Chris Tate has provided other thread(s) covering setup of a VPN using the PPTP protocol. I tried that method but it turns out that some of the protocol packets (specifically, GRE) are blocked by the firewall at my workplace. The N66 router also supports OpenVPN, so I gave it a whirl and it turned out to be a simple 10 minute setup. I took a couple of screenshots if you would like to recreate this tunnel into your shack (note that I am running the latest router firmware as of this posting).
Step 1 - Advanced Settings
- Select VPN tab (left side)
- Select OpenVPN
- Select VPN Server tab
- Enable the server
- Select VPN Details - Advanced Settings
- Fill out the form settings as shown (or modified to your preference)
Step 2 - General Settings
- Select VPN Details - General
- Add your user-name/password
- Click Apply
- You will be prompted to save the .ovpn file (e.g., Desktop\MyShack.ovpn). Use the Export button to force an upload of the .ovpn file in case you apply subsequent changes and desire an updated .ovpn file. The Export button can also be used to obtain the file on different remote machines.
Step 3 - Installing OpenVPN on remote machine
- Install OpenVPN
- Move the .ovpn file to the OpenVPN config directory (e.g., c:\Program Files\OpenVPN\config; this requires Admin privy)
- Start OpenVPN (you will be prompted for user-name/password)
- Fire-up SSDR v1.4.3
- Time to play - hopefully ;-)
Note: You can perform all of these instructions from the remote machine if you have remote access enabled on the router (Administration -> System -> Enable Web Access from WAN: Yes).
Just getting into remote operation with my 6300. I have it working within the LAN on all my computers and IPAD (using Splashtop streamer) . It has been great. Going outside the LAN to the big WAN and more security risks has me asking a the question about the necessity of VPN. Why? What does it do for me regarding a Ham radio? It seems like it might slow things down between the radio and the controlling application on the WAN. If it does, why do it? HAM radio has no implied confidentiality. Thanks for your great tutorial on the VPN setup. I have a Netgear router with OpenVPN support and could try it.
It will connect from my iPad when i am on my own WiFi network, but when I am at the office, it won't connect. Is there some IP Pass-through, NAT filter, or port that I need to open in the ASUS firewall to make this work?
I am using my Morotola ATT NVG510 DSL Modem/Router in passthrough mode (As much as it can be configured for this) and feeding it into the new ASUS router.
I am baffled.
Ken - NM9P
No, nothing special on the Asus router needs to be configured except the OpenVPN server as explained above. I'm not sure how you have your network setup.
Are you able to ping the Asus router from your workplace? If so, then there is a firewall between the Asus and your workplace that is blocking port 1194.
If the firewall is at the cable modem, then you'll need to port-forward 1194 to the Asus.
If the firewall is at your workplace, well, you'll need to speak to someone else.
Have you looked at the Asus system log for info related to your connection attempts?
I have tried using the PPTP mode of the ASUS RT-N66U router and it seems to be a little bit faster, but also has the potential security issue.
Question...When running OpenVPN, what is the difference between running in TCP mode and UDP Mode? I have only experimented with TCP mode so far,
This is a learning experience for me. Fun, and frustrating at the same time. Bit I enjoy this nerdy stuff...if I have the time to play. This being Advent/Christmas season, I don't!
I have played a little with SoftEther.net as Howard suggested, but the speeds were a bit slower than using PPTP on my new router. I also was looking for an option that did not require my Shack computer to be in the loop. I may return to it later,
Here's looking forward to the eventual release of V.2.0! Though my guess is that it will probably require using a DDNS and router port-forwarding as well. So we all better brush up on our various router's manuals!
Ken - NM9P
SOFTETHER IS FREE
SOFTETHER NEEDS NO HARDWARE
SOFTETHER CAN BE DIWNLOADED AND SETUP IN LESS THAN 10 MINUTES
SOFTETHER HAS ONLINE TUTORIALS
SOFTETHER SUPPORTS L2TP FOR IPADS
In the time it has taken you to write up the bugs, let alone try to fix the ASUS bugs upon would easily have had SOFTETHER working.
The main problem was with ATT Uverse's "wonderful" (sarcasm) Motorola NVG-510 modem/router.
In order to get this fantastic piece of consumer engineering working with an external VPN router, you need to do several things.
BEFORE YOU ATTACH THE EXTERNAL ROUTER....
1) Connect directly to the NVG-510 and sign in to it's control page (using the URL and Password you have previously set up) and change the following things.
2) Turn Wireless OFF
3) Go to the tab: Home Network> Subnets & DHCP and give the NVG-510 a new IP address that will be on a DIFFERENT subnet than your external router. (i.e. 192.168.X.254 where X is the subnet you wish to use for the subnet. it can be anything from 2-254. pick something you will remember and WRITE IT DOWN.)
4) while on the same page, set the DHCPv4 start address and end address to a number in the same subnet, but DIFFERENT from the "unit number" given to the NVG-510. for example, if you gave the NVG-510 the address 192.168.3.254 then set the Start And End address BOTH to 192.168.3.250) you only are making room for ONE assignment for the DHCP, because it will be assigning it to the new external router.
Once you hit "SAVE" you will probably lose the connection to the NVG-510. If so, you will need to let it temporarily give your computer the new IP address intended for the external router so that you can set up a few other things.
Once you have access to the NVG-510 again, you will need to make a few other changes...
