OpenVPN with Asus RT-N66U router

  • 3
  • Idea
  • Updated 8 months ago
  • (Edited)

Chris Tate has provided other thread(s) covering setup of a VPN using the PPTP protocol. I tried that method but it turns out that some of the protocol packets (specifically, GRE) are blocked by the firewall at my workplace. The N66 router also supports OpenVPN, so I gave it a whirl and it turned out to be a simple 10 minute setup. I took a couple of screenshots if you would like to recreate this tunnel into your shack (note that I am running the latest router firmware as of this posting).


Step 1 - Advanced Settings

  1. Select VPN tab (left side)
  2. Select OpenVPN
  3. Select VPN Server tab
  4. Enable the server
  5. Select VPN Details - Advanced Settings
  6. Fill out the form settings as shown (or modified to your preference)


Step 2 - General Settings

  1. Select VPN Details - General
  2. Add your user-name/password
  3. Click Apply
  4. You will be prompted to save the .ovpn file (e.g., Desktop\MyShack.ovpn). Use the Export button to force an upload of the .ovpn file in case you apply subsequent changes and desire an updated .ovpn file. The Export button can also be used to obtain the file on different remote machines.


Step 3 - Installing OpenVPN on remote machine

  1. Install OpenVPN
  2. Move the .ovpn file to the OpenVPN config directory (e.g., c:\Program Files\OpenVPN\config; this requires Admin privy)
  3. Start OpenVPN (you will be prompted for user-name/password)
  4. Fire-up SSDR v1.4.3
  5. Time to play - hopefully ;-)


Note: You can perform all of these instructions from the remote machine if you have remote access enabled on the router (Administration -> System -> Enable Web Access from WAN: Yes).

Photo of SteveM

SteveM

  • 253 Posts
  • 40 Reply Likes

Posted 3 years ago

  • 3
Photo of spopiela

spopiela

  • 81 Posts
  • 10 Reply Likes
Steve,
Just getting into remote operation with my 6300. I have it working within the LAN on all my computers and IPAD (using Splashtop streamer) . It has been great. Going outside the LAN to the big WAN and more security risks has me asking a the question about the necessity of VPN. Why? What does it do for me regarding a Ham radio? It seems like it might slow things down between the radio and the controlling application on the WAN. If it does, why do it? HAM radio has no implied confidentiality. Thanks for your great tutorial on the VPN setup. I have a Netgear router with OpenVPN support and could try it.
Photo of Jim Jerzycke

Jim Jerzycke

  • 93 Posts
  • 19 Reply Likes
It's more to prevent an unauthorized person grabbing control of the radio, -OR- getting into whatever network you're connecting to the radio from.

There's a LOT more to remote control operation than just "no implied confidentiality".

73, Jim
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3541 Posts
  • 1396 Reply Likes
Jim and Steve

The issue is NOT confidentiality but rather the fact that SSDR 1.4.x requires both the Remote and the Local computers to be on the same LAN Subnet.   When operating WAN, the only way to achieve that is via VPN acting as a Bridge
(Edited)
Photo of spopiela

spopiela

  • 81 Posts
  • 10 Reply Likes
Howard,
I wish i didn't have to keep the LAN computer on when I'm on the WAN.. AArgh! Can't just run the SSDR software remote... too slow.. Just shows how little I know about networks. I guess I still need to use a desktop app like Splashtop . This blog is awesome for a new Flexie user. Thanks guys.
73's
Stan
N1THL
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3541 Posts
  • 1396 Reply Likes
Steve.

You can find my remote ipad tutorial at

https://community.flexradio.com/flexr...
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 3970 Posts
  • 1225 Reply Likes
I have followed these instructions on getting OpenVPN running on my new ASUS AC1750 router.
It will connect from my iPad when i am on my own WiFi network, but when I am at the office, it won't connect.  Is there some IP Pass-through, NAT filter, or port that I need to open in the ASUS firewall to make this work? 

I am using my Morotola ATT NVG510 DSL Modem/Router in passthrough mode (As much as it can be configured for this)  and feeding it into the new ASUS router.

I am baffled.

Ken - NM9P
Photo of SteveM

SteveM

  • 253 Posts
  • 40 Reply Likes

The following illustration shows the most secure configuration for the PPTP protocol. Unfortunately, the PPTP protocol as a whole is now generally considered insecure (both the MS-CHAPv2 handshake and the underlying RC4 bulk-cipher have well-known attack modes):


(Edited)
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 3970 Posts
  • 1225 Reply Likes
Thanks. But now I have run into another snag....
Once I have logged into my VPN using either my iPhone or iPad, if I close the VPN connection and try to begi a VPN session from a different location (different WiFi router) then it rejects my connection and asks for my user me and password again. If I enter the exact same username and password it still will not let me connect.

