New RT-AC86U starting from scratch

[CaptainSTX]

Your ISP's modem-router will then forward your traffic on port 1194 to the Asus router upstairs. And your Asus router will start an OpenVPN connection and you should be able to access your network devices behind the Asus router.

Just one note to clarify your very complete instructions. If using Merlin's firmware then just VPN Server 1 uses Port 1194. VPN Server 2 uses a different subnet.

 

[loady]

Just one note to clarify your very complete instructions. If using Merlin's firmware then just VPN Server 1 uses Port 1194. VPN Server 2 uses a different subnet.

I dont think i need a second server running anyway. I am currently at another address where my downstream maxes out at 70mbs, when the server is connected it is 7mbs, i think this was resolved with a firewall script or or some other command but i cant remeber where it was was or which one it was, i have been twoing and throwing from asus and dd-wrt so there is a lot of conflicting info.

Fow what its worth, at this location, connected to the ovpn server i can also browse the ISP router GUI where that is situated

 

[PolarBear]

Fow what its worth, at this location, connected to the ovpn server i can also browse the ISP router GUI where that is situated

Yes, that makes sense, because the VPN extends a "tunnel" from your Asus router to your laptop at the remote location. So your laptop behaves as though it is connected to the LAN side of your Asus router.

 

[loady]

Still got the terrible speed issue though, it worked better as a wireless repeater on the ñ66u but ovpn is disabled in that mode so I was using DD-wrt, not supported by this model.

Do you know what the problem is, @ColinTaylor said something about tunneling but he told me off because I don't listen/understand

 

[Val D.]

I am currently at another address where my downstream maxes out at 70mbs, when the server is connected it is 7mbs,

You have up to 10Mbps upload speed on your home ISP line. Up to 90% of this speed becomes your maximum download speed when you connect to your OpenVPN Server from a remote location. I don't see anything abnormal here. When I connect to my VPN server (I use IPSec Server) I get about 18-19Mbps download speed, because my home ISP line upload speed is up to 20Mbps. No matter how fast the router is, the bottleneck is in ISP upload speed. RT-AC86U is capable of processing >250Mbps on OpenVPN, but your ISP speed has to match too, in upload for Server, in download for Client.

 

[loady]

I have had it running on the ñ66u fine, I don't understand why what you say is happening, I'm at a different location using a fast WiFi, isn't it because all the internet traffic is being routed via the VPN server when connected, in which case can't the internet traffic not be routed that way ?

What of my suggestion of if I can put the ISP router into bridge mode then hang the Asus directly off of it,, then use the power lines to run a GB switch upstairs ?

 

[Val D.]

I'm at a different location using a fast WiFi, isn't it because all the internet traffic is being routed via the VPN server when connected

What is a "different location"? Do you mean outside your home using someone else's WiFi? If so, your current ISP is the one at this location. When you connect to your VPN Server, the device you use becomes part of your home network and the ISP becomes your own at home. The upload speed of your home ISP (up to 10Mbps) limits your Internet access speed.

 

[PolarBear]

What of my suggestion of if I can put the ISP router into bridge mode then hang the Asus directly off of it,, then use the power lines to run a GB switch upstairs ?

The limiting factor seems to be the upstream speed of your ISP connection.

So reconfiguring a system which is now working properly (albeit slowly) will not give any speed improvement.

 

[loady]

I'm adamant this wasn't the case at some point with the N66U, was using DD-wrt though and had to setup openvpn manually, whats split tunneling then ?

 

[Val D.]

I'm adamant this wasn't the case at some point with the N66U

You can't increase your ISP speed by changing your hardware. You may only utilize what your ISP offers better.

whats split tunneling then ?

Split tunneling is something you configure on the Client side, telling the client what to use the VPN tunnel for. On the Server side you can configure what access clients can have - access to Internet, access to Intranet or access to Both. Let's say your Sever provides access to Intranet only, but no Internet access. Your Client must be configured to use the VPN tunnel for your private addresses only, but Internet for public addresses. Is it possible to do it this way on your clients depends on the configuration options available on those clients. Most home VPN Server users would prefer to have Internet and Intranet access through VPN for privacy reasons. When you connect to someone's WiFi (or to a public WiFi) you don't know what this network logs or what security settings it has. If you VPN all your traffic through your home router, you may use the security and privacy of your own network, being physically at a different location.

