Tutorial How to setup a VPN Server with Asus routers 380.68 updated 08.24

[Darcy]

Does using a vpn server slow down your internet?


Sent from my iPhone using Tapatalk

 

[Xentrk]

Does using a vpn server slow down your internet?


Sent from my iPhone using Tapatalk

Running a VPN server on my router does not slow the up/down speeds on my router. I have OpenVPN server feature running on several routers so I can remote into them and it does not impact internet speeds for users on the network.

On the VPN client, more often than not, the higher the encryption level, the slower the vpn connection will be. Distance from server will also factor in, as well as CPU speed, which is a major factor in itself. OpenVPN is single core threaded so it can't take advantage of dual or quad cores. Google "openvpn connection slow" or "slow vpn speeds" for more information. Your native WAN speed also comes into play as well.

 

[Darcy]

Running a VPN server on my router does not slow the up/down speeds on my router. I have OpenVPN server feature running on several routers so I can remote into them and it does not impact internet speeds for users on the network.

On the VPN client, more often than not, the higher the encryption level, the slower the vpn connection will be. Distance from server will also factor in, as well as CPU speed, which is a major factor in itself. OpenVPN is single core threaded so it can't take advantage of dual or quad cores. Google "openvpn connection slow" or "slow vpn speeds" for more information. Your native WAN speed also comes into play as well.

Thanks for the detailed response. I'm interested in setting one up but seems complicated . I've read the thread about setting one up on an ASUS router but I'm not skilled enough I think. I'm afraid to make a mistake and mess my network up...lol


Sent from my iPhone using Tapatalk

 

[Xentrk]

Thanks for the detailed response. I'm interested in setting one up but seems complicated . I've read the thread about setting one up on an ASUS router but I'm not skilled enough I think. I'm afraid to make a mistake and mess my network up...lol


Sent from my iPhone using Tapatalk

Give it a try. You won't mess up your LAN if you make a config mistake on the OpenVPN Server. Yorgi's posts at the beginning of the thread should be all you need. I think I have a screen shot of my config buried in one of the posts as well. If you have an issue, just post here and someone will lend you a hand. I usually check the posts once per day myself.

 

[helio58]

Asus RT-AC68U merlin.
Openvpn server running at 192.168.10.0
client 192.168.20.0
can access all computers on 192.168.10.0 + network 192.168.20.0
on server configuration i have push clients to lan
plus have add client , 192.168.20.0,255.255.255.0 push
connecting with a mobil client i can access all computers on server side but no
no clients on 192.168.20.0
I see this on log when trying to reach 192.168.20.104 -> client1/79.79.80.56
79.79.80.56 is the wan off 192.168.20.0
and it will not connect

Please is it possible to reach 192.168.20.104 from mobil?

 

[yorgi]

Asus RT-AC68U merlin.
Openvpn server running at 192.168.10.0
client 192.168.20.0
can access all computers on 192.168.10.0 + network 192.168.20.0
on server configuration i have push clients to lan
plus have add client , 192.168.20.0,255.255.255.0 push
connecting with a mobil client i can access all computers on server side but no
no clients on 192.168.20.0
I see this on log when trying to reach 192.168.20.104 -> client1/79.79.80.56
79.79.80.56 is the wan off 192.168.20.0
and it will not connect

Please is it possible to reach 192.168.20.104 from mobil?

make sure that you enable the following as well
Respond to DNS
Advertise DNS to clients
Also why is your server 192.168.10.0?
leave it at 10.8.0.0 and subnet 255.255.255.0
If you are accessing win 10 file shares you need to create a firewall rule on each win 10 pc in order to access file shares.
I have a section in my guide on how to do this at the end of the article.

 

[helio58]

make sure that you enable the following as well
Respond to DNS
Advertise DNS to clients
Also why is your server 192.168.10.0?
leave it at 10.8.0.0 and subnet 255.255.255.0
If you are accessing win 10 file shares you need to create a firewall rule on each win 10 pc in order to access file shares.
I have a section in my guide on how to do this at the end of the article.

Thank you, my server is running at 10.8.0.0
the 192.168.10.0 is the Lan side off the openvpn server.

 

[olddawg117]

I'm having a problem where when I disconnect from my VPN (PIA) I cannot access all the same web sites that I can with the VPN enabled. Some such as WFAE.org will just not load. This was not the case in versions of the firmware prior to the 380.66.4 release. I am using a RT-AC1900P router. Any suggestions?

