Welcome to the new FlexRadio Community! Please review the new Community Rules and other important new Community information on the Message Board.
If you are having a problem, please refer to the product documentation or check the Help Center for known solutions.
Need technical support from FlexRadio? It's as simple as Creating a HelpDesk ticket.

OpenVPN with Asus RT-N66U router

2»

Comments

  • SteveM
    SteveM Member
    edited December 2015

    John,

    That is the problem with this setup. If there is packet loss(and there most assuredly will be depending on where your remote connection is located), then retransmission occurs based on normal TCP scheduling. The problem is that TCP is not meant to be a reliable real-time data transport. For sure it is reliable, just not real-time.

    Since the radio is the data sender (for the most part) tuning the TCP-stack would require access to parameters on that end of the connection. I doubt there is a TCP setting on the client that would help, but you could try playing around with them if you have spare time.

    The real solution is what Flex will provide with the remote-WAN in v2.0. Real-time data streams are normally outfitted with an additional data component to provide Forward Error Correction (FEC). This is how reliable data transport over UDP is built into IPTV video streams (google SMTE 2022, Part 1). Pairing this with some type of fast-resend mechanism (helpful only for low-latency links) will give you a much better transport layer for real-time streaming than straight TCP. I suspect this will be the selling point for Flex's solution to remote-WAN.

  • Ken - NM9P
    Ken - NM9P Member ✭✭✭
    edited June 2020
    While I can't use OpenVPN with my iPad, it seems to work OK with my laptop in the office.  The biggest problem I have is that my UVerse uplink speed at the house is only about 756K which seems to be barely enough to carry the load from the Flex 6500.  I get periodic bouts of receive audio breakups.  

    I have tried using the PPTP mode of the ASUS RT-N66U router and it seems to be a little bit faster, but also has the potential security issue.

    Question...When running OpenVPN, what is the difference between running in TCP mode and UDP Mode?  I have only experimented with TCP mode so far,

    This is a learning experience for me.  Fun, and frustrating at the same time.  Bit I enjoy this nerdy stuff...if I have the time to play.  This being Advent/Christmas season, I don't!

    I have played a little with SoftEther.net as Howard suggested, but the speeds were a bit slower than using PPTP on my new router.  I also was looking for an option that did not require my Shack computer to be in the loop.  I may return to it later,

    Here's looking forward to the eventual release of V.2.0!  Though my guess is that it will probably require using a DDNS and router port-forwarding as well.  So we all better brush up on our various router's manuals!

    Ken - NM9P
  • SteveM
    SteveM Member
    edited December 2015

    "Question...When running OpenVPN, what is the difference between running in TCP mode and UDP Mode?"


    Ken, check this out:

    https://torguard.net/blog/openvpn-service-udp-vs-tcp-which-is-better/

    Since you have somewhat limited bandwidth, you might try giving UDP a whirl. I'm not sure how resilient SSDR is to lost data, which is what will happen when using UDP. But a missing audio packet here or there might be much less noticeable using UDP. That's because when TCP detects a lost packet, it's possible that the data flow into SSDR halts while waiting for the missing packet to arrive.

  • KY6LA_Howard
    KY6LA_Howard Member ✭✭✭
    edited June 2020
    I STRONGLY recommend using SOFTETHER rather than continually screwing around with these issue on you ASUS routerS SOFTETHER IS FREE SOFTETHER NEEDS NO HARDWARE SOFTETHER CAN BE DIWNLOADED AND SETUP IN LESS THAN 10 MINUTES SOFTETHER HAS ONLINE TUTORIALS SOFTETHER SUPPORTS L2TP FOR IPADS In the time it has taken you to write up the bugs, let alone try to fix the ASUS bugs upon would easily have had SOFTETHER working.
  • SteveM
    SteveM Member
    edited December 2015

    John,

    I've finally noticed the original configuration window above is set for UDP. If that is how you have the router configured, try switching it to TCP and if it is not too much trouble, reply back with an update on whether TCP performs better/worse than UDP. I would try it myself, but I do not experience enough packet loss to perform a good test. Try to determine if there is any detectible increased latency between RX and TX on the TCP connection. Thanks.

  • SteveM
    SteveM Member
    edited December 2015

    Howard,

    Respectfully, if you and Ernest don't like the subject being discussed here, then please "Unfollow" it. This thread is about setting up a VPN with an ASUS router and pertinent subjects, not one about SoftEther. Go start a thread about SoftEther if it pleases you - I promise I will "Unfollow" it. It's demoralizing when one person is trying to help another and then someone else starts stomping around with their caps-locked.