5) Go to the Firewall>Packet Filter tab and turn all filters OFF. Hit "SAVE"
6) Go to the Firewall>NAT/Gaming tab and clear all of those and SAVE (Your new external router will handle these functions)
7) Go to the Firewall>IP Passthrough tab and set "Allocation Mode" to PASSTHROUGH.
Also, set "Passthrough Mode" to DHCPS-dynamic. Assign a larger value to the Passthrough DHCP Lease time. (I gave it about 7 days) Hit "SAVE"
You will either lose control of the NVG-510 at this time, or it will ask if you want to "reset" or "Reboot" it. Hit Reboot, and close your browser.
8) Physically disconnect from the NVG-510.
NOW PROGRAM THE NEW EXTERNAL ROUTER....in this case my ASUS RT-N66U
BEFORE YOU CONNECT THE NEW ROUTER TO THE NVG-510
1) Physically connect to the new router.
2) Allow it to assign you a new IP address, and log in to it using the default IP address or the one you have previously assigned to it.
3) Go to the Advanced Settings>WAN tab and set the following values:
WAN Connection Type = Automatic IP
(This has the new router get it's WAN IP address from the NVG-510)
Enable WAN = YES
Enable NAT = YES
Enable UPnP = YES
Connect to DNS Server Automatically = YES
Account Settings: Authentication = None
Hit "APPLY" and wait until it is finished.
4) Go to the WAN> NAT Passthrough tab and enable all the passthroughs but the PPPoE Relay .
5) Go to the Advanced Settings>LAN>LAN IP tab and make sure that the IP of the new router is on a different subnet than the NVG-510. (If you skip this step you will have a lot of grief) for example, if you used 192.168.3.254 for the NVG-510 then use 192.168.5.(any number) the 3 and the 5 in the third position are what define the different subnets.) write the new subnet down. It it is already on a different subnet, then you don't need to change this.
6) Setup of the tabs for Advanced Settings>LAN>DHCP server and other tabs are up to you. If you want the new router to assign IP addresses to your various computers and devices, then turn this function ON and set a range of addresses consistent with the same subnet as the LAN of the router. be sure to hit "APPLY"
7) Setup your wireless and other functions as you see fit.
When you are finished, hit the "REBOOT" tab at the top of the page and let the router reboot.
NOW CONNECT THE NVG-510 to the WAN input port on the new router and power reset the NVG-510.
Physically connect to our new Router and log in to it.
Go to the General>Network Map tab and check to see if you get a "Network Connected" Message.
Check to see that the NVG-510 has assigned a WAN IP address to the new router that is NOT in the Private IP subnets...i.e. NOT 192.168.xxx.xxx. Mine starts with 104.55.xxx.xxx.
The internet status should reflect that the DDNS has been set to your DDNS account url.
You should have internet service now. If not, then you need to reboot the new router again to make sure it has connected.
You might need to go to the DDNS setup tab and confirm that it is connecting, once you have internet service.
If you still don't have internet service, you might need to log in to the NVG-510 again and restart the modem. it took a couple of times for this to work for me the first time.
ONCE YOU HAVE INTERNET ACCESS, then you can go back in to the new router and set up your VPN.....Either PPTP mode or OpenVPN mode.
Others have covered this above so I won't go into a lot of detail:
I am getting best throughput on my laptop using OpenVPN mode in TAP and UDP mode.
If you want to use an iPad, then you can only use PPTP mode. You must set up VPN user account and Password. Also, if you are using OpenVPN, then you will need to Export the client setup up file (Client.ovpn) and import it to your remote computer's /program Files/OpenVPN/Config directory. You can have separate config files for different OpenVPN modes - for example, I have one named "client-TCP.ovpn" for use when using TCP mode, and another one named "client-UPD.ovpn" for use in UDP mode. These files contain your security certificate and code key for security. (NOTE: you must download the OpenVPN CLient utility to your remote computer or iPad in order to use OpenVPN mode.)
For use with an iPad and K6TU's program, set up the PPTP page, using both general and advanced setup tabs to enter security information, vpn user names and passwords.
There is no client setup file or certificate to export in this mode.
If you have one of ATT's lovely NVG-510's I hope this helps you get your external router running with VPN. Good luck. If you still can't get it going, you might want to follow Howard's advice and try SoftEther.net.
Ken - NM9P
I found recently that there is a 3rd party that provides ASUS firmware updates -- they credit support from ASUS. So while not "official" ASUS firmware this third party provides bug fixes and certain enhancements not immediately provided by the corporate company. I found this quote:
The goal of this project is to fix issues and bring some minor functionality adjustments to the original Asus firmware.It's an interesting relationship and I thought I would try and document it here.
Home page of Asuswrt-Merlin: https://asuswrt.lostrealm.ca
About Asuswrt-Merlin: https://asuswrt.lostrealm.ca/about
Features of Asuswrt-Merlin: https://asuswrt.lostrealm.ca/features
Wiki Documentation: https://github.com/RMerl/asuswrt-merlin/wiki
Supported ASUS routers: https://github.com/RMerl/asuswrt-merlin/wiki/Supported-Devices
Downloads from SourceForge of all supported Asus router types: https://sourceforge.net/projects/asuswrt-merlin/files/
I will cross post this message in other forums that are asking about ASUS routers. Hope this is helpful for folks here.