openvpn on asus merlin using power lines

[loady]

i needed wifi upstairs and have been down the repeater route which does not allow openvpn to work, so i went over to dd-wrt and got that working up to a point where i have routing or firewall issues that no one can help me with...so i decided to purchase some power lines so that i can connect the asus N66U directly to my isp router, i want to be able to use openvpn, is this going to be possible ? what mode would i need to set the router to as repeater mode disable openvpn

 

[CaptainSTX]

To run the VPN client on your ASUS router you will need to double NAT it behind your ISP's router. A basic set of instructions are attached.

If you want to run a VPN server you will also need to double NAT your router but I can't remember if the older firmware on the N66 will allow you to get a server working.

 

[Val D.]

i needed wifi upstairs and have been down the repeater route which does not allow openvpn to work, so i went over to dd-wrt and got that working up to a point where i have routing or firewall issues that no one can help me with...so i decided to purchase some power lines so that i can connect the asus N66U directly to my isp router, i want to be able to use openvpn, is this going to be possible ? what mode would i need to set the router to as repeater mode disable openvpn

My advice to you is to use the N66U router as a repeater only (if extended coverage is needed) and run VPN clients on the devices. This router will cut down your VPN connection speed to 5-6Mbps, barely enough for 1 device anyway. For the money you are going to spend on power line adapters you can get a better router to replace your ISP provided one. You may no longer need repeaters after the router upgrade. ISP provided routers are usually weak WiFi devices.

 

[loady]

funny thing is it was working, i just couldnt get internet on the devices i was running the clients on connected to the ovpn server when connected, could browse the lan fine, once i disconnected the client i would get web connectivity back, also, i have my unraid server attached to the repeater and it runs plex as a docker, that had managed to route itself outside as i could access plex remotley without the vpn even running. So if i followed guide to double NAT, that will achieve my goal ?

I can understand why all the difficulty in getting this up and running, i never had the issue when i was with virgin media, they allowed your router to be put into modem only mode so as to allow you to add in your own router

 

[Val D.]

I'm sorry, the way you write your post it's really hard to understand what is connected where and what is working or not.

You had a similar thread few months ago and similar advise was given to you. As I understand, you have an ISP provided DSL router with no Modem Bridge mode. Forget about running OpenVPN on RT-N66U, it will be very very slow. Test your VPN through the ISP router. Test it through your repeater... whatever you have. If going double NAT route make sure the necessary ports are open on the ISP router (or use DMZ). Make sure the ISP router has VPN pass-through. And you probably know, repeaters will cut your throughput on half by using the same channel to communicate to the router and to the clients. You have so many restrictions on your network... a single device trying to transfer about 4MB/sec only through the repeater will basically eat all the available bandwidth. Think about wired APs instead of repeaters; running VPN on clients instead on a router; getting out of this 2.4GHz band to improve your network.

 

[CaptainSTX]

If going double NAT route make sure the necessary ports are open on the ISP router (or use DMZ)

While every ISP is different with the three ISPs I have used over the past fifteen years I have never had to port forward or result to putting the double NATed router in the DMZ to run a VPN client.

As an experiment I have quad NATed routers and every router in the string could successfully run VPN clients on all of them.

As for speed of an Open VPN client using an N66 I can get download speeds of 12 - 15 Mbps connecting to a server in a major city within 1000 miles.

 

[Val D.]

I have never had to port forward

- I have no idea what ISP DSL modem OP is using, so general recommendations
- Double NAT with no manual or automatic port forwarding may restrict many things

N66 I can get download speeds of 12 - 15 Mbps

I have a little different experience with RT-AC66U, same hardware router. With proper AES256 encryption (tested with NordVPN, they don't allow any other encryption) it goes down to 6Mbps and the router is barely usable with locked at 100% single core CPU. Can't even get to the WebUI properly during VPN transfers. May work better with other VPN protocols, but OpenVPN needs faster CPU.

 

[CaptainSTX]

Here is a speed test I just ran using my old N66. Server is about 270 miles from my actual physical location. Using PIA with AES-128 encryption is giving me 10.5 Mbps down. Using a server in NYC was a little faster.


https://www.speedtest.net/my-result/d/f5d0aa67-d61d-4285-9a8a-44ca95a2d1cb

The second test to the same server using AES-256. Only slightly slower.

https://www.speedtest.net/my-result/d/aea45d36-e7bf-4656-9c4d-6da0cbc6c669

In other tests I have done better.

 

[Val D.]

In other tests I have done better.

OK, let's say up to 15Mbps then.
OP to decide if it's enough speed for what he wants to use the VPN connection for.

 

[loady]

The speed I was getting was fine, I was able to watch films remotely from my server at 8mbs.