    Thankyou.

  • Ken - NM9P
    Ken - NM9P Member ✭✭✭
    edited December 2016
    Please relax.  I believe Howard's comments were directed at me and I took no offense at them.  I consider him a friend, but we have different tolerances for this level of techno-frustration.  I see it as a challenge/learning opportunity.  Howard, as an engineer, just wants to get things DONE as easily and safely as possible.

    I am making progress.  I have gotten it working now.

    I have used it with the iPad in PPTP mode.

    I have used it with my laptop in OpenVPN TAP modes (Both TCP and UDP modes). 
    I get better throughput in UDP mode, but it loses connection every once in a while, if I am doing other things on the internet.

    You cannot use it in both PPTP or OpenVPN modes at the same time.  
    So, if I want to switch between the laptop and the iPad (which won't do TAP mode on OpenVPN) , I need to go in and change the VPN mode from OpenVPN to PPTP and back.  It is frustrating, but I don't need the shack computer turned on to do it.  However I still need to use the iPad via Parallels Access if I want to use the logbook or access my PST-Rotator program to turn the antenna.  When I do this the throughput slows down.

    My house UVerse Internet has 3 Mb download speed, but only 764K Upload speed. This is barely adequate for full remote with either the iPad with K6TU's app, or the laptop with SSDR.  I need to upgrade to the next level of service, but that is expensive - at least another $15/month.

    Now that I have learned what I need to and gotten it "running" I will take another look at SoftEther and learn more about that.  I got it running, but the throughput was not as good as what I am getting with OpenVPN in UDP mode.

    I will report back when I have success, so that others can learn from my experience.

    Ken - NM9P

  • Ken - NM9P
    Ken - NM9P Member ✭✭✭
    edited June 2020
    UPDATE:
    The main problem was with ATT Uverse's "wonderful" (sarcasm) Motorola NVG-510 modem/router.

    In order to get this fantastic piece of consumer engineering working with an external VPN router, you need to do several things.

    BEFORE YOU ATTACH THE EXTERNAL ROUTER....

    1) Connect directly to the NVG-510 and sign in to it's control page (using the URL and Password you have previously set up) and change the following things.

    2) Turn Wireless OFF

    3) Go to the tab:  Home Network> Subnets & DHCP and give the NVG-510 a new IP address that will be on a DIFFERENT subnet than your external router.  (i.e. 192.168.X.254   where X is the subnet you wish to use for the subnet.  it can be anything from 2-254.  pick something you will remember and WRITE IT DOWN.)

    4) while on the same page, set the DHCPv4 start address and end address to a number in the same subnet, but DIFFERENT from the "unit number" given to the NVG-510.  for example, if you gave the NVG-510 the address 192.168.3.254  then set the Start And End address BOTH to 192.168.3.250)  you only are making room for ONE assignment for the DHCP, because it will be assigning it to the new external router.

    Once you hit "SAVE" you will probably lose the connection to the NVG-510.  If so, you will need to let it temporarily give your computer the new IP address intended for the external router so that you can set up a few other things.

    Once you have access to the NVG-510 again, you will need to make a few other changes...

    5) Go to the Firewall>Packet Filter tab and turn all filters OFF.  Hit "SAVE"
    6) Go to the Firewall>NAT/Gaming tab and clear all of those and SAVE (Your new external router will handle these functions)
    7) Go to the Firewall>IP Passthrough tab and set "Allocation Mode" to PASSTHROUGH.  
         Also, set "Passthrough Mode" to DHCPS-dynamic.  Assign a larger value to the Passthrough DHCP Lease time.  (I gave it about 7 days)  Hit "SAVE"

    You will either lose control of the NVG-510 at this time, or it will ask if you want to "reset" or "Reboot" it.  Hit Reboot, and close your browser.

    8) Physically disconnect from the NVG-510.

    NOW PROGRAM THE NEW EXTERNAL ROUTER....in this case my ASUS RT-N66U  
    BEFORE YOU CONNECT THE NEW ROUTER TO THE NVG-510

    1) Physically connect to the new router.

    2) Allow it to assign you a new IP address, and log in to it using the default IP address or the one you have previously assigned to it.  

    3) Go to the Advanced Settings>WAN tab and set the following values:
    WAN Connection Type = Automatic IP
        (This has the new router get it's WAN IP address from the NVG-510)
    Enable WAN = YES
    Enable NAT = YES
    Enable UPnP = YES
    Connect to DNS Server Automatically = YES
    Account Settings: Authentication = None
    Hit "APPLY"  and wait until it is finished.

