Menu
What's new
By:
Filters Better Search

How to set up VPN on ASUS RT-AC5300 with Merlin Firmware in AP Mode?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

R

Razz

Occasional Visitor
I have just got an ASUS RT-AC5300 router and updated it with Merlin Firmware.
My issue is this, I use an ADSL connection and the only way I can connect is through the D-Link Modem/Router I have. The ASUS router is connected to the D-Link via ethernet ports and the WiFi on it is turned off. To make it work, I have to run the ASUS router in Access Point mode. I have just subscribed to ZorroVPN and want to set up the VPN connection on my router. How do I do this? I am a bit of a novice and a newbie at all this sort of stuff, so any help would be appreciated. Cheers!
 
I do not have experience with setting up VPN on the Access Point instead of the Router... BUT here is something you can try...

To turn on VPN:
1) Go to the VPN Tab
2) Turn on an OpenVPN server with General Settings
3) Attempt to connect with the OpenVPN client using the exported script.

If that works - you can explore further to get your other VPN client working.


Sent from my iPhone using Tapatalk
 
Router Screenshot.jpg
Thanks Adam.
I don't actually have a VPN tab showing to click on. I believe that is something that only comes on in Router Mode
 
Last edited:
You may not be able to do this in AP mode.
Have you tried using your router as the modem instead of your Dlink. I connect to the wan directly and what a difference.
You need to look at the Dlink setup to see how it connects to the service. Then try to duplicate it using your router.
Some ISPs use the mac address of the router for the security and if that is the case copy down the mac address of the Dlink and enter it into the mac address under the wan tab and set to DHCP query frequency to Aggressive mode. WAN Connection Type should be Automatic.
This should let you connect.
 
If that wont work you can still connect to the Dlink using the wan and letting the router connect to the Dlink using the auto mode or DHCP.
 
mikelees2 said:
You may not be able to do this in AP mode.
Have you tried using your router as the modem instead of your Dlink. I connect to the wan directly and what a difference.
You need to look at the Dlink setup to see how it connects to the service. Then try to duplicate it using your router.
Some ISPs use the mac address of the router for the security and if that is the case copy down the mac address of the Dlink and enter it into the mac address under the wan tab and set to DHCP query frequency to Aggressive mode. WAN Connection Type should be Automatic.
This should let you connect.
Click to expand...

The only reason the DLINK is still there is because it has the phone line connection coming into it, however the ASUS has no such port. Is there an adapter I can get to allow the phone line (ADSL) to plug into the ASUS and will that work? Does this router have ADSL capability?
 
mikelees2 said:
If that wont work you can still connect to the Dlink using the wan and letting the router connect to the Dlink using the auto mode or DHCP.
Click to expand...
How do I do that? I can only see 3 modes, Router Mode, AP Mode and Bridge mode. Router Mode won't connect to the DLink, only in AP mode.
 
Razz said:
The only reason the DLINK is still there is because it has the phone line connection coming into it, however the ASUS has no such port. Is there an adapter I can get to allow the phone line (ADSL) to plug into the ASUS and will that work? Does this router have ADSL capability?
Click to expand...

Then I would try using the router in wireless router mode and let it get DHCP from the Dlink. Set the wan to auto ip and see if it connects.
 
It should work just like a computer would then plug your computers in to the router and go.
 
1. goto the admin tab and set to wireless router mode
2. goto the wan tab
5300.jpg


check connect to dns auto .
apply
 
Take a cable from the wan port on the router to the Ethernet port on the dlink.
 
Hallelujah! You sir, are a genius! I now have the Router operating successfully in Router mode. All I have to do now is figure out how to set up the VPN on the router.
 
The Router is working fine in Router mode now, however, I still can't get the VPN to work. I am using ZorroVPN and download an OpenVPN file or chain, but after I load it in, it keeps coming up with a message "Error - Check configuration"
No doubt I'll need some help with that one, just waiting for the help staff at ZorroVPN to get back to me and see if they can give me any answers. They don't have a setup guide for Merlin firmware, though they do have Tomato and DD-WRT.
 