If I reboot my VPN router, then it lets me connect again. But if I change locations, it locks me out again......
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3541 Posts
  • 1396 Reply Likes
Suggest you use SoftEther

It runs L2TP , needs no,special router and has minimal pverhead
Photo of SteveM

SteveM

  • 253 Posts
  • 40 Reply Likes

Ken,

I'm sorry you are having so many issues with this, but hey, I guess you will gain expertise from the experience.

Regarding your latest issue, check out the entry in the AsusWrt-FAQ regarding VPN connection problems: http://www.asus.com/us/support/FAQ/1008714.

It states that the server can support a grand total of one VPN connection (PPTP or OpenVPN) at any given time. So it sounds like you are not actually shutting down the connection from the client when you think you are. I don't think this is a router issue. I think if you were to reboot the client, a reconnect would also succeed. I suggest checking the iOS boards on properly/completely shutting down VPN connections.

Apple... /facepalm/    ;-D

Photo of SteveM

SteveM

  • 253 Posts
  • 40 Reply Likes

Hmm, now I'm not sure I read the Chinglish properly on the Asus-FAQ. The PPTP->Advanced Settings pic I posted above suggests the default configuration for my router will support 10 simultaneous PPTP connections. I think the FAQ meant to say that you cannot operate simultaneous PPTP and OpenVPN connections.

With that said, I suggest you look at the PPTP config page right after your connection attempt is denied. What does the status field for that user indicate?



This seems to suggest you can only have one active connection per user at any given time. So, if you find the status is not idle, then the problem is on the client side (i.e., the client is not shutting-down the connection properly or at-all).

(Edited)
Photo of SteveM

SteveM

  • 253 Posts
  • 40 Reply Likes

Ken,

No, nothing special on the Asus router needs to be configured except the OpenVPN server as explained above. I'm not sure how you have your network setup.

Are you able to ping the Asus router from your workplace? If so, then there is a firewall between the Asus and your workplace that is blocking port 1194.

If the firewall is at the cable modem, then you'll need to port-forward 1194 to the Asus.

If the firewall is at your workplace, well, you'll need to speak to someone else.


Edit:

Have you looked at the Asus system log for info related to your connection attempts?

(Edited)
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 3970 Posts
  • 1225 Reply Likes
I have been trying all manner of connection - ipad, iphone in cellular data, Windows Vista laptop at work, and nothing gets through.  Nothing showing on the ASUS log, either.  (It DOES show in the log when I connect VPN through the WIFI on my own LAN.)

I have tried setting the NVG510 router to do passthrough in two different ways and nothing seems to work.  I have heard that sometimes ATTUverse is blocking certain ports at the central office.  This may be my problem.  I will have to call them and see.
Photo of SteveM

SteveM

  • 253 Posts
  • 40 Reply Likes

Ken,

Have you tried setting the server to use TCP connections? Have you tried to use a port other than 1194 (temporarily try a well known port that is surely unblocked, like TCP 22)? If you make changes to the server, make sure to export a new config-file to the remote machine. Good luck.

(Edited)
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 3970 Posts
  • 1225 Reply Likes
The trouble seems to be that the att uverse Motorola modem/router I seem to be forced to use doesn't have a true bridge setting, so my new ASUS router is receiving a "private" IP address and/or is in a multiple NAT situation, and the AsusWRT program won't work with this....

Frustrating. I will have to call ATT and see if they can help me with a firmware change or a different modem/router that has true bridging. The problem is that their modem also does my phone line....

Yech.....technology....big companies protecting the consumer from himself....
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3541 Posts
  • 1396 Reply Likes
@Ken

I am a cable internet user. We were allowed to purchase our own cable modems as long as they were DOCSIS 3 compliant instead of renting them from the cable company. The benefit was that it was not only much less expensive than renting (payback 10 months) but I could choose a modem that had characteristics I needed.

