RT-AC68U w/merlin 376.45 - OpenVPN questions

[lucidry]

Hi Folks,

I am a novice when it comes to setting up VPN, configuring keys, routing, etc.

I have sort-of gotten the OpenVPN working, using the 'Export OpenVPN configuration file' I have tested connectivity with OpenVPN connect on Android (importing the ovpn file) and as well from a Windows machine at work (using OpenVPN gui), they connect and show up on my router's 'VPN Status' page when connected. (it is set with default vpn ip of 10.8.0.x)

However, I am unable to really access anything LAN related. I can't ping any of my machines (192.168.1.x) from the Windows machine, nor can I ping the assigned IP 10.8.0.6 from the windows machine (I can however ping 10.8.0.1)

And no local resources seem available. I cannot connect to any samba shares from the vpn'd windows machine.

I have also gone through the easy-rsa key generation process.. I havn't put those entries into the 'Content modifications of keys & certificates' section yet though as I'm just testing it out with the auto-generated ovpn and trying to ensure I have full LAN connectivity including samba shares and what not.
(--- when i do eventually plop those entries into those fields, will the ovpn file generated list the different .key and .crt files in there automatically or do you have to manually edit the ovpn file? ---)

Some of the reading online suggests some IP forwarding and static routes that need to be inputted, and yet other threads I've read suggest it should just work.

I have disabled windows firewall on both of the machines (windows side behind the 192.168.1.x subnet, and the vpn'ing in windows machine with the 10.8.0.6 address)

Here are my settings:
VPN Details tab:
VPN server mode: OpenVPN
Select server instance: Server 1
Interface type: TUN
Protocol: UDP
server port: 1194
Firewall: Auto
Authorization mode: TLS
username/password authentication: No
Extra HMAC: Disable
VPN Subnet/Netmask 10.8.0.0 255.255.255.0
poll interval: 0
Push Lan to clients: yes
direct clients to redirect internet traffic: no
respond to dns: no
encryption cipher: AES-256-CBC
compression: adaptive
tls renegotiation time: -1
maanage client-specific options: no

------------- EDIT ----------
sorry, i wrote the wrong IP, at one point i'd tried changing from 10.8 to 192.168.8 for testing..
at one point i was able to connect to \\10.8.0.6\c$ as well as ping, from my windows machine on the 192.168.x but only once among my testing, havn't been able to do that again...

Anyone who can point me in the right direction, it would be appreciated.

 

[netmik3]

I never got Windows shares working

 

[SavageWS6]

Question I know you wanna use OpenVPN via the router, but would you consider using the client on your PC? I was considering using OpenVPN on my router also, but there is only certain things I need to use the VPN on so I just run client side via my PC

 

[lucidry]

Will I need to use TAP instead of TUN to get access to my machines on the network?

Or can someone outline the exact 'routes' I'd need to set up? would I need to do that in conjunction with 'iRoutes' ?

 

[Alfsu]

Master Browser?

Have you try changing setting for "respond to dns:" to yes? Clients need to be able to query the VPN Server with dns requests, right?

Also, try enabling the router (hosting the VPN server) as the "Master Browser" for your LAN.

Good luck!

 

[bilboSNB]

Rather than disabling windows firewall try:

http://www.sevenforums.com/network-...ion-incoming-scope-rule-different-subnet.html

 

[frriction]

I am able to use local network using PPTP vpn server but I do not know how to setup OPENVPN to do the same.

For PPTP go to dhcp setting and change the range from 192.168.1.255 to 192.168.1.145 than change client ip in vpn setting 192.168.1.146 to 255

I really like to setup openvpn to do the same.


Sent from my iPhone using Tapatalk

 

[lucidry]

Well, I hadn't enabled it because I wasn't even able to do IP addresses, and the DNS wouldn't play a part in communicating with IP..

I did try enabling that, however, but it made no difference.

 

[lucidry]

can someone explain

Could someone please explain what I'm doing wrong with this line of thinking?

I thought perhaps using TUN, i may be able to put my DHCP range for my LAN from 192.168.1.2 to 192.168.1.127 (128 hosts), and put the VPN Subnet / Mask to:
192.168.1.192 / 255.255.255.224, allowing 32 hosts (including network & broadcast addresses)
however, when i input that in the VPN details tab, and hit apply, i get
* conflict with the router's DHCP IP pool:192.168.1.2 ~ 192.168.1.127

--i'd tried to configure the LAN as 192.168.1.1 , and subnet mask of 255.255.255.128 , but that made no difference, same error came up.

is it just a limitation of TUN that you can't be on the same subnet period? even if you've sectioned out blocks of IP's in the same subnet separately? Or am I doing it wrong?

 

[RMerlin]

You should use a completely different subnet for the OpenVPN client pool, otherwise you will run into routing issues. For instance with the default gateway.

 

[FredTheDog]

Did you ever get this sorted?

I am trying to do the same on my A68U using Merlin 374.40_alpha4, have the VPN configured the same and can connect without issue. When the VPN is connected I can get to my NAS on my home network by entering its IP addr and port into Firefox. Can log in and navigate around no problem. However using my MAC, when I try to mount a share on the NAS over VPN I get an error that the NAS 's IP addr isn't available. Like you am new to all this stuff and am only using the basic ovpn file created by the router.