 

[loady]

Thanks, that was clear and concise, i understand that now, i think before i had LAN only with regard to what you said below, my client must have configured itself somehow, last night i turned on LAN only but wouldn't connect. Is it complicated to configure my client, i use openvpn connect on my laptop and phone, i can live with 10mbs for remote access, i am in the process of installing diversion and would be good to exttend its facilty to my laptop and phone if i am connected via vpn, 10mbs is ok enough to stream a film from my server at good quality, if i need to faster speeds on my laptop then i can just disconnect server.

n the Server side you can configure what access clients can have - access to Internet, access to Intranet or access to Both.

 

[loady]

i can confirm this now and i understand whats going on. When connected to VPN diversion is working on my laptop remotley, when i set the
Client will use VPN to access LAN only, diversion stopped working on my laptop and my speed shot up to below, i should only be getting 70mbs here, for some reason im getting 200+, thats nice of my ISP here.

 

[Val D.]

10mbs is ok enough to stream a film from my server at good quality, if i need to faster speeds on my laptop then i can just disconnect server.

Problem solved then. Except streaming movies I believe you have other things to do in life, so it's not really necessary to be connected to your VPN all the time. You can stay connected when using WiFi at hotels, airports, shopping malls, etc. for extra privacy and protection. Upgrade your home ISP line, when you have a chance. Faster Internet connection will allow you to use more of your new router's capabilities.

 

[loady]

Problem solved then. Except streaming movies I believe you have other things to do in life, so it's not really necessary to be connected to your VPN all the time. You can stay connected when using WiFi at hotels, airports, shopping malls, etc. for extra privacy and protection. Upgrade your home ISP line, when you have a chance. Faster Internet connection will allow you to use more of your new router's capabilities.

Yes i guess, untill i break it again. I honestly am having no problems with these power lines, my internet speed (here at HQ) is not fast enough to max them out by a long way, though i still cant connect to asus GUI from isp routers wifi, not a big issue but just bugging me, i think that has a lot to do with with double NAT and a bit beyond my scope ?

Going to head into the diversion thread now a pester them, not getting any ads blocked when connected.

 

[PolarBear]

i still cant connect to asus GUI from isp routers wifi, not a big issue but just bugging me, i think that has a lot to do with with double NAT and a bit beyond my scope ?

The Asus router does not know that your ISP's router is in your house, under your control. It sees an access attempt from your ISP's router as coming from "somewhere on the Internet" - maybe from a bad guy wanting to crack in. So by default, the Asus firewall blocks these access attempts.

OpenVPN on the other hand gets through, because when you set up the OpenVPN server on the Asus, this opened port 1194 on the Asus, allowing OpenVPN traffic from your ISP's router through the Asus's firewall.

EDIT
But you should be able to access the Asus GUI from your ISP router's WiFi, if you start an OpenVPN connection on your laptop, exactly as you would from a remote location.

 

[loady]

The Asus router does not know that your ISP's router is in your house, under your control. It sees an access attempt from your ISP's router as coming from "somewhere on the Internet" - maybe from a bad guy wanting to crack in. So by default, the Asus firewall blocks these access attempts.

OpenVPN on the other hand gets through, because when you set up the OpenVPN server on the Asus, this opened port 1194 on the Asus, allowing OpenVPN traffic from your ISP's router through the Asus's firewall.

EDIT
But you should be able to access the Asus GUI from your ISP router's WiFi, if you start an OpenVPN connection on your laptop, exactly as you would from a remote location.

But I thought you can't use VPN when you Lan side of the server as I am with my laptop at home, I'm connected to ISP router WiFi but VPN client on laptop doesn't connect if I am within the network, works fine remotely except I can't access ISP router over VPN at home, not sure if that may have something to do with the Lan IP submet at the remote location being the same as Lan IP home subnet at home, 192.168.1.1

 

[loady]

Could someone tell what I need to write and where so I can access the Asus router from the ISP router, I have diversion installed but it doesn't extend to the ISP router subnet because of the double nat situation ?

 

[Val D.]

I have diversion installed but it doesn't extend to the ISP router subnet because of the double nat situation ?

You have to use the RT-AC86U as a main router for all clients. Diversion won't extend to another subnet.

 

[loady]

You have to use the RT-AC86U as a main router for all clients. Diversion won't extend to another subnet.

My ISP is telling me I can't put the router in bridge mode, how can I use this Asus with my ISP equipment, is there a workaround ?

 

[Val D.]

is there a workaround ?

Leave your ISP router as is, put your RT-AC86U in DMZ on the ISP router, connect all your devices to RT-AC86U.
https://www.snbforums.com/threads/new-rt-ac86u-starting-from-scratch.60088/#post-525927