Confused - Sort Of - VPN/Port Forwarding

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
2,365
Reaction score
1,374
Location
Houston Tx
can you ping your DDNS name xxxxxx.asuscomm.com . remember never display or show your DDNS name.

As a side note camera.asuscomm.com was in use and is address 31.10.99.203 which is in
City: Schwabisch Gmund
Country: Germany
Continent: Europe

I have used ASUS DDNS with no problems.

Are you still getting the yellow exclamation mark
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,067
Reaction score
318
I believe so , listed on their website is "ASUS DSL-AC55U Firmware version v1.1.2.3_743" and my router shows
Firmware Version:1.1.2.3_743
Click on the firmware version and it should take you to firmware upgrade section and you just click "check" to see if you have the latest firmware.
 

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
25
Reaction score
3
Location
United Kingdom
Hi,

Still getting the exclamation mark . However when I try to ping my new address thats been in place for over 48 hours it does not ping (not surprised) but it does resolve to an ip address that is owned by Vodafone - so a bit closer maybe ?
 

Hammerhead786

Getting the hang of it
Joined
Apr 23, 2018
Messages
110
Reaction score
49
Hi,

Still getting the exclamation mark . However when I try to ping my new address thats been in place for over 48 hours it does not ping (not surprised) but it does resolve to an ip address that is owned by Vodafone - so a bit closer maybe ?
I've pinged my domain name and it resolves to my external ip address. Is the ip address that is being resolved the same as your external ip? If not, then your DNS is broken. Also when you do ping, make sure you are not connected to your local network (wifi) and that your router is configured to respond to pings.
 
Last edited:

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
25
Reaction score
3
Location
United Kingdom
So made another step forward well probably more of a leap at this stage. My router has two places to set DNS.
1. In the LAN Settings
2. In the WAN Settings

I had 8.8.8.8/8.8.4.4 in the LAN settings and automatic for the WAN, as soon as I changed that to manual and put 8.8.8.8/8.8.4.4 in, the exclamation mark went away and I could ping smellybum.asuscomm.com.

Now I need someway to test it.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
2,365
Reaction score
1,374
Location
Houston Tx
1) Do you have the VPN client loaded on your phone ?
2) have you copied the client.ovpn file to your phone and installed it in the openvpn client ?

To test from home on the cell phone, just disable the wifi on your phone. This will force the openVPN app to use the cell network.
 

Hammerhead786

Getting the hang of it
Joined
Apr 23, 2018
Messages
110
Reaction score
49
So made another step forward well probably more of a leap at this stage. My router has two places to set DNS.
1. In the LAN Settings
2. In the WAN Settings

I had 8.8.8.8/8.8.4.4 in the LAN settings and automatic for the WAN, as soon as I changed that to manual and put 8.8.8.8/8.8.4.4 in, the exclamation mark went away and I could ping smellybum.asuscomm.com.

Now I need someway to test it.
The LAN settings should use your internal DNS server i.e. point it to the ip address of your router. The WAN DNS settings are for when you don't want to use your ISP's provided DNS servers. Glad you fixed that issue. As SouthernYankee said, disable your wifi on your mobile and then test again.
 

The_E

Young grasshopper
Joined
Jan 28, 2018
Messages
37
Reaction score
11
Location
Vancouver, BC Canada
For a group that preaches such tight security, I'm surprised at the Asus Router recommendations! Asus has been near the top of the list for backdoors and other security related issues. I think the only router manufacturer hit worse is DLink.
 

The_E

Young grasshopper
Joined
Jan 28, 2018
Messages
37
Reaction score
11
Location
Vancouver, BC Canada
Some light reading:

From 2017:

From 2016 and from your own Government:

From 2014.... do I need to keep going?
 

