What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Adam Networks - AsusWrt Merlin

B

BadWolfe

Occasional Visitor
I'm confused about "Adam Network" tool. It claims to be built into the ASUS router but I can't find it.
Configuration: AX86U Pro, AsusWRT Merlin Firmware: 3004.388.8_4

Goal: Set up OpenVPN. Instructions say to log into Adam Networks and copy my "Dynamic DNS URL", then inside the client configuration file replace "remote IP address" with the dyndns name.

I created an Adam Network account but cannot find the "Box ID" of my Asus Router. This lead me down a path where they state that ADAM is built into ASUS routers, but I can't find anything about that inside of the Router UI.

Am I headed down the wrong path?
------------------------------------------------------------
Update:
SOLVED:
1. Adam Network instructions were a misleading path. These instructions appear to be for a proprietary product offering where they load thier software on Routers for you.
2. Client configuration file (client1.ovpn) had an incorrect external IP address. The generated file used the DDNS address of the Router which included the "@." characters preceding the DNS address.
Solution: edit the Client configuration file and delete the two preceding characters, "@."
3. Client was unable to use the recommended Security level. Legacy level worked fine though. (OpenVPN client: Settings: Advanced)
Solution: Reset the OpenVPN Server by selecting "Default", enable OpenVPN Server and select "RSA Encryption 2048", generate a new Client configuration file.

Many thanks to everyone that helped figure this out. Special thanks to ColinTaylor for all the work that went into figuring solutions 2 and 3!
 
Last edited:
Never heard of this before, but this is the closest thing I could find. Requires USB installation. What are you reading?
support.adamnet.works

Install adam:ONE (v4+) on Asus Routers via USB storage

ASUS routers can now run adam:ONE® on most of the stable build of Merlin Supported Models, plus a few additional models, specifically this list: RT-AC66U_B1 (same firmware as the RT-AC68U) RT-AC68U (including revisions C1 and E1) RT-AC68P (same firmware as RT-AC68U) RT-AC68UF (same...
support.adamnet.works support.adamnet.works
 
dave14305 said:
Never heard of this before, but this is the closest thing I could find. Requires USB installation. What are you reading?
support.adamnet.works

Install adam:ONE (v4+) on Asus Routers via USB storage

ASUS routers can now run adam:ONE® on most of the stable build of Merlin Supported Models, plus a few additional models, specifically this list: RT-AC66U_B1 (same firmware as the RT-AC68U) RT-AC68U (including revisions C1 and E1) RT-AC68P (same firmware as RT-AC68U) RT-AC68UF (same...
support.adamnet.works support.adamnet.works
Click to expand...
Here are the instructions for setting up OpenVPN on an Asus Router.
support.adamnet.works

ASUS Router OpenVPN Server

Scope of this article OpenVPN has the highest degree of flexibility of VPN server and clients, and is available on all modern platforms. Setting it up can range from easy-as-defaults, to super complicated. In this how-to, we are opting for simplicity and simple setup that relies on a username...
support.adamnet.works support.adamnet.works

Here is where I read that AdamOne comes pre-installed on ASUS routers. (due to your response, I am sure that I am misinterpreting it though).

"adam:ONETM comes pre-installed on ASUS® routers" Source: Page 5 of AdamOne Quick Start Guide

adamONE Quick Start Guide.pdf

drive.google.com drive.google.com

I will look into the USB installation process. Thank you!
Note: I am struggling to get OpenVPN set up and working.
 
Last edited:
BadWolfe said:
Here are the instructions for setting up OpenVPN on an Asus Router.
support.adamnet.works

ASUS Router OpenVPN Server

Scope of this article OpenVPN has the highest degree of flexibility of VPN server and clients, and is available on all modern platforms. Setting it up can range from easy-as-defaults, to super complicated. In this how-to, we are opting for simplicity and simple setup that relies on a username...
support.adamnet.works support.adamnet.works

Here is where I read that AdamOne comes pre-installed on ASUS routers. (due to your response, I am sure that I am misinterpreting it though).

