What's new

Beta ASUS Instant Guard iOS/Android public beta

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Are you connected outside your local network? With remote access disabled, I appear to be unable to connect via IG over my cell connection.
Yes, I was on LTE and was able to connect. However, that was after I had established the initial configuration using the Asus App and Instant Guard while I was on my home network and connected via wifi. I have second home and can't connect remotely and can't setup instant guard for that router.

Update: I was able to use OpenVPN to access the router in my second house to enable WAN access, then disconnected from OpenVPM and made a connection with Instant Guard for the initial setup. Once that was complete, I went back and disabled WAN access and was still able to establish a VPN connection with Instant Guard.

Update #2: So while I can establish a secure VPN connection using Instant Guard, and can access the router using Chrome on my phone. However, once the VPN is running I can't connect with the Asus Router App... Not a huge deal for me since I prefer to make changes via the router gui versus the router app anyway.
 
Last edited:
I've been impressed with the implementation of Instant Guard. However, I notice that Instant guard enables WAN remote access. I thought that was a big security risk. This isn't required for OpenVPN, if I disable WAN remote access I'm assuming Instant Gard won't work. Are there security concerns with this?

Edit: I disabled remote WAN access and I can still connect using Instant Guard. Wondering why it was turned on in the first place?

The WAN remote access is for ASUS router app, because ASUS router app needs to transfer VPN router setting to Instant Guard in the initial setup.
If you connect to the router in LAN, it is unnecessary to enable the WAN remote access.
Thanks for the feedback, I will discuss this topic with our team.

Edit
Next release will remove the WAN remote access check in LAN environment.
 
Last edited:
ASUSWRT_2020,

A suggestion for you consideration. While I can understand appreciate that you want to simplify the IPSec VPN setup starting with iOS, would you consider to provide user the option to accept your auto-generated Pre-Shared Key or Enter one that the user prefers.

Rationale:
After I setup Instant guard on my iPhone, I wanted to setup IPSec VPN on my Mac ... I discovered
  • auto-generated Pre-Shared Key in IPSec VPN Server setup screen, that was masked in the GUI as *************
  • It took me a while to figured out that moving the mouse to set focus on the Pre-Shared Key field, exposes the auto-generated Pre-Shared Key
PS: I like to managed my keys vs having cryptic auto generated keys; my workaround, is to setup IPSec VPN Server first so that I can define my IPSec VPN Server's Pre-Shared Key (iOS calls it "Secret"). After that I setup "Instant Guard" which honours the Pre-Shared Key I used.:)

We are planning the MacOS and Windows version Instant Guard. It would be easier to build the VPN tunnel.
 
Instant Guard is an app to help easily set the IPSec VPN server at router and IPSec VPN client at phone.
In the 1st stage, this app is only for administrator and need to update both ASUS router app and Instant Guard app.
The screenshots are as follows.

1. Click the Instant Guard in the router app and the router app would modify the firmware setting and transfer the necessary information to the Instant Guard app.
View attachment 26740


2. Tap the shield icon and build the VPN connection.
View attachment 26736

View attachment 26737


After established the VPN connection successfully, you can just click the Instant Guard app next time for VPN connection.


Currently, only support iOS and android beta will be released in the end of Oct.
Requirement: (1) Routes with IPSec VPN server feature (2) Router must have IPv4 public WAN IP (3) Firmwareequal and greater than 9.0.0.4_386_40322

If you want to join the iOS beta test, please (1) send me your Apple ID in a private message (2) install the test TestFlight app https://apps.apple.com/app/testflight/id899247664
We will start to send the TestFlight invitation by email on Oct 12.


After joined the TestFlight, the ASUS Router and Instant Guard will be in your TestFlight app.

View attachment 26739
could you sent me new invite pm sent ;)
 
I realise this is a tad off topic - perhaps someone can point me to the appropriate Asus Router app thread.

In the meantime, I just wish I could just select which VPN profile to activate on the router - from the router app.