    4) Go to the WAN> NAT Passthrough tab and enable all the passthroughs but the PPPoE Relay .
    Hit "APPLY"

    5) Go to the Advanced Settings>LAN>LAN IP tab and make sure that the IP of the new router is on a different subnet than the NVG-510.  (If you skip this step you will have a lot of grief)  for example, if you used 192.168.3.254 for the NVG-510  then use 192.168.5.(any number)  the 3 and the 5 in the third position are what define the different subnets.)  write the new subnet down.  It it is already on a different subnet, then you don't need to change this.
    Hit "APPLY"

    6) Setup of the tabs for Advanced Settings>LAN>DHCP server and other tabs are up to you.  If you want the new router to assign IP addresses to your various computers and devices, then turn this function ON and set a range of addresses consistent with the same subnet as the LAN of the router.  be sure to hit "APPLY"

    7) Setup your wireless and other functions as you see fit.

    When you are finished, hit the "REBOOT" tab at the top of the page and let the router reboot.

    NOW CONNECT THE NVG-510 to the WAN input port on the new router and power reset the NVG-510.  

    Physically connect to our new Router and log in to it.

    Go to the General>Network Map tab and check to see if you get a "Network Connected" Message.
    Check to see that the NVG-510 has assigned a WAN IP address to the new router that is NOT in the Private IP subnets...i.e. NOT 192.168.****.****.  Mine starts with 104.55.****.****.

    The internet status should reflect that the DDNS has been set to your DDNS account url.

    You should have internet service now.  If not, then you need to reboot the new router again to make sure it has connected.  

    You might need to go to the DDNS setup tab and confirm that it is connecting, once you have internet service.

    If you still don't have internet service, you might need to log in to the NVG-510 again and restart the modem.  it took a couple of times for this to work for me the first time.

    ONCE YOU HAVE INTERNET ACCESS, then you can go back in to the new router and set up your VPN.....Either PPTP mode or OpenVPN mode.

    Others have covered this above so I won't go into a lot of detail:
    .  
    I am getting best throughput on my laptop using OpenVPN mode in TAP and UDP mode.
    If you want to use an iPad, then you can only use PPTP mode.  You must set up VPN user account and Password.  Also, if you are using OpenVPN, then you will need to Export the client setup up file (Client.ovpn) and import it to your remote computer's /program Files/OpenVPN/Config directory.  You can have separate config files for different OpenVPN modes - for example, I have one named "client-TCP.ovpn"  for use when using TCP mode, and another one named "client-UPD.ovpn" for use in UDP mode.  These files contain your security certificate and code key for security.  (NOTE:  you must download the OpenVPN CLient utility to your remote computer or iPad in order to use OpenVPN mode.)

    For use with an iPad and K6TU's program, set up the PPTP page, using both general and advanced setup tabs to enter security information, vpn user names and passwords.
    There is no client setup file or certificate to export in this mode.  

    If you have one of ATT's lovely NVG-510's I hope this helps you get your external router running with VPN.  Good luck.  If you still can't get it going, you might want to follow Howard's advice and try SoftEther.net.

    Ken - NM9P
  • Ken - NM9P
    Ken - NM9P Member ✭✭✭
    edited December 2016
    UPDATE - August 9, 2016:  

    8 months ago (see post right above) I reported that with the ASUS Router I was not able to use BOTH PPTP and OpenVPN at the same time, requiring me to go to the router's setup page and change modes whenever I wished to change which device I was using....

    Either my tests were flawed, or a subsequent firmware update has changed things.

    I am now able to set up and use BOTH the PPTP tab and the OpenVPN tab.  
    Once "I apply" the configuration and reboot the router, It doesn't matter which style of connection I want.  I can connect with the iPad using the PPTP server, disconnect from the VPN, and then reconnect with my laptop and use the OpenVPN server on the router.  

    I can even connect to the router with the laptop via OpenVPN and with the iPad/iPhone using the PPTP server AT THE SAME TIME.  Then I can connect to my Flex-6500 with one device, and then use the other to boot the first one off and connect.  I just did this back and forth about six times to make sure it was stable.  Nice!

    Sometimes, however, when one VPN loses a connection due to poor WiFi or cell phone connection or RF messing with the router, modem, or switch, something gets jammed up and I need to turn the rig off and back on again to get it "unstuck."  Thankfully, this is easy to do with my NEO WiFi power switch and a relay connected to the "remote" port of the rig.  

    So....Now I don't need to decide in advance whether I will be using the iPad and SSDR for IOS, or my Windows desktop/Laptop and SSDR for Windows.

