VPN setup RT_AC66u Asuswrt-merlin 380.59

[cliver]

Thanks martinr sound like I have been trying to overcomplicate things again. Its certainly a lot simpler and having read your post seems secure enough do I'll dump my CA and all the keys and certs it has generated and go with your suggestion and add passwords to each client. Many thanks.
PolarBear I think we were booth overthinking it. My scenario will be sorted using matrinr's guide above. Hope it works for you.

Sent from my Nexus 6P using Tapatalk

 

[cliver]

You're most welcome.

Another thing: your home network and the remote one ( to which you connect your device) must have different network addresses. If they are both, let's say, 192.168.1.x then, unferstandably, chaos would ensue.

Good point martinr I have changed my home network to an abstract one in the 10.x.x.x range as many hot spots in cafes etc tend to use 192.168.1.x or 0.x so the possibility of clashing is greatly reduced by going for something in the middle of the 10. range.

Sent from my Nexus 6P using Tapatalk

 

[martinr]

By the way, the block of 4 settings from Push LAN to clients to Advertise DNS to clients are all set to Yes in my Advanced settings.

And Questions 4 and 5 - that's nothing to do with setting up a homegroup on Windows is it? I've just now set up a homegroup on my laptop (experimenting) and I now see all the other devices under Network in Windows Explorer.

 

[cliver]

By the way, the block of 4 settings from Push LAN to clients to Advertise DNS to clients are all set to Yes in my Advanced settings.

And Questions 4 and 5 - that's nothing to do with setting up a homegroup on Windows is it? I've just now set up a homegroup on my laptop (experimenting) and I now see all the other devices under Network in Windows Explorer.

I just use the same workgroup name on each client and it works for me.

Sent from my Nexus 6P using Tapatalk

 

[martinr]

.....sound like I have been trying to overcomplicate things again....

Don't worry: I did exactly the same. I came from DDWRT to Merlin and I realise my mindset was "none of this is supposed to be easy". My mindset now, after nearly 3 years with Merlin, is the opposite.

 

[cliver]

Last question, I hope [emoji39]. If I turn off the VPN server whole not using it and turn it on when needed, will it come back up with the same settings? I.e will the client OVPN file still be valid?
I'm guessing it will but don't want to turn it off and find out I'm wrong [emoji31]

 

[martinr]

Last question, I hope [emoji39]. If I turn off the VPN server whole not using it and turn it on when needed, will it come back up with the same settings? I.e will the client OVPN file still be valid?
I'm guessing it will but don't want to turn it off and find out I'm wrong [emoji31]

Perfectly valid question and you 're wise to ask. It's as you thought: it'll start up again and all your settings will still be valid.

 

[Chiny91]

An old thread revived but I have to thank martinr for that post. I've been avoiding actually setting up a VPN server for some years using all sorts of excuses, router bugs, too complicated, not just yet... Well-reported attacks on IPcams eventually forced me to start researching configuring VPNs, horrendous. Then I read the martinr post and it just worked (TM) OpenVPN server now working on -Merlin, just a few minutes after deciding to do it. Of course, the magic is really in -Merlin s/w.

The OpenVPN stuff looks lovely in my log server with lines like:

Data Channel Encrypt: Cipher 'AES-128-GCM' initialized with 128 bit key

Chuffed.