Something so simple, and so useful for people with multiple profiles (countries)
 
For programming consideration, the VPN profile in App is easy.
For the App Store review, it is a big problem.
VPN is a sensitive term for specific areas and Apple blocked our app with VPN function several times. Need lots of negotiation.
 
Thanks for the TestFlight invite. I tried both 1.0.0.7 and 1.0.0.8. Works when on the LAN.

When trying to connect from cellular, unable to reach.

However, this is because I had an active OpenVPN client session running. So, just to see what happens, I closed the OpenVPN session.

Instant Guard connected from cellular - or mobile, as people say in this part of the world.

So I tried to use the Asus Router App - didn't connect - checked settings to ensure Remote Connection was on - it wasn't.

Tried to switch on Remote Connection in the router app - "This is only available on a local connection" or words to that effect.

Huh?????

EDIT: OK, I understand now. This is a language problem, not a software problem.

When I try and enable Remote Connection in the app, and I'm not on the LAN, it reports: "This feature is only available from a local connection" because you can currently only set it up for the first time from the LAN.

"This feature can only be enabled from a local connection" is the message I think they are trying to send, and would prevent future misunderstandings.
 
Last edited:
I realize I can connect using LTE in this new version 1.0.0.0.8. Now I can easily configure router remotely without having enable web access from WAN.
 
Instant Guard establishes the VPN connection to the router, even via mobile access - and even with WAN access disabled after setup.

Entering the router's local LAN IP address into a browser to bring up the login page works, even via mobile access

However, the ASUS Router app (which has Remote Connection turned on) does not seem to know that Instant Guard is connected. It still attempts to connect "remotely" - and of course fails because it has been disabled.

Having the ASUS Router App configured for Remote Connection does not seem to be an issue when on the LAN. It knows it, and connects via the local IP.

Isn't the Router App also supposed to connect via the local IP when an Instant Guard connection is present?
 
Hi,
I just received an email that Instant Guard App 1.0.0.0.8 is ready. I installed and the following is my observation in my environment:
  1. I can confirm that the persistent prompt to Enable WAN access is not there now. Thanks. For security reasons discussed many times in various Forum here, I will not Enable WAN access to my router.
  2. I can confirm that Instant Guard works over Wifi or Cellular connection between my iPhoneXsMax and my RT-AX88U. My self configured IPSec VPN and OpenVPN connection works equally well.
  3. As for Asus Router App working remotely via VPN (either via Instant Guard, IPsec, OpenVPN) between my iPhoneXsMax and my RT-AX88U
    • If remote connection is over CELLULAR directly, Asus Router App WILL NOT WORK with the following message "Unable to reach remotely". In order to have it to work I have to Enable WAN access (which I will not do)
    • If remote connection is over WIFI (eg. from my children's home network in different parts of the city or any WIFI HOTSPOT (including hotspot from cellular tethering), the Asus Router App will work correctly without Enabling WAN access on my Router. Not sure if this is an issue with Apple's iOS or it is a problem with Asus Router App.
    • In anycase it is not an issue for me as I prefer to use current Web base GUI :) .
 
Hi All,

Thanks for the long time waiting.
Android beta APK is ready
ASUS Router App: https://asus-my.sharepoint.com/:u:/p/alen_tsai/Ef6FId2jmLlMhjFpoiDju_kBVYWAohO_1nyT13crwCjO_Q
Instant Guard app : https://asus-my.sharepoint.com/:u:/p/alen_tsai/EdbhTSQdx7lPoJlYbZNHFzMBridzVVDLlH9--yrWFsXYow

Known Limitation :
  • Currently only support English language.
  • Instant Guard app will not automatically sync configuration if user change DDNS of ASUS router, user have to import Instant Guard profile again.
  • Instant Guard app will not automatically sync configuration if user change logging account or password of ASUS router, user have to import Instant Guard profile again.
  • Using Instant Guard app will check and enable Web access from WAN feature, this check will be removed in the next version.
 
