different than the 37.40 Merlin pages. In particular I don't see any place in the Merlin pages where you import the Keys generated on your PC. Am I missing something? Where to you input the keys in Merlin?
There's a link that says " Content modification of Keys & Certificates." on that page - just click on it.
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
Reply

Tags
openvpn, setup

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 03:34 AM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  368
stevech  155
KGB7  124
Kel-L  98
sfx2000  98
sinshiva  95
azazel1024  93
john9527  75
fistv  70
hggomes  69
RMerlin  5595
stevech  329
ryzhov_al  266
TeHashX  217
L&LD  190
RogerSC  189
sinshiva  143
joegreat  127
jlake  122
sfx2000  121
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  77770
Old Asuswrt-Merli...  44908
Old [Fork]...  19248
Old Asus locking...  10230
Old ASUS...  8197
Old Incoming...  7979
Old Share What...  3810
Old Asuswrt-Merli...  3268
Old Asuswrt-Merli...  2992
Old Ac68u Latest...  2349
Old Asuswrt-Merli...  393
Old Asuswrt-Merli...  201
Old [Fork]...  134
Old Asus locking...  125
Old Connection...  53
Old [HOW TO]...  50
Old ASUS...  49
Old Incoming...  44
Old 376.44 -...  40
Old Use the same...  35


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.