AC680U and Merlin FW question

[Ford Prefect]

I went with FAT32 since I want my MACOS to be able to read/write to it.

Yes, should be good for disks up to 2TB.
AFAIR extFAT is not supported by the ASUS but NTFS and linux ext3/ext4 is.

I successfully set up on both OpenVPN servers tls-auth. They both have the same static key for tls-auth, I hope that is alright. I set up one OpenVPN server to use TCP on port 443 because I had heard that in situations where you are behind a tough firewall this port isn't blocked. Makes sense if it is the port used for HTTPS to web-sites. And I figured it would be nice to have one UDP and one TCP server. Bad idea?

No,not a bad idea but two servers for the same purpose?
TCP will eat up some peformance but the ASUS has plenty headroom.
When you are in the situation where udp is blocked more often, I'd just keep the server on tcp/443....saves some ressources.

I know you said the WAN should be off but mine is on to handle my ISP modem. I believe that is fine, right?

...most definitely OK
I was refering to other services, like ftp or ssh on WAN side.

I attached a screen just in case I set something up insecure.

For the SSH stuff I set the following:

Telnet: No
SSH: Yes
Allow SSH Port Forwarding: No
SSH port: 22
Allow SSH access from WAN: NO
Allow SSH password: No (i set up a Authentication key with PuttyGen)
Brute force Prot: No

Authentication method: Both (HTTP and HTTPS)
HTTPS Lan: 8443
Enable Web Access from WAN: No

...looks OK.

I saw that you have your option for SSH Port Forwarding set to yes. Should I set mine to that as well?

...only if you want to access other hosts outside of the ASUS (LAN/WLAN) via that session.

Any settings I should be mindful of in setting up FTP?

...just disable the ftp-service for WAN.

 

[taelvin]

Thanks Ford!!

I think this is probably the most secure router I have ever set up lol. And I have learned a lot about security in researching the OpenVPN stuff.

Now I just need to get the USB drive issue dealt with and I can ship it out to my parents. But it looks like something weird is going on with the JFFS partitions (appears there may be multiple), hopefully Merlin will be able to figure out all the code I posted

 

[Ford Prefect]

...no worries, glad that this did work out.
For your issues with mounting the disk, I have no clue....besides trying another disk/stick maybe....so good luck to you with that!

P.S.: once you sorted that out, you should also think about enabling the minidlna daemon on that disk...gives you an alternate access to the media besides a disk-share and maybe your parents own a squeezebox or another dlna-player?

 

[taelvin]

I was looking into turning on the minidlna server. But my parents use all apple products (they aren't tech savvy and enjoy the apple GUI). And the home sound system they are starting to build uses Sonos equipment so basically once they point Sonos to the SMB share folder that has the music it will auto-build a library for them to play from.

But in the future its possible they could get devices that use DLNA. Is there a good resource to check out on correctly setting it up that I could look into in the future that you know of? I can just do a google scavenge if not.

One other question I did have (if you use SMB), do you recommend selecting the "Force as master Browser" option?

As I have said, Thank you again for your guidance in this process! Maybe after I get through my licensing exam I can make a write up for setting up VPN on Merlin ASUS FW utilizing the most recent OpenVPN software. There are a few changes from the older guides that are up that kind of took me a few hours to overcome and future peeps could probably avoid the time sink.