Holbs

Pulling my weight
Joined
May 1, 2019
Messages
177
Reaction score
141
Location
Reno, NV
keep at it with the OpenVPN. Sounds like you are nearly there. I took a whole 10 minutes to setup my Netgear Nighthawk router with OpenVPN (I assume nearly same setup procedure as ASUS routers).
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
2,365
Reaction score
1,374
Location
Houston Tx
I have never used auto update on anything except windows 10 home. It is not a security risk unless you used auto update. Not much of a risk.
 

gokiwi

n3wb
Joined
Oct 30, 2019
Messages
25
Reaction score
3
Location
United Kingdom
Would be interesting to know given that most of us probably look at various reviews to make our decisions on what we buy , for example ASUS (but then what xdsl router is NOT fully or in part made in China ? )make the top 10 on most UK based review sites.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,064
Reaction score
671
Since you asked.....no, not for my benefit.
Can you name a router that YOU would use or recommend?
I'm guessing The_E(TM)-not-hackable-routerd-on-earth :smash:
We have to face the ugly truth here: Lots of hacks/hit-and-misses are facing the most favorable platform - Windows was, by far, the breeding bench of virii across the world. Why? Because lots of people use(d) it, and it lacked some serious security stuff. Did that mean that you were safe on linux OS? Not at all, but why would anyone focus on such a niche platform, as it was already (too) difficult to ssh into such a rudiculous (no pun intended) text only terminal ;) But today the landscape did change (sometimes for the good): linuxOS is, sometimes really hidden for the human eye, almost everywhere! In your IOT devices (fridge, microwave, .. ), your printer, your car, your domotica system and ... IPcams. And as these things (often) never get a decent firmware upgrade, they lack any spine strength against common vulnerabilities. What can you do about it? Buying a new fridge every 2 years is not that economically intelligent, however you might drop your fridge in a separate network (vlan), so it cannot speak with others, nor others can speak with it, except with your wanted functionalities.

That ASUS is being blamed so much, is just like "Windows-being-blamed" back in the days. The good news with Asus: you could stick to the regular ASUS firmwares, or you might opt for the RMerlin branch (free!) which gets the CVE updates on the kernel much faster than ASUS itself. Except if you would work on your dlink/netgear/personal flavor/... with an openDD or others, you still have to do the upgrades/patching yourself.

If you would drive around with a tank with the windows open, you're still vulnerable, right?

On-topic:
- download the VPN client profile from the ASUS router to your pc
- edit the file with notepad/wordpad
- look for "server a.b.c.d 1194"
- change that to "server smellybummy.asuscomm.net 1194"

Upload file to your cellphone and off you go!

My (advanced) recommendations:
- change to an unknown port helps "hiding" your VPN service (eg 443 might be a good option, especially if your work network blocks outbound 1194)
- enable the VPN service in seamless mode (so it blocks all internet access if the VPN tunnel goes down). This ensures all your traffic (including mail/skype/...) are passed through the tunnel
- you can tweak around with the encryption settings (higher/lower) and protocol (UDP/TCP) if your 4G connection is not sufficiant to draw the video footages

Good luck!
CC
 

The_E

Young grasshopper
Joined
Jan 28, 2018
Messages
37
Reaction score
11
Location
Vancouver, BC Canada
I have never used auto update on anything except windows 10 home. It is not a security risk unless you used auto update. Not much of a risk.
What? With all due respect Sir, I think you've missed the mark here. But You already strike me as someone that's set on their opinions, so best of luck to you.
 
Last edited:

The_E

Young grasshopper
Joined
Jan 28, 2018
Messages
37
Reaction score
11
Location
Vancouver, BC Canada
I'm guessing The_E(TM)-not-hackable-routerd-on-earth :smash:
We have to face the ugly truth here: Lots of hacks/hit-and-misses are facing the most favorable platform - Windows was, by far, the breeding bench of virii across the world. Why? Because lots of people use(d) it, and it lacked some serious security stuff. Did that mean that you were safe on linux OS? Not at all, but why would anyone focus on such a niche platform, as it was already (too) difficult to ssh into such a rudiculous (no pun intended) text only terminal ;) But today the landscape did change (sometimes for the good): linuxOS is, sometimes really hidden for the human eye, almost everywhere! In your IOT devices (fridge, microwave, .. ), your printer, your car, your domotica system and ... IPcams. And as these things (often) never get a decent firmware upgrade, they lack any spine strength against common vulnerabilities. What can you do about it? Buying a new fridge every 2 years is not that economically intelligent, however you might drop your fridge in a separate network (vlan), so it cannot speak with others, nor others can speak with it, except with your wanted functionalities.