I would think in that case you will want to use the VPN client under the VPN tab and go though the setup.
I don't use that so I don't know. You may also need to use port forwarding on the Dlink or use DMZ on the Dlink if it has it and use the wan IP from the router to expose it directly to the internet. That should let everything work then.
 
You should by now also know the configuration of the modem and the router and what it is using. It is working as far as IP addresses. EX. Dlink wan ip, Dlink Ethernet IPs (DHCP) router WAN IP Router Ethernet IPs (DHCP). If the Dlink has DMZ use that over port forwarding.
I would set the routers WAN IP to a static IP that matches the Dlink Ethernet IPs scheme so that when you set the DMZ IP on the Dlink it does not change when the router or the Dlink reboots.
 
Basic IP setup would be something like this.

Dlink EX.
WAN 172.167.156.238 (This does not matter to you its not your IP)
Dlink Lan IP 192.168.1.1 (The IP you enter to access the Dlink.)
Dlink Ethernet DHCP 192.168.1.100 to 192.168.1.150 (DHCP range for your modem.)
Dlink DMZ 192.168.1.5 ( Tells the Dlink to send everything to the router. )

Router EX.
WAN 192.168.1.5 (Static IP set by you)
Router Lan IP 192.168.2.1 (The IP you enter to access the router.)
Router Ethernet DHCP 192.168.2.100 to 192.168.2.150 (DHCP range for your router.)
 
Razz said:
The Router is working fine in Router mode now, however, I still can't get the VPN to work. I am using ZorroVPN and download an OpenVPN file or chain, but after I load it in, it keeps coming up with a message "Error - Check configuration"
No doubt I'll need some help with that one, just waiting for the help staff at ZorroVPN to get back to me and see if they can give me any answers. They don't have a setup guide for Merlin firmware, though they do have Tomato and DD-WRT.
Click to expand...

Adam Siemiginowski said:
To turn on VPN:
1) Go to the VPN Tab
2) Turn on an OpenVPN server with General Settings
3) Attempt to connect with the OpenVPN client using the exported script.

If that works - you can explore further to get your other VPN client working.
Click to expand...

Try using the super-basic OpenVPN Server and Client to verify connection before you spend more time troubleshooting ZorroVPN. :)
 
mikelees2 said:
Basic IP setup would be something like this.

Dlink EX.
WAN 172.167.156.238 (This does not matter to you its not your IP)
Dlink Lan IP 192.168.1.1 (The IP you enter to access the Dlink.)
Dlink Ethernet DHCP 192.168.1.100 to 192.168.1.150 (DHCP range for your modem.)
Dlink DMZ 192.168.1.5 ( Tells the Dlink to send everything to the router. )

Router EX.
WAN 192.168.1.5 (Static IP set by you)
Router Lan IP 192.168.2.1 (The IP you enter to access the router.)
Router Ethernet DHCP 192.168.2.100 to 192.168.2.150 (DHCP range for your router.)
Click to expand...

I've set the DLINK DMZ to 192.16.1.5 and the DLink DHCP to 192.168.1.100 to 192.168.1.150 as suggested.
When I got to the Router WAN settings and change it to static IP Address (From Automatic IP), it then wants the IP Address, which I enter as 192.168.1.5, but then it also wants the following:
Subnet Mask (I had no idea, so I entered 255.255.255.0)
Default Gateway (Again, no clue, but I copied 203.45.253.1 from DLINK)
DNS Server 1 (Don't know about that either but copied 139.130.4.4 from DLINK)
DNS Server 2 (Same again 203.50.2.71)

Probably I'm entering the wrong settings, but when I do that, it loses internet connection. When I change it back to Automatic IP it comes good again.
 
I've tried loading the OpenVPN File into the OpenVPN Client section, Inserting my username and password, applying the settings and turning it on. I constantly get it coming back with "Error - Check Configuration!" Below is a copy of the System Log, perhaps that might shed some light on the issue.