I did a quick search of Amazon for DSL Modems and found a lot of them

Suggest you check AT&T to see if you can bring your own. Likely save you money too.
Photo of Walt - KZ1F

Walt - KZ1F

  • 3040 Posts
  • 643 Reply Likes
Comcast allowed that as well.
Photo of John-K3MA

John-K3MA

  • 102 Posts
  • 29 Reply Likes
With this setup on my Asus RT-N66U I am getting packet loss.  If less than 1% it does not effect operation but sometime it is 1-2% which cause multiple audio drop outs per second.  Is anyone else having the same issue/have a correction?  Internet connection on both ends is 30+ Down and 3+ Up.  Have tried disabling encryption but not much improvement.  Monitoring system performance (CPU, Network, Disks and Memory on both ends does not seem to show any issues.
Photo of SteveM

SteveM

  • 237 Posts
  • 39 Reply Likes

John,

That is the problem with this setup. If there is packet loss(and there most assuredly will be depending on where your remote connection is located), then retransmission occurs based on normal TCP scheduling. The problem is that TCP is not meant to be a reliable real-time data transport. For sure it is reliable, just not real-time.

Since the radio is the data sender (for the most part) tuning the TCP-stack would require access to parameters on that end of the connection. I doubt there is a TCP setting on the client that would help, but you could try playing around with them if you have spare time.

The real solution is what Flex will provide with the remote-WAN in v2.0. Real-time data streams are normally outfitted with an additional data component to provide Forward Error Correction (FEC). This is how reliable data transport over UDP is built into IPTV video streams (google SMTE 2022, Part 1). Pairing this with some type of fast-resend mechanism (helpful only for low-latency links) will give you a much better transport layer for real-time streaming than straight TCP. I suspect this will be the selling point for Flex's solution to remote-WAN.

(Edited)
Photo of SteveM

SteveM

  • 237 Posts
  • 39 Reply Likes

John,

I've finally noticed the original configuration window above is set for UDP. If that is how you have the router configured, try switching it to TCP and if it is not too much trouble, reply back with an update on whether TCP performs better/worse than UDP. I would try it myself, but I do not experience enough packet loss to perform a good test. Try to determine if there is any detectible increased latency between RX and TX on the TCP connection. Thanks.

(Edited)
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 3970 Posts
  • 1225 Reply Likes
While I can't use OpenVPN with my iPad, it seems to work OK with my laptop in the office.  The biggest problem I have is that my UVerse uplink speed at the house is only about 756K which seems to be barely enough to carry the load from the Flex 6500.  I get periodic bouts of receive audio breakups.  

I have tried using the PPTP mode of the ASUS RT-N66U router and it seems to be a little bit faster, but also has the potential security issue.

Question...When running OpenVPN, what is the difference between running in TCP mode and UDP Mode?  I have only experimented with TCP mode so far,

This is a learning experience for me.  Fun, and frustrating at the same time.  Bit I enjoy this nerdy stuff...if I have the time to play.  This being Advent/Christmas season, I don't!

I have played a little with SoftEther.net as Howard suggested, but the speeds were a bit slower than using PPTP on my new router.  I also was looking for an option that did not require my Shack computer to be in the loop.  I may return to it later,

Here's looking forward to the eventual release of V.2.0!  Though my guess is that it will probably require using a DDNS and router port-forwarding as well.  So we all better brush up on our various router's manuals!

Ken - NM9P
Photo of SteveM

SteveM

  • 253 Posts
  • 40 Reply Likes

"Question...When running OpenVPN, what is the difference between running in TCP mode and UDP Mode?"


Ken, check this out:

https://torguard.net/blog/openvpn-service-udp-vs-tcp-which-is-better/

Since you have somewhat limited bandwidth, you might try giving UDP a whirl. I'm not sure how resilient SSDR is to lost data, which is what will happen when using UDP. But a missing audio packet here or there might be much less noticeable using UDP. That's because when TCP detects a lost packet, it's possible that the data flow into SSDR halts while waiting for the missing packet to arrive.

(Edited)
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3541 Posts
  • 1396 Reply Likes
I STRONGLY recommend using SOFTETHER rather than continually screwing around with these issue on you ASUS routerS

SOFTETHER IS FREE
SOFTETHER NEEDS NO HARDWARE
SOFTETHER CAN BE DIWNLOADED AND SETUP IN LESS THAN 10 MINUTES
SOFTETHER HAS ONLINE TUTORIALS
SOFTETHER SUPPORTS L2TP FOR IPADS

In the time it has taken you to write up the bugs, let alone try to fix the ASUS bugs upon would easily have had SOFTETHER working.
Photo of SteveM

SteveM

  • 251 Posts
  • 40 Reply Likes

Howard,

Respectfully, if you and Ernest don't like the subject being discussed here, then please "Unfollow" it. This thread is about setting up a VPN with an ASUS router and pertinent subjects, not one about SoftEther. Go start a thread about SoftEther if it pleases you - I promise I will "Unfollow" it. It's demoralizing when one person is trying to help another and then someone else starts stomping around with their caps-locked.