 

[olddawg117]

I'm having a problem where when I disconnect from my VPN (PIA) I cannot access all the same web sites that I can with the VPN enabled. Some such as WFAE.org will just not load. This was not the case in versions of the firmware prior to the 380.66.4 release. I am using a RT-AC1900P router. Any suggestions?

Updated firmware to 380.67, did factory reset and all appears to be well.

 

[yorgi]

Updated firmware to 380.67, did factory reset and all appears to be well.

I too had some issues but with 380.67 I did a default on the VPN server as suggested by Merlin and it now works fine

 

[dtak]

My background in IT is very low, so I've been trying to learn all this stuff this past month.

Followed Yorgi's op and can connect to the VPN host, but can't ping anything but the router. I can access the work router gui when the VPN connection is open.

I am trying to access my work's server, and am unable to map it with either the ip (192.168.99.247) or name (server).

Work Router:
Asus RT-AC88U on Merlin 380.67
IP : 192.168.99.1

Server OS: Windows Server 2003

VPN Subnet: 192.168.98.0


My OS: Windows 10


I tried changing the interface type to TAP, and was able to map to the server, but the connection dropped as soon as I opened the folder. When using TAP, the connection never stays open for longer than a few minutes. Using TUN, and the connection stays open indefinitely, I just can't access anything.

Any suggestions on what else I can try?

 

[yorgi]

My background in IT is very low, so I've been trying to learn all this stuff this past month.

Followed Yorgi's op and can connect to the VPN host, but can't ping anything but the router. I can access the work router gui when the VPN connection is open.

I am trying to access my work's server, and am unable to map it with either the ip (192.168.99.247) or name (server).

Work Router:
Asus RT-AC88U on Merlin 380.67
IP : 192.168.99.1

Server OS: Windows Server 2003

VPN Subnet: 192.168.98.0


My OS: Windows 10


I tried changing the interface type to TAP, and was able to map to the server, but the connection dropped as soon as I opened the folder. When using TAP, the connection never stays open for longer than a few minutes. Using TUN, and the connection stays open indefinitely, I just can't access anything.

Any suggestions on what else I can try?

From what I understand you have your router setup as a VPN server and you are trying to do file sharing on the Win 2003 server.
You don't need to go to TAP mode.
First of all did you upgrade to the firmware from a previous version? if you did then I suggest you do a default on the router Open VPN server and then reboot the router.
After the reboot go ahead and re configure the VPN server as my guide shows.
If you need to access any file sharing from windows computers you need to go to your firewall on the windows computers and configure it to allow its file shares to your VPN.
If you look at my guide at the end I have a section where I explain how to write a firewall rule for windows computers to allow file sharing and remote desktop.
If you still have problems let me know.

 

[yorgi]

also don't forget to export a new .ovpn file and import it to the device you wish to connect to your VPN server, if you defaulted the VPN server

 

[dtak]

From what I understand you have your router setup as a VPN server and you are trying to do file sharing on the Win 2003 server. Correct. The local network computers can all access the servers shares.
You don't need to go to TAP mode. That was just an experiment. I do have it set up currently the way you outlined in your op, with TUN.
First of all did you upgrade to the firmware from a previous version? if you did then I suggest you do a default on the router Open VPN server and then reboot the router. Did both upgrade, defaulted then rebooted.
After the reboot go ahead and re configure the VPN server as my guide shows. Back to your proposed settings.
If you need to access any file sharing from windows computers you need to go to your firewall on the windows computers and configure it to allow its file shares to your VPN.
If you look at my guide at the end I have a section where I explain how to write a firewall rule for windows computers to allow file sharing and remote desktop. The firewall on the server is completely disabled. We've actually never had it on.
If you still have problems let me know.

The .ovpn file was recreated under the most recent settings, and I can see the branch computer connected to the VPN server through the Asus router GUI.

The current setup for our office is as follows:

Internet --> Modem --> Asus RT-AC88U (192.198.99.1) (VPN - 192.168.98.0) --> Switch --> Office Computers and Office Server (Server 2003)

Server has no firewall enabled, so the only firewall I think that would need any configuring would be the one maintained by the Asus router, correct?

The computer I was messing with last night was my home computer, running Win 10. (home)
The computer I need this to work on is a branch computer running Win 7. (client)
When looking at the clients that are connected to the router, I can't see the client's ip. Not sure if that matters or not, but I do see the client under the VPN - Status menu.

The client can ping the Asus router, but can't ping any other computer (server included) on the work lan.

 

[yorgi]

The .ovpn file was recreated under the most recent settings, and I can see the branch computer connected to the VPN server through the Asus router GUI.