"adam:ONETM comes pre-installed on ASUS® routers" Source: Page 5 of AdamOne Quick Start Guide

adamONE Quick Start Guide.pdf

drive.google.com drive.google.com

I will look into the USB installation process. Thank you!
Note: I am struggling to get OpenVPN set up and working.
Click to expand...
Yeah, this is like what some other companies do. They're saying that if you buy an Asus router from them they will preinstall Merlin's firmware and their software on it for you. So this is their addition and not something that is endorsed by Asus/Merlin or part of the normal Asus/Merlin firmware.

shop.adamnet.works

Products

ADAMnetworks
shop.adamnet.works shop.adamnet.works

So the question is, have you actually purchased some device or service from this company? If so, what exactly?
 
Last edited:
What kind of a shady website is this Adam thing... jeez. Stay away.
 
30-30-30 and forget about it... 🤔

1742514757538.png
 
ColinTaylor said:
Yeah, this is like what some other companies do. They're saying that if you buy an Asus router from them they will preinstall Merlin's firmware and their software on it for you. So this is their addition and not something that is endorsed by Asus/Merlin or part of the normal Asus/Merlin firmware.

shop.adamnet.works

Products

ADAMnetworks
shop.adamnet.works shop.adamnet.works

So the question is, have you actually purchased some device or service from this company? If so, what exactly?
Click to expand...

Thank you for responding.

No, I purchased a stock AX86U Pro and installed Merlin's latest firmware, so I am good there.

I'm just trying to get OpenVPN working and searched for instructions. This ADAM Network was simply from a Post I found.

I have OpenVPN working as a Server, exported and down loaded the client created on the Router, installed it on the client side OpenVPN (on iPhone) will not connect. I know this should be easy but I'm missing something simple.
 
bits said:
Maybe your Asus router is behind cgnat.
Is the wan IP address on the Asus router a private IP address?
Click to expand...
I have DDNS set up using my DNS Host address. I've tried multiple iterations but the client cannot reach my OpenVPN Server.

Looking into the Client config file I see that the IP address displays my DNS server address: xxxxxxx.org
Once it was:
@xxxxxxx.org

After disabling DDNS the exported Client config file was:
172.172.172.172@xxxxxxx.org (IP address and hostname are examples).
This front IP address was the correct current address from my ISP.

Does any of this make sense as to why my Client won't reach home?
 
If your server is behind cgnat your client won't be able to reach it.
Is you wan IP in one of these ranges?
10.x.x.x
172.16.x.x - 172.31.x.x
192.168.x.x
100.64.x.x - 100.127.x.x

If your wan IP is in those ranges you almost certainly are behind cgnat and will need to either contact your provider to have that removed which they may charge for or not allow at all. Or change to a provider that doesn't use cgnat or will allow you to disable it.

Or you could open a server that will respond eg (microsip, qtorrent or something on your router), port forward to its port and then check a site such as canyouseeme.org for that port.
If you get a success you may need to wait a further 5-10 minutes and try again to prove the port remains open.
If the port is not open, you are likely behind cgnat and you will not be able to host something like a VPN server.
 
bits said:
If your server is behind cgnat your client won't be able to reach it.
Is you wan IP in one of these ranges?
10.x.x.x
172.16.x.x - 172.31.x.x
192.168.x.x
100.64.x.x - 100.127.x.x

If your wan IP is in those ranges you almost certainly are behind cgnat and will need to either contact your provider to have that removed which they may charge for or not allow at all. Or change to a provider that doesn't use cgnat or will allow you to disable it.

Or you could open a server that will respond eg (microsip, qtorrent or something on your router), port forward to its port and then check a site such as canyouseeme.org for that port.
If you get a success you may need to wait a further 5-10 minutes and try again to prove the port remains open.
If the port is not open, you are likely behind cgnat and you will not be able to host something like a VPN server.
Click to expand...
Thank you for this information. I was completely lost on what was happening.
 
BadWolfe said:
Thank you for this information. I was completely lost on what was happening.
Click to expand...
Until I changed provider, I had CGNAT on a remote router I need access to.

@bits is absolutely correct, if your provider uses CGNAT (it saves them IP addresses apparently) you can’t get through it without one of a few options. I list two of them below, ones I am familiar with through personal experience.

You can pay for a static IP address or you can do what I did (still do), set up and use Tailscale.