Thankyou.

Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 3969 Posts
  • 1222 Reply Likes
Please relax.  I believe Howard's comments were directed at me and I took no offense at them.  I consider him a friend, but we have different tolerances for this level of techno-frustration.  I see it as a challenge/learning opportunity.  Howard, as an engineer, just wants to get things DONE as easily and safely as possible.

I am making progress.  I have gotten it working now.

I have used it with the iPad in PPTP mode.

I have used it with my laptop in OpenVPN TAP modes (Both TCP and UDP modes). 
I get better throughput in UDP mode, but it loses connection every once in a while, if I am doing other things on the internet.

You cannot use it in both PPTP or OpenVPN modes at the same time.  
So, if I want to switch between the laptop and the iPad (which won't do TAP mode on OpenVPN) , I need to go in and change the VPN mode from OpenVPN to PPTP and back.  It is frustrating, but I don't need the shack computer turned on to do it.  However I still need to use the iPad via Parallels Access if I want to use the logbook or access my PST-Rotator program to turn the antenna.  When I do this the throughput slows down.

My house UVerse Internet has 3 Mb download speed, but only 764K Upload speed. This is barely adequate for full remote with either the iPad with K6TU's app, or the laptop with SSDR.  I need to upgrade to the next level of service, but that is expensive - at least another $15/month.

Now that I have learned what I need to and gotten it "running" I will take another look at SoftEther and learn more about that.  I got it running, but the throughput was not as good as what I am getting with OpenVPN in UDP mode.

I will report back when I have success, so that others can learn from my experience.

Ken - NM9P
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 3969 Posts
  • 1222 Reply Likes
UPDATE - August 9, 2016:  

8 months ago (see post right above) I reported that with the ASUS Router I was not able to use BOTH PPTP and OpenVPN at the same time, requiring me to go to the router's setup page and change modes whenever I wished to change which device I was using....

Either my tests were flawed, or a subsequent firmware update has changed things.

I am now able to set up and use BOTH the PPTP tab and the OpenVPN tab.  
Once "I apply" the configuration and reboot the router, It doesn't matter which style of connection I want.  I can connect with the iPad using the PPTP server, disconnect from the VPN, and then reconnect with my laptop and use the OpenVPN server on the router.  

I can even connect to the router with the laptop via OpenVPN and with the iPad/iPhone using the PPTP server AT THE SAME TIME.  Then I can connect to my Flex-6500 with one device, and then use the other to boot the first one off and connect.  I just did this back and forth about six times to make sure it was stable.  Nice!

Sometimes, however, when one VPN loses a connection due to poor WiFi or cell phone connection or RF messing with the router, modem, or switch, something gets jammed up and I need to turn the rig off and back on again to get it "unstuck."  Thankfully, this is easy to do with my NEO WiFi power switch and a relay connected to the "remote" port of the rig.  

So....Now I don't need to decide in advance whether I will be using the iPad and SSDR for IOS, or my Windows desktop/Laptop and SSDR for Windows.

Ken - NM9P
Photo of spopiela

spopiela

  • 81 Posts
  • 10 Reply Likes
Ken, Nice going! I'm going to try both modes on my Netgear R7000 router. I've been using OpenVPN with my laptop. Time to try a PPTP server mode with my IPAD and the new IPAD app.
Stan N1THL
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 3970 Posts
  • 1225 Reply Likes
UPDATE:
The main problem was with ATT Uverse's "wonderful" (sarcasm) Motorola NVG-510 modem/router.

In order to get this fantastic piece of consumer engineering working with an external VPN router, you need to do several things.

BEFORE YOU ATTACH THE EXTERNAL ROUTER....

1) Connect directly to the NVG-510 and sign in to it's control page (using the URL and Password you have previously set up) and change the following things.

2) Turn Wireless OFF

3) Go to the tab:  Home Network> Subnets & DHCP and give the NVG-510 a new IP address that will be on a DIFFERENT subnet than your external router.  (i.e. 192.168.X.254   where X is the subnet you wish to use for the subnet.  it can be anything from 2-254.  pick something you will remember and WRITE IT DOWN.)

4) while on the same page, set the DHCPv4 start address and end address to a number in the same subnet, but DIFFERENT from the "unit number" given to the NVG-510.  for example, if you gave the NVG-510 the address 192.168.3.254  then set the Start And End address BOTH to 192.168.3.250)  you only are making room for ONE assignment for the DHCP, because it will be assigning it to the new external router.