Last edited:
If remote connection is over CELLULAR directly, Asus Router App WILL NOT WORK with the following message "Unable to reach remotely". In order to have it to work I have to Enable WAN access (which I will not do)
  • If remote connection is over WIFI (eg. from my children's home network in different parts of the city or any WIFI HOTSPOT (including hotspot from cellular tethering), the Asus Router App will work correctly without Enabling WAN access on my Router. Not sure if this is an issue with Apple's iOS or it is a problem with Asus Router App.
  • Yes, same here.
 
@LimJK

Please try establishing an Instant Guard connection when your router has an active OpenVPN client session running. For me, it's impossible.

I'd be interested to know if this is a hardware restriction, eg. not possible with certain models

Or whether it affects all ASUS Routers.
 
@LimJK

Please try establishing an Instant Guard connection when your router has an active OpenVPN client session running. For me, it's impossible.

I'd be interested to know if this is a hardware restriction, eg. not possible with certain models

Or whether it affects all ASUS Routers.
Princi,
When I get home in a couple of hours time, I will try it out again.
However, I remember when Instant Guard was first available about 2 weeks ago, I have all the 3 VPN Servers setup and concurrently running at the same time.
  • OpenVPN (my original favourite for a long time)
  • IPSec VPN (my new favourite it is very easy to set up relative to OpenVPN)
  • Instant Guard which is IPSec VPN under the hood (I am just participating in the testing, as this is a useful tool for simple users who are not comfortable with VPN configurations to establish secure connection relatively easily ...)
PS: I like some control over the secret keys; so I setup IPSec VPN Server first where I can define my secret key. After that I found that Instant Guard honours and use the same secret keys. I need that, because I need IPSec VPN connection from my MacBookPro to my Router remotely.

Edit: I remember my son-in-law's home RT-AC68U running Merlin's 384.19 only support OpenVPN Server, no IPSec VPN server. I have not tried the 386 RC on his RT-AC68U yet.
 
Last edited:
@LimJK

Please try establishing an Instant Guard connection when your router has an active OpenVPN client session running. For me, it's impossible.

I'd be interested to know if this is a hardware restriction, eg. not possible with certain models

Or whether it affects all ASUS Routers.


Instant Guard under the hood is just another kind of VPN connection. And both router and clients will get confused if you're trying to establish 2 VPNs (even if they are different like OpenVPN and IPSEC) at the same time between the same 2 endpoints.
It's mutually exclusive.
Instant Guard may be easier to setup for most users and that's an advantage over OpenVPN.
Personally I don't see any reasons to use Instant Guard when I have a perfectly functional OpenVPN setup.

I may be wrong, but this is my understanding.
 
Yes, that is my question - whether it’s possible to have an OpenVPN client session in place on the router...

...as well as be able to “dial-in” to configure the router from a mobile device when not at home.

On this router in question, AC-86U, I have a permanent VPN tunnel to France. If I have shutdown that tunnel to access the router from outside, then I will be shopping around for a new router very soon.
 
Can anyone actually download the android apk? I've been trying for a while and I get an error.
 
Yes, that is my question - whether it’s possible to have an OpenVPN client session in place on the router...

...as well as be able to “dial-in” to configure the router from a mobile device when not at home.

On this router in question, AC-86U, I have a permanent VPN tunnel to France. If I have shutdown that tunnel to access the router from outside, then I will be shopping around for a new router very soon.
Princi,

I just got back and setup OpenVPN Server, besides IPSec VPN Server and Instant Guard (Server) all running. I have my iPhoneXsMax as Instant Guard (Client) connect to my Instant Guard (Server), and MacBookPro running Tunnelblick (OpenVPN Client) connected to my OpenVPN (Server), running happily together.

However, Sorry, I might have misunderstood your question, I thought you are asking about multiple VPN Servers on the Router serving different VPN Clients. I never thought of running 2 different VPN sessions on the same client to the different VPN Servers on the same Router, cannot think of a use case for that.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top