The current setup for our office is as follows:

Internet --> Modem --> Asus RT-AC88U (192.198.99.1) (VPN - 192.168.98.0) --> Switch --> Office Computers and Office Server (Server 2003)

Server has no firewall enabled, so the only firewall I think that would need any configuring would be the one maintained by the Asus router, correct?

The computer I was messing with last night was my home computer, running Win 10. (home)
The computer I need this to work on is a branch computer running Win 7. (client)
When looking at the clients that are connected to the router, I can't see the client's ip. Not sure if that matters or not, but I do see the client under the VPN - Status menu.

When you configure a VPN server you should leave the subnet at 10.8.0.0 not 192.168.98.0 look at the images from my guide and do it the same.
If you have a windows server 2003 why the hell would you disable the built in windows firewall? that is a big "NO" You should never disable a windows firewall, its huge security risk especially for an office.
are you sure we are talking about the same firewall? or are you talking about the firewall from the router?
When you load the .ovpn file on the server or on any computer I would suggest using openvpn program from this link https://openvpn.net/index.php/open-source/downloads.html you need openvpn-2.4.3.zip
and install it on each devicesthat has to connect to the VPN server.
Then load the .ovpn file you exported from the ASUS VPN server on the openvpn program that you installed. Put username and password and
Then connect to the ASUS VPN server with the open vpn program you installed on your computers.
at this point you need to do following for each windows computer you need to have access for shares and remote desktop ;

Go to windows search and type in windows firewall with advanced security and right click and run as administrator.
For windows 7 pc go to control panel and firewall then advanced. You need to have administrator rights to do this process.
Then right click on inbound rules to create a new Inbound rule.
Rule type click on - Program
Program click on - All Programs
Action click on - Allow the connection
Profile enable Domain, public and private enabled,
Now give it a name for example Allow VPN Server and then click on SAVE.
Next Look for the rule you created in the inbound rules section and double click on it so you can see the properties.
Go to Protocols and Ports tab and In "protocol type" enter "TCP"
In "local port" enter "All Ports"
In "Remote port" enter "All Ports"
Then click on the "Scope" tab and in "Local IP addresses" click on "these IP addresses" and enter the computers IP address that you want to access for example 192.168.1.124 which is the IP of the computer you are configuring its Firewall.
Next go to "Remote IP address" and enable "These IP addresses" and enter the IP range of your VPN server subnet. example 10.8.0.0/24
Please make sure you check and see the "VPN Subnet / Netmask" in advanced settings in VPN server to make sure you put the right address for the VPN server subnet if you changed the default addresses while configuring the server.

Please read carefully and make sure you follow the guides images for reference.
I would suggest you defaul the VPN server and enter the data again and export a new .ovpn file.

let me know if you still have problems.

 

[yorgi]

The .ovpn file was recreated under the most recent settings, and I can see the branch computer connected to the VPN server through the Asus router GUI.

The current setup for our office is as follows:

Internet --> Modem --> Asus RT-AC88U (192.198.99.1) (VPN - 192.168.98.0) --> Switch --> Office Computers and Office Server (Server 2003)

Server has no firewall enabled, so the only firewall I think that would need any configuring would be the one maintained by the Asus router, correct?

The computer I was messing with last night was my home computer, running Win 10. (home)
The computer I need this to work on is a branch computer running Win 7. (client)
When looking at the clients that are connected to the router, I can't see the client's ip. Not sure if that matters or not, but I do see the client under the VPN - Status menu.

The client can ping the Asus router, but can't ping any other computer (server included) on the work lan.

also i forgot this part

Windows:
After you install the program go to c:\windows\program files\openvpn\config
and copy the client1.ovpn file that exported from the VPN server.
If you don't want to put a password each time it prompts you then do the following.
in the same directory where you have the config file create a new text document and all it vpnpass.txt
Open the vpnpass.txt and enter your username and pass like the example below, assuming the username is don and the pass is xxx do it like this, you need to have username in one line and underneath the password like in the example below.
don
xxx
now open the ovpn.txt file with notepad ++ and where you see auth-user-pass add the txt file you created in your config file like this;
auth-user-pass vpnpass.txt
Now when you start the openvpn program you have to right click and start as administrator in order for it to work right.
Right click on openvpn program and start as admin.
You will see the openvpn gui on the system tray icons and right click then look for the .ovpn file and connect. If you called it clien1.ovpn thats what you are looking for.
You should now be connected to your VPN server.