Once you hit "SAVE" you will probably lose the connection to the NVG-510.  If so, you will need to let it temporarily give your computer the new IP address intended for the external router so that you can set up a few other things.

Once you have access to the NVG-510 again, you will need to make a few other changes...

5) Go to the Firewall>Packet Filter tab and turn all filters OFF.  Hit "SAVE"
6) Go to the Firewall>NAT/Gaming tab and clear all of those and SAVE (Your new external router will handle these functions)
7) Go to the Firewall>IP Passthrough tab and set "Allocation Mode" to PASSTHROUGH.  
     Also, set "Passthrough Mode" to DHCPS-dynamic.  Assign a larger value to the Passthrough DHCP Lease time.  (I gave it about 7 days)  Hit "SAVE"

You will either lose control of the NVG-510 at this time, or it will ask if you want to "reset" or "Reboot" it.  Hit Reboot, and close your browser.

8) Physically disconnect from the NVG-510.

NOW PROGRAM THE NEW EXTERNAL ROUTER....in this case my ASUS RT-N66U  
BEFORE YOU CONNECT THE NEW ROUTER TO THE NVG-510

1) Physically connect to the new router.

2) Allow it to assign you a new IP address, and log in to it using the default IP address or the one you have previously assigned to it.  

3) Go to the Advanced Settings>WAN tab and set the following values:
WAN Connection Type = Automatic IP
    (This has the new router get it's WAN IP address from the NVG-510)
Enable WAN = YES
Enable NAT = YES
Enable UPnP = YES
Connect to DNS Server Automatically = YES
Account Settings: Authentication = None
Hit "APPLY"  and wait until it is finished.

4) Go to the WAN> NAT Passthrough tab and enable all the passthroughs but the PPPoE Relay .
Hit "APPLY"

5) Go to the Advanced Settings>LAN>LAN IP tab and make sure that the IP of the new router is on a different subnet than the NVG-510.  (If you skip this step you will have a lot of grief)  for example, if you used 192.168.3.254 for the NVG-510  then use 192.168.5.(any number)  the 3 and the 5 in the third position are what define the different subnets.)  write the new subnet down.  It it is already on a different subnet, then you don't need to change this.
Hit "APPLY"

6) Setup of the tabs for Advanced Settings>LAN>DHCP server and other tabs are up to you.  If you want the new router to assign IP addresses to your various computers and devices, then turn this function ON and set a range of addresses consistent with the same subnet as the LAN of the router.  be sure to hit "APPLY"

7) Setup your wireless and other functions as you see fit.

When you are finished, hit the "REBOOT" tab at the top of the page and let the router reboot.

NOW CONNECT THE NVG-510 to the WAN input port on the new router and power reset the NVG-510.  

Physically connect to our new Router and log in to it.

Go to the General>Network Map tab and check to see if you get a "Network Connected" Message.
Check to see that the NVG-510 has assigned a WAN IP address to the new router that is NOT in the Private IP subnets...i.e. NOT 192.168.xxx.xxx.  Mine starts with 104.55.xxx.xxx.

The internet status should reflect that the DDNS has been set to your DDNS account url.

You should have internet service now.  If not, then you need to reboot the new router again to make sure it has connected.  

You might need to go to the DDNS setup tab and confirm that it is connecting, once you have internet service.

If you still don't have internet service, you might need to log in to the NVG-510 again and restart the modem.  it took a couple of times for this to work for me the first time.

ONCE YOU HAVE INTERNET ACCESS, then you can go back in to the new router and set up your VPN.....Either PPTP mode or OpenVPN mode.

Others have covered this above so I won't go into a lot of detail:
.  
I am getting best throughput on my laptop using OpenVPN mode in TAP and UDP mode.
If you want to use an iPad, then you can only use PPTP mode.  You must set up VPN user account and Password.  Also, if you are using OpenVPN, then you will need to Export the client setup up file (Client.ovpn) and import it to your remote computer's /program Files/OpenVPN/Config directory.  You can have separate config files for different OpenVPN modes - for example, I have one named "client-TCP.ovpn"  for use when using TCP mode, and another one named "client-UPD.ovpn" for use in UDP mode.  These files contain your security certificate and code key for security.  (NOTE:  you must download the OpenVPN CLient utility to your remote computer or iPad in order to use OpenVPN mode.)

