Tunnel between ASUS router and Linux

[nikki]

I need to create a simplest ip tunnel between Asus rt-68 and linux server. The traffic is already encrypted, so I'm not interested in (double) encryption, but I'm very interested in speed.

At first I planned to use gre or ipip tunnels, but realized that the kernel modules for that tunnels are not included in Asus firmware. So, what is my best options now?

 

[Lost Dog]

I need to create a simplest ip tunnel between Asus rt-68 and linux server. The traffic is already encrypted, so I'm not interested in (double) encryption, but I'm very interested in speed.

At first I planned to use gre or ipip tunnels, but realized that the kernel modules for that tunnels are not included in Asus firmware. So, what is my best options now?

Could you use a ssh tunnel? I'm not sure if the router has ssh compiled with the "none" cipher option or not but you could pick one of the other options that may have a very low encryption overhead.

 

[nikki]

Well, the full story: I need to pass all traffic from one local TCP client behind the ASUS router to the external Linux Server, do SNAT on the server side and release the traffic pretending it is originated from the server.

So, I planed to create a tunnel between asus router and linux server, use source based routing at the router side and pass all traffic from the specific client to server, and use SNAT on the server side.

I don't have an idea of how can I implement such thing with ssh tunnels.

By now I'm trying to configure L2TP client on the router. But I noticed that it created default route to the ppp? interface and also replaces DNSes on the router side. It is apparently not what I want. Can this behavior be disabled?

 

[RMerlin]

You could also do it with OpenVPN. That's how I handle backups for one of my customers between his datacenter and his offices (where backups are stored on a NAS). The OpenVPN server sits in a VM in the datacenter however, not on a router, but the idea remains the same.

OpenVPN would be far more flexible than L2TP.

 

[nikki]

Ok, I'm tring to configure openvpn client on the router with TLS authorizaton. However the openvpn is not starting, and I got an error in log:

Sep 23 22:49:21 rc_service: httpd 480:notify_rc start_vpnclient1
Sep 23 22:49:21 kernel: tun: Universal TUN/TAP device driver, 1.6
Sep 23 22:49:21 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Sep 23 22:49:21 openvpn[19139]: Options error: Unrecognized option or missing parameter(s) in config.ovpn:22: tls-remote (2.3.7)
Sep 23 22:49:21 openvpn[19139]: Use --help for more information.
Sep 23 22:49:21 syslog: VPN_LOG_ERROR: 433: Starting OpenVPN failed...

And that's my config:

vpn_client1_poll=0
vpn_crt_client1_static=
vpn_client1_errno=0
vpn_client1_nm=255.255.255.0
vpn_client1_cipher=none
vpn_client1_addr=<cut>
vpn_client1_reneg=-1
vpn_client1_username=
vpn_client1_comp=no
vpn_client1_retry=30
vpn_client1_gw=
vpn_client1_enforce=0
vpn_client1_adns=0
vpn_client1_tlsremote=1
vpn_client1_if=tun
vpn_crt_client1_crl=
vpn_crt_client1_crt=
vpn_client1_clientlist=
vpn_client1_custom=
vpn_client1_rgw=0
vpn_client1_remote=10.8.0.1
vpn_client1_rg=0
vpn_client1_state=0
vpn_client1_crypt=tls
vpn_client1_useronly=0
vpn_client1_bridge=1
vpn_crt_client1_ca=
vpn_client1_firewall=custom
vpn_client1_proto=udp
vpn_client1_port=1194
vpn_client1_password=
vpn_client1_cn=
vpn_client1_hmac=1
vpn_client1_userauth=0
vpn_client1_nat=0
vpn_crt_client1_key=
vpn_client1_local=10.8.0.2

Firmware:378.55