 

[dtak]

When you configure a VPN server you should leave the subnet at 10.8.0.0 not 192.168.98.0 look at the images from my guide and do it the same. done. subnet set back to 10.8.0.0
If you have a windows server 2003 why the hell would you disable the built in windows firewall? that is a big "NO" You should never disable a windows firewall, its huge security risk especially for an office. This was done just to see if the firewall was preventing access to the client.
are you sure we are talking about the same firewall? or are you talking about the firewall from the router?
When you load the .ovpn file on the server or on any computer I would suggest using openvpn program from this link https://openvpn.net/index.php/open-source/downloads.html you need openvpn-2.4.3.zip
and install it on each devices that has to connect to the VPN server. This is the program I'm already using.
Then load the .ovpn file you exported from the ASUS VPN server on the openvpn program that you installed. Put username and password and
Then connect to the ASUS VPN server with the open vpn program you installed on your computers. All completed and connection exists.
at this point you need to do following for each windows computer you need to have access for shares and remote desktop ;

Go to windows search and type in windows firewall with advanced security and right click and run as administrator.
For windows 7 pc go to control panel and firewall then advanced. You need to have administrator rights to do this process.
Then right click on inbound rules to create a new Inbound rule.
Rule type click on - Program
Program click on - All Programs
Action click on - Allow the connection
Profile enable Domain, public and private enabled,
Now give it a name for example Allow VPN Server and then click on SAVE.
Next Look for the rule you created in the inbound rules section and double click on it so you can see the properties.
Go to Protocols and Ports tab and In "protocol type" enter "TCP"
In "local port" enter "All Ports"
In "Remote port" enter "All Ports"
Then click on the "Scope" tab and in "Local IP addresses" click on "these IP addresses" and enter the computers IP address that you want to access for example 192.168.1.124 which is the IP of the computer you are configuring its Firewall.
Next go to "Remote IP address" and enable "These IP addresses" and enter the IP range of your VPN server subnet. example 10.8.0.0/24
Please make sure you check and see the "VPN Subnet / Netmask" in advanced settings in VPN server to make sure you put the right address for the VPN server subnet if you changed the default addresses while configuring the server. All completed on client's machine.

Please read carefully and make sure you follow the guides images for reference.
I would suggest you default the VPN server and enter the data again and export a new .ovpn file. Re-created and exported. Then uploaded onto client's machine.

let me know if you still have problems.

Connecting the client to the VPN server hasn't been an issue. I've been using OpenVPN and your op After all the above, I am still unable to map to the server's shares.

 

[yorgi]

Connecting the client to the VPN server hasn't been an issue. I've been using OpenVPN and your op After all the above, I am still unable to map to the server's shares.

The fact that you changed the subent back to 10.8.0.0 I would default the Server then reboot the router and enter the data again and export a new .opvn
I would also try to disable the server 1 and use server 2. maybe something got corrupted.
Also to be sure, disable the firewall on one of the windows pc's and try to access a share with the firewall off, It should work instantly if its not a firewall related issue.
If all this doesn't work then I would do a factory reset on the router and unplug it from the wall and let the capacitors discharge.
then go and enter the data all over again. when upgrading a firmware if you miss the unplugging the unit from the wall it will never clear the VRAM and you may have old configuration that is corrupt and not allowing the router to do its job.
I have had same issues recently and I had to do some crazy trouble shooting but at the end it was a default and rebooting the router that fixed the it.
let me know if it works.

 

[yorgi]

Connecting the client to the VPN server hasn't been an issue. I've been using OpenVPN and your op After all the above, I am still unable to map to the server's shares.

I forgot to mention.
I had the exact issues you where having when I updated firmware prior to .67 which I recommend you put because it works without issues for me.
I couldnt reach the shares even when I disabled the firewall from the windows pc.
what solved it was doing a default on the OpenVPN server and rebooting the router.
After that I entered the data again on the Server and exported a new .opvn and everything worked like a charm.
so you are not the only one having these issues.
It will be fixed because I know from myself that it works.
let me know how it works out

 

[dtak]

I forgot to mention.
I had the exact issues you where having when I updated firmware prior to .67 which I recommend you put because it works without issues for me.
I couldnt reach the shares even when I disabled the firewall from the windows pc.
what solved it was doing a default on the OpenVPN server and rebooting the router.
After that I entered the data again on the Server and exported a new .opvn and everything worked like a charm.
so you are not the only one having these issues.
It will be fixed because I know from myself that it works.
let me know how it works out

Thank you so much for all the help so far. I'll have to try all this later this evening and I'll update in the morning with any progress.