For use with an iPad and K6TU's program, set up the PPTP page, using both general and advanced setup tabs to enter security information, vpn user names and passwords.
There is no client setup file or certificate to export in this mode.  

If you have one of ATT's lovely NVG-510's I hope this helps you get your external router running with VPN.  Good luck.  If you still can't get it going, you might want to follow Howard's advice and try SoftEther.net.

Ken - NM9P
Photo of Rob Ravlin

Rob Ravlin

  • 6 Posts
  • 0 Reply Likes
Ken, I own the Asus RT AC87R. I have been trying to set the VPN PPTP up and having no luck at all. I was hoping to contact you to walk through my settings and to understand exactly what a few fields mean. Also, I was hoping to ask you about a couple of questions with regard to my iPad Pro. I know I'm close but need a little help. My email is K1SR@comcast.net. I would love to give you a call if that is possible.
Thanks Rob
Photo of Ken - NM9P

Ken - NM9P, Elmer

  • 3970 Posts
  • 1225 Reply Likes
Rob, 

Here are some settings I am using on my ASUS RT-AC66U for VPN.

These settings are for PPTP Setup, which is the easiest to get going.
I will send another set with OpenVPN instructions when I can.

1) Most home users have a changeable IP provided by their internet provider's DHCP.
If so, you will need to activate DDNS in order to provide the router with a stable IP address provided by an intermediary service.  In this case ASUS:

On the "Advanced Settings > WAN > DDNS" tab, 

Inline image
Enter a DDNS name in the Host name slot - you can use your call or something else. ASUS will set up a DDNS name at (NAME).asuscomm.com which will be the URL you will use to access your VPN Network.

I don't remember whether or not I needed to log into ASUS.com or ASUSCOMM.COM in order to confirm my DDNS address.  Follow the instructions on the router's GUI. They are pretty good.

[If you a Static WAN IP address from your internet provider, skip the above step.  
But make sure that the "Enable the DDNS CLient" is turned OFF.]



2) Then....in the Advanced Settings > VPN > VPN Server Page...
Select the PPTP button. 
Turn Enable VPN Server switch to ON.
Select VPN Details = Advanced Settings.
Then set things the way I have in the Picture below, except for CLient IP Address.  Use your own numbers ..... The IP Subnet will be DIFFERENT from your regular router...
My router is 192.168.5.xxx
So I am using as Client IP Address 192.168.10.xxx  this is to keep the VPN separate from the other users on your home router network.  
It asks for a starting and ending ip assignment, which will determine how many users you can have logged in at the same time.
(They will be ported to your home network with other numbers on your home subnet.)


Inline image


3) Then go to the Select VPN Details and pull down "General" 
I am not sure I need Network Place SAMBA Support turned ON, but It works this way...
Then you need to assign yourself a VPN Username and Password.
I clipped mine off of the picture, but you get the idea.  


Enter the Username and a STRONG password.  
Hit Apply (Assumed after every page is changed.)  Sometimes you will need to wait until the router updates.  You may even need to log in again.


Inline image



4) Reboot the router.  
Try to connect with your laptop or iPad's VPN client.
If you get a connection, the 6000 should appear when you begin SSDR or K6TU Remote.  It may take a couple of minutes to show up the first time you have connected via the VPN.


I hope this helps.  Let me know If I forgot something.  remember, it has been several months since I did this.  There may be a step that I forgot....

Good Luck,


Ken - NM9P
Photo of John - WA7UAR

John - WA7UAR

  • 102 Posts
  • 25 Reply Likes
Looping back as of January 24, 2018:

I found recently that there is a 3rd party that provides ASUS firmware updates -- they credit support from ASUS. So while not "official" ASUS firmware this third party provides bug fixes and certain enhancements not immediately provided by the corporate company. I found this quote:
The goal of this project is to fix issues and bring some minor functionality adjustments to the original Asus firmware. 
It's an interesting relationship and I thought I would try and document it here.

Home page of Asuswrt-Merlin: https://asuswrt.lostrealm.ca

About Asuswrt-Merlin: https://asuswrt.lostrealm.ca/about

Features of Asuswrt-Merlin: https://asuswrt.lostrealm.ca/features

Wiki Documentation: https://github.com/RMerl/asuswrt-merlin/wiki

Supported ASUS routers: https://github.com/RMerl/asuswrt-merlin/wiki/Supported-Devices

Downloads from SourceForge of all supported Asus router types: https://sourceforge.net/projects/asuswrt-merlin/files/

I will cross post this message in other forums that are asking about ASUS routers. Hope this is helpful for folks here.