Sep 5 10:48:02 rc_service: httpd 3509:notify_rc restart_vpnclient1
Sep 5 10:48:04 openvpn[27316]: Unrecognized option or missing or extra parameter(s) in config.ovpn:39: block-outside-dns (2.4.3)
Sep 5 10:48:04 openvpn[27316]: OpenVPN 2.4.3 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 18 2017
Sep 5 10:48:04 openvpn[27316]: library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Sep 5 10:48:04 openvpn[27318]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Sep 5 10:48:04 openvpn[27318]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 5 10:48:04 openvpn[27318]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 5 10:48:04 openvpn[27318]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 5 10:48:04 openvpn[27318]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.9.19.137:54329
Sep 5 10:48:04 openvpn[27318]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Sep 5 10:48:04 openvpn[27318]: NOTE: setsockopt TCP_NODELAY=1 failed
Sep 5 10:48:04 openvpn[27318]: UDP link local: (not bound)
Sep 5 10:48:04 openvpn[27318]: UDP link remote: [AF_INET]185.9.19.137:54329
Sep 5 10:48:04 openvpn[27318]: TLS: Initial packet from [AF_INET]185.9.19.137:54329, sid=ddcc085d d9fe18d0
Sep 5 10:48:05 openvpn[27318]: VERIFY OK: depth=1, CN=a
Sep 5 10:48:05 openvpn[27318]: VERIFY OK: nsCertType=SERVER
Sep 5 10:48:05 openvpn[27318]: VERIFY OK: depth=0, CN=b
Sep 5 10:48:06 openvpn[27318]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sep 5 10:48:06 openvpn[27318]: Peer Connection Initiated with [AF_INET]185.9.19.137:54329
Sep 5 10:48:07 openvpn[27318]: SENT CONTROL : 'PUSH_REQUEST' (status=1)
Sep 5 10:48:08 openvpn[27318]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.201.0.1,dhcp-option DNS 10.201.0.2,dhcp-option DNS 10.201.0.3,redirect-gateway def1,comp-lzo yes,ping 6,ping-restart 30,socket-flags TCP_NODELAY,sndbuf 393216,rcvbuf 393216,redirect-gateway ipv6,route-ipv6 2000::/3,tun-ipv6,ifconfig-ipv6 2001:db8:f0:b2::4/64 2001:db8:f0:b2::1,ifconfig 10.201.255.1 255.255.0.0,peer-id 0,cipher AES-256-GCM'
Sep 5 10:48:08 openvpn[27318]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sep 5 10:48:08 openvpn[27318]: OPTIONS IMPORT: timers and/or timeouts modified
Sep 5 10:48:08 openvpn[27318]: OPTIONS IMPORT: compression parms modified
Sep 5 10:48:08 openvpn[27318]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sep 5 10:48:08 openvpn[27318]: Socket Buffers: R=[122880->245760] S=[122880->245760]
Sep 5 10:48:08 openvpn[27318]: OPTIONS IMPORT: --socket-flags option modified
Sep 5 10:48:08 openvpn[27318]: NOTE: setsockopt TCP_NODELAY=1 failed
Sep 5 10:48:08 openvpn[27318]: OPTIONS IMPORT: --ifconfig/up options modified
Sep 5 10:48:08 openvpn[27318]: OPTIONS IMPORT: route options modified
Sep 5 10:48:08 openvpn[27318]: OPTIONS IMPORT: route-related options modified
Sep 5 10:48:08 openvpn[27318]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sep 5 10:48:08 openvpn[27318]: OPTIONS IMPORT: peer-id set
Sep 5 10:48:08 openvpn[27318]: OPTIONS IMPORT: adjusting link_mtu to 1625
Sep 5 10:48:08 openvpn[27318]: OPTIONS IMPORT: data channel crypto options modified
Sep 5 10:48:08 openvpn[27318]: Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 5 10:48:08 openvpn[27318]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 5 10:48:08 openvpn[27318]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 5 10:48:08 openvpn[27318]: GDG6: remote_host_ipv6=n/a
Sep 5 10:48:08 openvpn[27318]: TUN/TAP device tun11 opened
Sep 5 10:48:08 openvpn[27318]: TUN/TAP TX queue length set to 100
Sep 5 10:48:08 openvpn[27318]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Sep 5 10:48:08 openvpn[27318]: /usr/sbin/ip link set dev tun11 up mtu 1500
Sep 5 10:48:08 openvpn[27318]: /usr/sbin/ip addr add dev tun11 10.201.255.1/16 broadcast 10.201.255.255
Sep 5 10:48:08 openvpn[27318]: /usr/sbin/ip -6 addr add 2001:db8:f0:b2::4/64 dev tun11
Sep 5 10:48:08 openvpn[27318]: Linux ip -6 addr add failed: external program exited with error status: 2
Sep 5 10:48:08 openvpn[27318]: Exiting due to fatal error
