Skip to main content

How to Enable OpenVPN Server at ASUS Router

Today I created VPN to my home network. I need an access to my local resources and lab at home server from Internet. Here is how to enable OpenVPN server at ASUS router and how to configure сlient side at Windows. 

 First of all enable OpenVPN at  ASUS router.

Step 1. Open VPN Tab in Advanced Settings Menu

Step 2. In VPN Server - select OpenVPN section and enable OpenVPN Server


Step 3. In Basic OpenVPN configuration change VPN details from General to Advanced Settings

Here is a very useful recommendation:
 You can change the default settings of the OpenVPN server to provide a custom OPVN file for a specific   connection type.
 To use your own key, click the yellow link to modify settings.
 Refer to the System Log for any error messages related to OpenVPN.
 Before configuring the advanced settings of the OpenVPN server, ensure that these advanced settings options   are compatible with the OpenVPN software in the client devices.
After checking System Log at client and server sides  I've found a lot of option I have to changeTo avoid errors and warnings settings on both sides must be identical.

By default ASUS enable VPN for user admin. So be careful and set a strong password for the administrator. You can create your own VPN account, and I highly recommend it, and never use the administrator account but you can not removing it from the list of VPN users.

For access to VPN I'm using OpenVPN client from https://openvpn.net/index.php/open-source/downloads.html

OpenVPN has clients for Windows, Mac OS X, Linux OS as well as Mobile Clients for iOS/Android.

After finishing the setting at ASUS Router, change VPN details from Advanced Settings to General and press Export button.  Router will automaticaly generate a .opvn file with the Certification Authority key. You can download this file and import it to the local client. Don't forget to generate a strong password to the VPN account.

Including multiple machines on the server side when using a routed VPN

Once the VPN is operational in a point-to-point capacity between client and server, it may be desirable to expand the scope of the VPN so that clients can reach multiple machines on the server network, rather than only the server machine itself.

 For the purpose of this example, we will assume that the server-side LAN uses a subnet of 192.168.122.0/24 and the VPN IP address pool uses 10.8.0.0/24 as cited in the server directive in the OpenVPN server configuration file.

 First, you must advertise the 192.168.122.0/24 subnet to VPN clients as being accessible through the VPN. This can easily be done with the following server-side config file directive:
push "route 192.168.122.0 255.255.255.0"

 This command should be added to the Custom Configuration
Do not forget to apply these changes!

Comments

Post a Comment

Popular posts from this blog

How to replace Supermicro IPMI SSL and TLS Certificate

I decided to replace SSL and TLS Certificates at my Supermicro IPMI (Intelligent Provisioning Management Interface). Warning:     Server will restart after cirtificate update !  There are many options how to create Certificates. Here is two options. One is for Linux and the second is for Windows. Let's start with Linux. To create certificate you need OpenSSL at your Linux installation. It's included in almost all distributives. To check version of OpenSSL use this command: #openssl version OpenSSL 1.0.2g  1 Mar 2016 I suggest to use at least 2048 bit certificate. First we create private 2048 bit RSA key. The filename can be any you wish, in this example I will store private RSA key in pvt.pem. #openssl genrsa -out pvt.pem 2048 or  you can user genpkey option #openssl genpkey -algorithm RSA -out pvt.pem -pkeyopt rsa_keygen_bits:2048 Using this private RSA key I create Certificate Request #openssl req -new -key pvt.pem -out crt.pem Then I use my privat
Post a Comment
Read more

How to configure IPMI from IPMICFG Utility

IPMICFG Overview IPMICFG is a utility for IPMI devices configuration. It is a command line tool providing IPMI commands and Supermicro proprietary OEM commands. It is designed for easy to use and no pre-installation required. Use it for basic IPMI configuration and BMC status reading and monitoring. Features:  Set up IPMI IP Address  Set up IPMI Configuration  Configure IPMI User Management  Configure IPMI FRU  Manage System Event Log (SEL)  Manage IPMI by node management (NM) protocol IPMICFG Linux version will automatically use linux built-in ipmi driver from ipmitool to access BMC. If there is no ipmi driver loaded, IPMICFG will use its internal API to access BMC. However, the performance will be slow. Note:  You should use root permission to launch IPMICFG. Here is a step to load ipmi driver. You should be type these command to activate openIPMI driver: # modprobe ipmi_msghandler # modprobe ipmi_devintf # modprobe ipmi_si  Installing IPMICFG #  un
Post a Comment
Read more

How to Enable Console at EVE-NG

By default EVE-NG disable console access. You can use VNC to get console access to VM. By editing  GRUB_CMDLINE_LINUX  in  /etc/default/grub I've added console=tty0 console=ttyS0,115200 to enable console access using virsh console eve-ng command. GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200 net.ifnames=0 "
Post a Comment
Read more