Asus RT-AX56U VPN director

[eibgrad]

Well now it's looks like you're messing w/ the OpenVPN client config, given it's reporting an options error.

Dump your OpenVPN client config file.

cat /tmp/etc/openvpn/client1/config.ovpn

 

[kornel155]

client
dev tun
remote pl04.vpnonline.eu 993
proto tcp-client
remote-cert-tls server
auth-user-pass
tls-client
block-outside-dns
pull
auth SHA1
cipher AES-128-CBC
persist-key
resolv-retry infinite
reneg-sec 0
verb 3
auth-nocache
route-delay 2
redirect-gateway def1

 

[eibgrad]

Something is seriously wrong here. Your client config file doesn't look even remotely close to what the OpenVPN client generates. Here's a dump of my own, connected to KeepSolid VPN (using VPN Director).

daemon ovpn-client1
client
dev tun11
txqueuelen 1000
proto udp
remote us-chi.vpnunlimitedapp.com 1194
nobind
persist-key
persist-tun
data-ciphers CHACHA20-POLY1305:AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
auth SHA512
route-noexec
ca ca.crt
cert client.crt
key client.key
up 'ovpn-up 1 client'
down 'ovpn-down 1 client'
route-up 'ovpn-route-up'
route-pre-down 'ovpn-route-pre-down'
script-security 2
route-delay 2
verb 4
status-version 2
status status 5

# Custom Configuration

Where is the daemon, dev tun11, route-noexec, route-up, and numerous other directives found in my config, but not yours?!

Your looks more like something that would have been generated by the OpenVPN server, in order for a remote OpenVPN client to connect to your server.

 

[kornel155]

So what now? Trying another openvpn client config?

 

[eibgrad]

Normally when you import the .ovpn file from the VPN provider, the router just merges it w/ various default directives it uses for ALL OpenVPN connections. It's NOT a wholesale replacement for what the router itself generates. But that appears to be what happened, and I have no idea how that could be. As I said, there's all kinds of missing directives.

I would reset that OpenVPN client to Defaults, reboot the router, then re-import the OpenVPN providers config file and see if you get better results.

 

[kornel155]

Thank you very much for your help, I'll check it in the morning. You helped me a lot, thank you for your time.

 

[kornel155]

Now IS WORKING!
You were right. I did as you wrote and everything started working. Thanks for your help and patience!
greetings

 

[Satch]

Hello, I have the exact opposite need and struggle to implement this in my network (2x RT-AC86U, AiMesh mode, Wired ethernet backhall).

In a few words, I would like all my devices to connect thru a VPN client by default and just keep two laptops out of any VPN client. I can configure the two laptops to have a higher WAN priority rule and the other lower priority rules for the other devices with VPN Clients. It works but it makes it mandatory to document every new device that connects to my network (if I don't it will by default have the higher WAN priority and thus no VPN Client).

Ideally I would have to create rules just for these 2 laptops. The list of other devices might evolve with time and I would like no to have to update my configuration every time there is a new device coming.

I hope my need is clearly explained as I'm a new to network configuration. My apologises if this is non sense. Any advices or suggestions to help me? Thank you

Regards

 

[eibgrad]

Hello, I have the exact opposite need and struggle to implement this in my network (2x RT-AC86U, AiMesh mode, Wired ethernet backhall).

In a few words, I would like all my devices to connect thru a VPN client by default and just keep two laptops out of any VPN client. I can configure the two laptops to have a higher WAN priority rule and the other lower priority rules for the other devices with VPN Clients. It works but it makes it mandatory to document every new device that connects to my network (if I don't it will by default have the higher WAN priority and thus no VPN Client).

Ideally I would have to create rules just for these 2 laptops. The list of other devices might evolve with time and I would like no to have to update my configuration every time there is a new device coming.

I hope my need is clearly explained as I'm a new to network configuration. My apologises if this is non sense. Any advices or suggestions to help me? Thank you

Regards

All you have to do is create a single rule to route ALL traffic over the VPN using the VPN Director, then add rules for your exceptions over the WAN. The WAN rules always take precedence over the VPN rules.

<192.168.1.100> <blank> WAN
<192.168.1.200> <blank> WAN
<192.168.1.0/24> <blank> OVPN1

 

[Satch]

Thanks to your answer I discovered what CIDR notation and sub mask are and succeeded to set the thing up. Thank you very much and have a nice day!