Sep 5 10:48:26 rc_service: httpd 3509:notify_rc start_vpnclient1
Sep 5 10:48:27 openvpn[27390]: Unrecognized option or missing or extra parameter(s) in config.ovpn:39: block-outside-dns (2.4.3)
Sep 5 10:48:27 openvpn[27390]: OpenVPN 2.4.3 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 18 2017
Sep 5 10:48:27 openvpn[27390]: library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Sep 5 10:48:27 openvpn[27391]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Sep 5 10:48:27 openvpn[27391]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 5 10:48:27 openvpn[27391]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 5 10:48:27 openvpn[27391]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 5 10:48:27 openvpn[27391]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.9.19.137:54329
Sep 5 10:48:27 openvpn[27391]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Sep 5 10:48:27 openvpn[27391]: NOTE: setsockopt TCP_NODELAY=1 failed
Sep 5 10:48:27 openvpn[27391]: UDP link local: (not bound)
Sep 5 10:48:27 openvpn[27391]: UDP link remote: [AF_INET]185.9.19.137:54329
Sep 5 10:48:28 openvpn[27391]: TLS: Initial packet from [AF_INET]185.9.19.137:54329, sid=b1905cf1 0f9754ee
Sep 5 10:48:28 openvpn[27391]: VERIFY OK: depth=1, CN=a
Sep 5 10:48:28 openvpn[27391]: VERIFY OK: nsCertType=SERVER
Sep 5 10:48:28 openvpn[27391]: VERIFY OK: depth=0, CN=b
Sep 5 10:48:30 openvpn[27391]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sep 5 10:48:30 openvpn[27391]: Peer Connection Initiated with [AF_INET]185.9.19.137:54329
Sep 5 10:48:31 openvpn[27391]: SENT CONTROL : 'PUSH_REQUEST' (status=1)
Sep 5 10:48:31 openvpn[27391]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.201.0.1,dhcp-option DNS 10.201.0.2,dhcp-option DNS 10.201.0.3,redirect-gateway def1,comp-lzo yes,ping 6,ping-restart 30,socket-flags TCP_NODELAY,sndbuf 393216,rcvbuf 393216,redirect-gateway ipv6,route-ipv6 2000::/3,tun-ipv6,ifconfig-ipv6 2001:db8:f0:b2::5/64 2001:db8:f0:b2::1,ifconfig 10.201.255.2 255.255.0.0,peer-id 1,cipher AES-256-GCM'
Sep 5 10:48:31 openvpn[27391]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sep 5 10:48:31 openvpn[27391]: OPTIONS IMPORT: timers and/or timeouts modified
Sep 5 10:48:31 openvpn[27391]: OPTIONS IMPORT: compression parms modified
Sep 5 10:48:31 openvpn[27391]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sep 5 10:48:31 openvpn[27391]: Socket Buffers: R=[122880->245760] S=[122880->245760]
Sep 5 10:48:31 openvpn[27391]: OPTIONS IMPORT: --socket-flags option modified
Sep 5 10:48:31 openvpn[27391]: NOTE: setsockopt TCP_NODELAY=1 failed
Sep 5 10:48:31 openvpn[27391]: OPTIONS IMPORT: --ifconfig/up options modified
Sep 5 10:48:31 openvpn[27391]: OPTIONS IMPORT: route options modified
Sep 5 10:48:31 openvpn[27391]: OPTIONS IMPORT: route-related options modified
Sep 5 10:48:31 openvpn[27391]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sep 5 10:48:31 openvpn[27391]: OPTIONS IMPORT: peer-id set
Sep 5 10:48:31 openvpn[27391]: OPTIONS IMPORT: adjusting link_mtu to 1625
Sep 5 10:48:31 openvpn[27391]: OPTIONS IMPORT: data channel crypto options modified
Sep 5 10:48:31 openvpn[27391]: Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 5 10:48:31 openvpn[27391]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 5 10:48:31 openvpn[27391]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 5 10:48:31 openvpn[27391]: GDG6: remote_host_ipv6=n/a
Sep 5 10:48:31 openvpn[27391]: TUN/TAP device tun11 opened
Sep 5 10:48:31 openvpn[27391]: TUN/TAP TX queue length set to 100
Sep 5 10:48:31 openvpn[27391]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Sep 5 10:48:31 openvpn[27391]: /usr/sbin/ip link set dev tun11 up mtu 1500
Sep 5 10:48:31 openvpn[27391]: /usr/sbin/ip addr add dev tun11 10.201.255.2/16 broadcast 10.201.255.255
Sep 5 10:48:31 openvpn[27391]: /usr/sbin/ip -6 addr add 2001:db8:f0:b2::5/64 dev tun11
Sep 5 10:48:31 openvpn[27391]: Linux ip -6 addr add failed: external program exited with error status: 2
Sep 5 10:48:31 openvpn[27391]: Exiting due to fatal error
 
