Finally getting there . . .
Thanks for the tip L&LD. I followed the instructions carefully, but still could not get it to work. The instructions mentioned "Manage Client-Specific Options". I was not sure what this does, but when I selected it, it asked me for key authority details. I did not know what to put here, as the Merlin ASUSwrt set up screen created all the certificates automatically, and included them automatically in-line inside the client1.ovpn file. So I left this unchecked.
As other matters became pressing, I had to put the project to one side for a few days.
Then I discovered what I had been doing wrong. My ISP gives me 2 separate public IP addresses, so on the second public IP address I had set up a test RT-AC66U with different IP pool, with a test NAS attached. This router/NAS were supposed to represent my home server for testing purposes.
But when I moved my test NAS from across to this test network, I had changed its fixed IP address to match, but forgotten to change the gateway and DNS IPs on its configuration screen. Doh!
When I relaised this, I changed from fixed IP to DHCP on the NAS, and then reserved its IP address on the router. The NAS now always picks up automatically the correct gateway and DNS IP addresses.
I also noticed that the NAS had a different Windows workgroup specified. So I changed that to match the test laptop I am using as an OpenVPN client. (I am not using a Windows domain.)
The router (RT-AC66U with Merlin 378.56_2) VPN server "Advanced" set up screen also has 2 settings for "Respond to DNS" and "Advertise DNS to clients". It looked like these should be enabled, so I did that too.
My test laptop (Windows 7 Ultimate) has OpenVPN client installed, and I have it connected to the network using my other public IP address. (It is *much* more convenient to have both VPN client and VPN server in the same building, during the testing phase
)
On the OpenVPN client laptop I opened the Windows 7 firewall to accept UDP and TCP packets. The outside of the tunnel uses the Merlin default (UDP) but what is inside the tunnel is probably mainly TCP. I was not sure which I needed, so I opened both.
The Windows firewall settings need a "from" IP address - I was not sure if this should be the public IP address of my test router, its VPN 10.8.0.x number, or its internal 192.168.x.x number. So I opened for all of these.
So now my laptop (with OpenVPN client installed) can connect to my test NAS (behind another router on a different public IP address). I can map drives on my NAS, but only by specifying its IP address (192.168.x.x) and then clicking "Browse" in Windows Explorer.
I can't map using the NAS device name, nor can I ping it. Only using its internal IP address 192.168.x.x works.
So now I can access files while on the move, which I guess is success
Tasks remaining:
1-reverse some of the settings I changed to get it working, to find out which ones I really need, and which had no effect.
2-Similarly, on the OpenVPN client's Windows 7 firewall, to remove the "holes" I don't need
3-to remove from the test router those certificate and key files which should stay secret
4-to find a way to get the NAS to show up on the OpenVPN client, in Windows 7 Explorer under "Network"
5-to be able to map in Windows using the NAS device name rather than IP address.
The last two are necessary so that other members of the family can also access the NAS while travelling. I can't ask them to enter an IP address, as it will meet resistance and be "too complicated"
Setting this up has all been much more complicated than I first imagined, but satisying at the same time, now that it is (almost) working.
If any experts have got to the end of this very long post without falling asleep, I would really appreciate some tips about 4 and 5.
PolarBear.