Let me clarify my setup I am on talktalk UK and have their WiFi hub, the WiFi doesn't reach upstairs, so currently I have the N66U upstairs running ddwrt in repeater mode, I get my full bandwidth performing a speed test on pc connected to repeater so signal wise it's all good, I got openvpn running and could browse my Lan remotely but when the openvpn client on my phone is connected to openvpn on the repeater I get no internet access on my phone, I have to disconnect to to get the internet back.

I purchased some power lines now thinking that it will be easier to set up what I need if the ISP router is connected to the N66U via cable using the power lines.

What procedure do I need to follow to get it working, I'm hoping that in AP mode openvpn won't be disabled on merlin, when using Merlin as repeater openvpn is disabled, openvpn on merlin worked flawlessy, I just set user and pass and exported .ovpn file to use on clients.

I can't connect the client to openvpn anymore, was entering different firewall rules and have deleted them now but something's broken, the only thing I can do is to reset router and start from scratch, I have the keys and certificates already created so just a matter of repasting them back in

 

[ColinTaylor]

...I'm hoping that in AP mode openvpn won't be disabled on merlin, when using Merlin as repeater openvpn is disabled...

I believe the OpenVPN server option only appears when it is in router mode.

 

[loady]

Hmmmm. I can run openvpn as docker on my unraid server, I also enabled remote access on the repeater and could connect from outside my network, maybe that could be another solution, if i can access my server through the VPN it would be secure, I could use remote access to the repeater to wol the server.

 

[loady]

I believe the OpenVPN server option only appears when it is in router mode.

So, can i run the n66u in router mode and somehow connect it to the isp router with power lines ?, if i can use openvpn on merlin as normal everything will be easy

 

[ColinTaylor]

So, can i run the n66u in router mode and somehow connect it to the isp router with power lines ?, if i can use openvpn on merlin as normal everything will be easy

Yes that's not a problem, you just connect the N66U's WAN port to one of your ISP router's LAN ports via the powerline network. You're essentially using the powerline adapters to create a point to point Ethernet connection instead of a cable.

As previously noted this would give you two separate subnets, one for the ISP router LAN (e.g. 192.168.0.x) and another for the N66U's LAN (e.g. 192.168.1.x). So to get remote access to the VPN server running on the N66U you will need to create a port forwarding rule on the ISP router.

 

[loady]

and i can run the n66u in router mode and use openvpn ?..i like to set my n66u subnet to 192.168.11.1 as this is the static ip address i have set for my unraid server. im hoping that the exported .ovpn file will set and solve all the problems im having with my current setup.

At this point in time, i have the n66u setup as a repeater and get great connection/speeds connected to the isp router, openvpn works fine and i can access remotely, the only problem is that what ever device i am using to run the client, when connected to server i lose internet connectivity on that device, tried this on my laptop and my phone

 

[ColinTaylor]

and i can run the n66u in router mode and use openvpn ?..i like to set my n66u subnet to 192.168.11.1 as this is the static ip address i have set for my unraid server. im hoping that the exported .ovpn file will set and solve all the problems im having with my current setup.

Because you will have double-NAT you'll probably need to edit the .ovpn file before giving to your clients so that it contains your public IP address.

At this point in time, i have the n66u setup as a repeater and get great connection/speeds connected to the isp router, openvpn works fine and i can access remotely, the only problem is that what ever device i am using to run the client, when connected to server i lose internet connectivity on that device, tried this on my laptop and my phone

I can't help you with that as it is a DD-WRT question.

 

[loady]

I can't help you with that as it is a DD-WRT question.

sorry, i meant if i was to return the firmware back to merlin

 

[ColinTaylor]

sorry, i meant if i was to return the firmware back to merlin

If you're asking about split tunnelling then that should work as it's mostly a client side configuration issue. But then again it should equally have been possible with DD-WRT.

 

[loady]

I got it working now with ddwrt but have hit another caveat. Should I be experiencing slow internet speeds on the device running the client ? I'm connected to openvpn on my laptop from a different Lan/network and I should be getting 60mbs but I'm only getting about 7mbs..if I disconnect the client it shoots back to 60mbs

 

[ColinTaylor]

I got it working now with ddwrt but have hit another caveat. Should I be experiencing slow internet speeds on the device running the client ? I'm connected to openvpn on my laptop from a different Lan/network and I should be getting 60mbs but I'm only getting about 7mbs..if I disconnect the client it shoots back to 60mbs

It sounds like you have not configured split tunnelling (correctly). It appears that all of the client's traffic is going through the VPN rather than just the remote LAN traffic. But as I said before, that's not something that I can personally help you with because I'm not familiar with DD-WRT's VPN setup.