Menu
What's new
By:
Filters Better Search

Is policy based VPN client possible with stock firmware ASUS RT-AC5300?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

Jazzinc

New Around Here
I am stoked to get my RT-AC5300 tomorrow. I've been studying and reading up all day today and yesterday. Previously, I used a netgear R7000 with DDWRT but I like the stock firmware features for the ASUS with time capsule support and smart connect.

So, to be able to get the latest firmware, can I set up the VPN on the ASUS to a policy based client tunnel to the US for my TV IP address only, or do I need merlin's December firmware build for that? I can't find anything in the manual.

I'm really trying to do the work, but all help is appreciated.
 
Not possible on stock.
 
RMerlin said:
Not possible on stock.
Click to expand...
You so much for your time and all your work. The merlin from where is easily the best alternative for me, because I get to stay close to the original firmware and all its features.

Might I bother you with one more question? Would there be any benefit to try the Alpha firmware versus the latest stable build? The most important features for me will be policy based VPN client and time machine on 3tb USB 3.0 drive.
 
Jazzinc said:
Might I bother you with one more question? Would there be any benefit to try the Alpha firmware versus the latest stable build? The most important features for me will be policy based VPN client and time machine on 3tb USB 3.0 drive.
Click to expand...

I would recommend running the alpha build due to its improvement in managing the nameservers while using policy-based routing.
 
RMerlin said:
I would recommend running the alpha build due to its improvement in managing the nameservers while using policy-based routing.
Click to expand...

I don't mean to abuse your Canadian patience and good manners, but I don't understand what that means. Could you tell me what that means?

By the way, I am exctatic with your firmware on my 5300AC. It was so simple to set up and configure compared to the classic R7000 with dd wrt and I still have full use of all the cool features such as time capsule functionality, mobile app and the parental controls of the Asus which wouldn't be possible with the DD wrt firmware. I do feel like I'm having my cake and eating it too!
 
Jazzinc said:
I don't mean to abuse your Canadian patience and good manners, but I don't understand what that means. Could you tell me what that means?
Click to expand...

It's quite technical. The short version is: it will work better for people who use policy-based routing.

The longer version: VPN clients will use the DNS pushed to you by the OpenVPN server, while WAN clients will remain with the DNS provided by your ISP (or manually configured by you, if you changed them). This is required as some VPN providers will reject DNS requests sent to a different DNS (to prevent DNS-related leakage of information), and some VPN providers pushes a DNS server that isn't accepting resolution requests outside of the VPN tunnel. The changes are summarized in these two commits:

https://github.com/RMerl/asuswrt-merlin/commit/72bf4a2b341be0bebb5bce61c0660c7ef7e106f7
https://github.com/RMerl/asuswrt-merlin/commit/3a0739824502154a06c5bf81df3073245b8bfbe4
 
Just some feedback. Uploaded the latest 380.58 alpha build to my 5300 today and the first impressions these past 4 hours are very positive. Better VPN and seemingly better and more stable wifi after testing several places. Faster too, but that might also be because of the small changes I made in the Smart Connect rules. Very happy.

RMerlin said:
It's quite technical. The short version is: it will work better for people who use policy-based routing.

The longer version: VPN clients will use the DNS pushed to you by the OpenVPN server, while WAN clients will remain with the DNS provided by your ISP (or manually configured by you, if you changed them). This is required as some VPN providers will reject DNS requests sent to a different DNS (to prevent DNS-related leakage of information), and some VPN providers pushes a DNS server that isn't accepting resolution requests outside of the VPN tunnel. The changes are summarized in these two commits:

https://github.com/RMerl/asuswrt-merlin/commit/72bf4a2b341be0bebb5bce61c0660c7ef7e106f7
https://github.com/RMerl/asuswrt-merlin/commit/3a0739824502154a06c5bf81df3073245b8bfbe4
Click to expand...
 
You must log in or register to reply here.

Similar threads

M
Asus RT-AX57 VPN for only some devices
Replies
2
Views
1K
L&LD
L&LD
D
Proper VPN Policy Rules
Replies
2
Views
308
Dougj
D
C
RT-AX3000 gen 1 is unbale to go back to stock firmware
Replies
4
Views
279
canserman
C
G
Asus firmware IKEv2 VPN security issue
Replies
7
Views
1K
rung
R
S
Need SSH-customizable security-oriented router with strong firmware, drivers, and kernel support
Replies
11
Views
612
SDF07S
S
Similar threads
Thread starter Title Forum Replies Date
4 AiProtection & router-based VPN are incompatible ASUS Wi-Fi 8
M Asus routers with VPN fusion ASUS Wi-Fi 1
T WireGuard VPN - 2FA ASUS Wi-Fi 7
M VPN setup with ASUS, QNAP and SOPHOS ASUS Wi-Fi 1
G Asus firmware IKEv2 VPN security issue ASUS Wi-Fi 7
A Continuous issues with Wireguard VPN on Asus RT-AX86U ASUS Wi-Fi 0
R VPN server: run on RT-AC68U or RPi 3? ASUS Wi-Fi 19
M VPN menu missing on Asus AX11000 ASUS Wi-Fi 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 913 (members: 23, guests: 890)
Top