If you already know about tailscale ignore what follows, if not then for this you can either:
  • Set up and configure any device attached to your network and always on, as a subnet router. This device will ‘advertise’ itself outside CGNAT and you can then connect to your LAN, including your router e.g. you can use a Raspberry Pi (my first foray into Tailscale) or if it’s always on, an AppleTV HD or 4K (a very simple option, see pics attached) or literally any other device you can install tailscale on (and there are multiple OS platforms and literally hundreds of Device types to choose from).
  • If you’re on RMerlin FW, set up Tailscale on the Router. A very easy way to do this is to install TAILMON, an amazing Addon from @Viktor Jaep, this is what I now use, as the router is always on and I don’t need a separate device, although I do keep my Apple TV as a backup subnet router, which I can just enable if I need to, although I never have.
 

Attachments

  • IMG_1894.jpeg
    IMG_1894.jpeg
    239.5 KB · Views: 17
  • IMG_1893.jpeg
    IMG_1893.jpeg
    204.8 KB · Views: 19
Last edited:
BadWolfe said:
...
I have OpenVPN working as a Server, exported and down loaded the client created on the Router, installed it on the client side OpenVPN (on iPhone) will not connect. I know this should be easy but I'm missing something simple.
Click to expand...
The root cause of the problem may also be on the OpenVPN client application being used, but since you have not provided details about which client app you have installed/used to connect, and not posted any logs from both the server *and* client sides indicating if any specific error messages are generated, it's impossible to tell what the actual problem is to be able to narrow down the real cause.
 
Martinski said:
The root cause of the problem may also be on the OpenVPN client application being used, but since you have not provided details about which client app you have installed/used to connect, and not posted any logs from both the server *and* client sides indicating if any specific error messages are generated, it's impossible to tell what the actual problem is to be able to narrow down the real cause.
Click to expand...
I have spent the last few days (since being told to investigate CGNAT) trying to understand if my provider is in fact causing this because of CGNAT.

From everything I am reading, my provider (Xfinity) is not the issue. Others seem to be able to use OpenVPN.

Due to my constant experiments, I started having issues with my Router (AX86U Pro).
- I tried turning off my DDNS to see if that would help. It did not help.
- I tried modifying the client config file to have my current home IP address. It did not help.
- I tried creating brand new client config files before and after disabling DDNS. It did not help.

I finally had to go back and rebuild my router and restore the original configuration file and then reinstall the Mesh Nodes manually to get my home network back to working correctly again. All of this caused grief to the wife.

I just read your comment about needing to see logs that OpenVPN might have.
Please allow me some time to again set up OpenVPN, generate a client configuration and generate logs to upload here.

The client OpenVPN application that I am using is on the iPhone downloaded from the Apple store. (OpenVPN version 3.5.1 (6211))

I really would like to get OpenVPN working and both appreciate and need your help on this.
 
jksmurf said:
Until I changed provider, I had CGNAT on a remote router I need access to.

@bits is absolutely correct, if your provider uses CGNAT (it saves them IP addresses apparently) you can’t get through it without one of a few options. I list two of them below, ones I am familiar with through personal experience.

You can pay for a static IP address or you can do what I did (still do), set up and use Tailscale.

If you already know about tailscale ignore what follows, if not then for this you can either:
  • Set up and configure any device attached to your network and always on, as a subnet router. This device will ‘advertise’ itself outside CGNAT and you can then connect to your LAN, including your router e.g. you can use a Raspberry Pi (my first foray into Tailscale) or if it’s always on, an AppleTV HD or 4K (a very simple option, see pics attached) or literally any other device you can install tailscale on (and there are multiple OS platforms and literally hundreds of Device types to choose from).
  • If you’re on RMerlin FW, set up Tailscale on the Router. A very easy way to do this is to install TAILMON, an amazing Addon from @Viktor Jaep, this is what I now use, as the router is always on and I don’t need a separate device, although I do keep my Apple TV as a backup subnet router, which I can just enable if I need to, although I never have.
Click to expand...
Thank you for this. I did spend some time looking at tailscale. I am hoping to get OpenVPN working since my needs are so small and it is built into the Router / Merlin software. If I can't get it working, tailscale will probably be my next move.
 
BadWolfe said:
...
Please allow me some time to again set up OpenVPN, generate a client configuration and generate logs to upload here.

The client OpenVPN application that I am using is on the iPhone downloaded from the Apple store. (OpenVPN version 3.5.1 (6211))
Click to expand...
I assume you're referring to the "OpenVPN Connect" (I have that app on my phone, version 3.5.1_6211). When setting up the OpenVPN server on the router (and before importing the client profiles into this app), you must consider which "Security Level" you want the VPN to have when using the phone app.