    Ken - NM9P
  • spopiela
    spopiela Member ✭✭
    edited December 2016
    Ken, Nice going! I'm going to try both modes on my Netgear R7000 router. I've been using OpenVPN with my laptop. Time to try a PPTP server mode with my IPAD and the new IPAD app. Stan N1THL
  • Rob K1SR
    Rob K1SR Member
    edited August 2016
    Ken, I own the Asus RT AC87R. I have been trying to set the VPN PPTP up and having no luck at all. I was hoping to contact you to walk through my settings and to understand exactly what a few fields mean. Also, I was hoping to ask you about a couple of questions with regard to my iPad Pro. I know I'm close but need a little help. My email is K1SR@comcast.net. I would love to give you a call if that is possible. Thanks Rob
  • Ken - NM9P
    Ken - NM9P Member ✭✭✭
    edited December 2016
    Rob, 

    Here are some settings I am using on my ASUS RT-AC66U for VPN.

    These settings are for PPTP Setup, which is the easiest to get going.
    I will send another set with OpenVPN instructions when I can.

    1) Most home users have a changeable IP provided by their internet provider's DHCP.
    If so, you will need to activate DDNS in order to provide the router with a stable IP address provided by an intermediary service.  In this case ASUS:

    On the "Advanced Settings > WAN > DDNS" tab, 

    Inline image
    Enter a DDNS name in the Host name slot - you can use your call or something else. ASUS will set up a DDNS name at (NAME).asuscomm.com which will be the URL you will use to access your VPN Network.

    I don't remember whether or not I needed to log into ASUS.com or ASUSCOMM.COM in order to confirm my DDNS address.  Follow the instructions on the router's GUI. They are pretty good.

    [If you a Static WAN IP address from your internet provider, skip the above step.  
    But make sure that the "Enable the DDNS CLient" is turned OFF.]



    2) Then....in the Advanced Settings > VPN > VPN Server Page...
    Select the PPTP button. 
    Turn Enable VPN Server switch to ON.
    Select VPN Details = Advanced Settings.
    Then set things the way I have in the Picture below, except for CLient IP Address.  Use your own numbers ..... The IP Subnet will be DIFFERENT from your regular router...
    My router is 192.168.5.****
    So I am using as Client IP Address 192.168.10.****  this is to keep the VPN separate from the other users on your home router network.  
    It asks for a starting and ending ip assignment, which will determine how many users you can have logged in at the same time.
    (They will be ported to your home network with other numbers on your home subnet.)


    Inline image


    3) Then go to the Select VPN Details and pull down "General" 
    I am not sure I need Network Place SAMBA Support turned ON, but It works this way...
    Then you need to assign yourself a VPN Username and Password.
    I clipped mine off of the picture, but you get the idea.  


    Enter the Username and a STRONG password.  
    Hit Apply (Assumed after every page is changed.)  Sometimes you will need to wait until the router updates.  You may even need to log in again.


    Inline image



    4) Reboot the router.  
    Try to connect with your laptop or iPad's VPN client.
    If you get a connection, the 6000 should appear when you begin SSDR or K6TU Remote.  It may take a couple of minutes to show up the first time you have connected via the VPN.


    I hope this helps.  Let me know If I forgot something.  remember, it has been several months since I did this.  There may be a step that I forgot....

    Good Luck,


    Ken - NM9P


  • John WA7UAR
    John WA7UAR Member ✭✭✭
    edited February 2020
    Looping back as of January 24, 2018:

    I found recently that there is a 3rd party that provides ASUS firmware updates -- they credit support from ASUS. So while not "official" ASUS firmware this third party provides bug fixes and certain enhancements not immediately provided by the corporate company. I found this quote:
    The goal of this project is to fix issues and bring some minor functionality adjustments to the original Asus firmware. 
    It's an interesting relationship and I thought I would try and document it here.

    Home page of Asuswrt-Merlin: https://asuswrt.lostrealm.ca

    About Asuswrt-Merlin: https://asuswrt.lostrealm.ca/about

    Features of Asuswrt-Merlin: https://asuswrt.lostrealm.ca/features

    Wiki Documentation: https://github.com/RMerl/asuswrt-merlin/wiki

    Supported ASUS routers: https://github.com/RMerl/asuswrt-merlin/wiki/Supported-Devices

    Downloads from SourceForge of all supported Asus router types: https://sourceforge.net/projects/asuswrt-merlin/files/

    I will cross post this message in other forums that are asking about ASUS routers. Hope this is helpful for folks here.

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.