Razz said:
I've set the DLINK DMZ to 192.16.1.5 and the DLink DHCP to 192.168.1.100 to 192.168.1.150 as suggested.
When I got to the Router WAN settings and change it to static IP Address (From Automatic IP), it then wants the IP Address, which I enter as 192.168.1.5, but then it also wants the following:
Subnet Mask (I had no idea, so I entered 255.255.255.0)
Default Gateway (Again, no clue, but I copied 203.45.253.1 from DLINK)
DNS Server 1 (Don't know about that either but copied 139.130.4.4 from DLINK)
DNS Server 2 (Same again 203.50.2.71)

Probably I'm entering the wrong settings, but when I do that, it loses internet connection. When I change it back to Automatic IP it comes good again.
Click to expand...

Router WAN 192.168.1.5
Default gateway 192.168.1.1 ( The number you enter to access the Dlink.)
Subnet 255.255.255.0 (same as what the Dlink Ethernet is.)
DNS Servers will be what you have on the Dlink

That should work
 
You must log in or register to reply here.

Similar threads

P
Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware
Replies
9
Views
348
eibgrad
eibgrad
S
Script to enable VLAN on RT-AX86U Pro and current Merlin firmware
Replies
5
Views
401
AlexP11223
A
W
Upgrade Firmware to Merlin rt ac5300
Replies
12
Views
1K
jksmurf
J
R
Revert ASUS RT-AX86U Pro Back to Stock Firmware
Replies
1
Views
362
bennor
B
santalix
RT-AX86U Pro killswitch
Replies
1
Views
318
eibgrad
eibgrad
Similar threads
Thread starter Title Forum Replies Date
M Solved Set samba case sensitive permanently Asuswrt-Merlin 3
wcoastsands RT-AX88U Guest Network connection issue when Access Intranet is set to Disable Asuswrt-Merlin 5
skeal Attached drive not idling down as the firmware says and is set for Asuswrt-Merlin 6
W OpenVPN Server set to LAN only allows browsing Asuswrt-Merlin 14
C How to set upstream DNS but force clients to use the router for DNS? Asuswrt-Merlin 2
J trying to setup vpn client Asuswrt-Merlin 2
N Forward only specific port's traffic to Wireguard VPN Asuswrt-Merlin 1
W New Asus AXE-11000 VPN Director Problem Asuswrt-Merlin 1
Celico Routing only traffic to specific IP through VPN? Asuswrt-Merlin 7
orudie VPN does not auto connect after primary WAN disconnects and Secondary WAN becomes active. When primary WAN reconnects again then VPN auto reconnects Asuswrt-Merlin 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 780 (members: 27, guests: 753)
Top