On the "OpenVPN Connect" client app on your phone, go to "Settings --> Advanced Settings" (toward the bottom of the screen), and select which setting you want for the "Security Level" option:
OpenVPN_Connect_AdvancedSettings1.jpg

OpenVPN_Connect_AdvancedSettings2.jpg


1) Preferred (Recommended)
This option is the most restrictive because it requires the server to be configured with a minimum 2048-bit RSA encryption key, SSL certificates must be signed with a minimum SHA256 signature, compression must be disabled, only newer, non-deprecated ciphers are allowed, etc.

2) Legacy
This one has more relaxed requirements and will work with almost all TUN configurations, but it's less secure.

3) Insecure (Not Recommended)
[self-explanatory]

Depending on the above setting and how the OpenVPN server on the router is configured, you may have connection issues on the client side that the log will show as errors.

HTH
 
Ok, I have a clean install on the router and iPhone. Here are two log files of my current attempt.
(logs deleted since no longer needed)
 
Last edited:
Martinski said:
I assume you're referring to the "OpenVPN Connect" (I have that app on my phone, version 3.5.1_6211). When setting up the OpenVPN server on the router (and before importing the client profiles into this app), you must consider which "Security Level" you want the VPN to have when using the phone app.

On the "OpenVPN Connect" client app on your phone, go to "Settings --> Advanced Settings" (toward the bottom of the screen), and select which setting you want for the "Security Level" option:
View attachment 64601
View attachment 64603

1) Preferred (Recommended)
This option is the most restrictive because it requires the server to be configured with a minimum 2048-bit RSA encryption key, SSL certificates must be signed with a minimum SHA256 signature, compression must be disabled, only newer, non-deprecated ciphers are allowed, etc.

2) Legacy
This one has more relaxed requirements and will work with almost all TUN configurations, but it's less secure.

3) Insecure (Not Recommended)
[self-explanatory]

Depending on the above setting and how the OpenVPN server on the router is configured, you may have connection issues on the client side that the log will show as errors.

HTH
Click to expand...
Thank you for this information. I deleted the client installed configuration on my iPhone, then went through the settings you recommended. I tried each of the three options repeating a clean install of the client. So far none have worked (even the insecure mode).

I am sure it is something so fundamentally simple in my configuration on the Router. Hopefully the Server and Client side logs I uploaded can shed light into the issue.
 
Your VPN client file contains and invalid remote line.

From what you've indicated before you're trying to put something in there which contains an @ character. That is invalid. It should be your router's public IP address (e.g. 123.44.55.66) or a valid DDNS name (e.g. myhostname.org).

The example you gave earlier, 172.172.172.172@xxxxxxx.org is not valid.
 
You must log in or register to reply here.

Similar threads

R
VPN Client and Server using Trust.Zone public IP and port forwarding
Replies
2
Views
215
RRands
R
RMerlin
  • Locked
Beta Asuswrt-Merlin 3006.102.3 beta is now available for Wifi 7 devices
2 3
Replies
53
Views
7K
RMerlin
RMerlin
T
Wireguard VPN Disable IPV6
Replies
2
Views
2K
ZebMcKayhan
Z
B
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
Replies
1
Views
432
eibgrad
eibgrad
RMerlin
Release Asuswrt-Merlin 3006.102.1 is now available for Wifi 7 devices
4 5 6
Replies
106
Views
19K
jksmurf
J
Similar threads
Thread starter Title Forum Replies Date
XIII Setting up IoT networks using 3006 firmware? Asuswrt-Merlin 4
H Printing between two networks Asuswrt-Merlin 5
P Allowing main network to access guest networks Asuswrt-Merlin 1
tophmey How to scan broadcasting networks Asuswrt-Merlin 0
i0ntempest BE88U: Remove hidden wireless networks? Asuswrt-Merlin 15
Z 2 mesh networks setup Asuswrt-Merlin 11
N Can't configure WiFi networks RT-BE88U Asuswrt-Merlin 2
S [AC88U] How to connect 2 separated networks into 1 VLAN Asuswrt-Merlin 2
A Any way to disable the ASUSTek Hidden Networks? Asuswrt-Merlin 12
S Network printer no longer available after activating Guest networks Asuswrt-Merlin 18

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 514 (members: 28, guests: 486)
Back
Top