That ASUS is being blamed so much, is just like "Windows-being-blamed" back in the days. The good news with Asus: you could stick to the regular ASUS firmwares, or you might opt for the RMerlin branch (free!) which gets the CVE updates on the kernel much faster than ASUS itself. Except if you would work on your dlink/netgear/personal flavor/... with an openDD or others, you still have to do the upgrades/patching yourself.

If you would drive around with a tank with the windows open, you're still vulnerable, right?

On-topic:
- download the VPN client profile from the ASUS router to your pc
- edit the file with notepad/wordpad
- look for "server a.b.c.d 1194"
- change that to "server smellybummy.asuscomm.net 1194"

Upload file to your cellphone and off you go!

My (advanced) recommendations:
- change to an unknown port helps "hiding" your VPN service (eg 443 might be a good option, especially if your work network blocks outbound 1194)
- enable the VPN service in seamless mode (so it blocks all internet access if the VPN tunnel goes down). This ensures all your traffic (including mail/skype/...) are passed through the tunnel
- you can tweak around with the encryption settings (higher/lower) and protocol (UDP/TCP) if your 4G connection is not sufficiant to draw the video footages

Good luck!
CC
Sorry, this explanation is misleading and dangerous. I feel you're likely a respected member here and some folks follow your lead. You're doing them a disservice.

ASUS has been incredibly horrible about privacy and security.... this is well known amongst IT professionals and those reporting on IT. Besides the major leaks and exploits, there have been numerous smaller exploits and holes. Your Router is your gatekeeper to the world and is the main device standing between you and a lot of nastiness out there. Why accept that because you're a fanboy of ASUS?

Why do people here use dahua, Hikvision, and other decent quality cameras? Because they want to use a quality product that does a good job of performing the tasks expected of them. If quality wasn't a concern we'd all be using some $60.00 knock-off cams. So why would you be okay with sub-par performance from your router? What good is setting up a VPN when you have multiple exploits potentially allowing bad actors to penetrate your network?

I apologize for derailing this thread, it wasn't my intent.
 

The_E

Young grasshopper
Joined
Jan 28, 2018
Messages
37
Reaction score
11
Location
Vancouver, BC Canada
Since you asked.....no, not for my benefit.
Can you name a router that YOU would use or recommend?
As catcamstar alluded to, most, if not all routers brands have been or can be exploited. Where he and I seem to differ is on how a company learns about and deals with found code bugs and exploits. I have no interest in and don't sell them, but Netgear has been exemplary in setting up a bug bounty program and in squashing bugs and exploits in record time once discovered.

Router Brands to stay away from in my opinion:
DLink, Asus & TPlink (nothing wrong with these companies' switches, etc)

Decent router brands to date:
Netgear, Ubiquiti, Cisco
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,064
Reaction score
671
Sorry, this explanation is misleading and dangerous. I feel you're likely a respected member here and some folks follow your lead. You're doing them a disservice.

ASUS has been incredibly horrible about privacy and security.... this is well known amongst IT professionals and those reporting on IT. Besides the major leaks and exploits, there have been numerous smaller exploits and holes. Your Router is your gatekeeper to the world and is the main device standing between you and a lot of nastiness out there. Why accept that because you're a fanboy of ASUS?

Why do people here use dahua, Hikvision, and other decent quality cameras? Because they want to use a quality product that does a good job of performing the tasks expected of them. If quality wasn't a concern we'd all be using some $60.00 knock-off cams. So why would you be okay with sub-par performance from your router? What good is setting up a VPN when you have multiple exploits potentially allowing bad actors to penetrate your network?

I apologize for derailing this thread, it wasn't my intent.
I'm not offended by your post, I do like to learn from others, and most of all: I do respect everyone's opinion. It is true, that enabling "free" services (like the microtrend stuff) on ASUS may even deem a privacy issue on your network. I do hate ASUS for that. So labeling me as an ASUS fanboy, that is not true.

Let's look at the facts: how many end-user friendly home-routers exist with VPN onboard, decent wifi facilities and good firmware updates? At work, I'm used with CLI enterprise grade systems. Back in the day, the costs to implement a vlan was the price of half a car. But today, these capabilities come down to the home and the real end-user. At an affordable price.

So yes, I also started with an ASUS as edgerouter, but even myself experienced the limits & boundaries of these devices. I still employ an ASUS (but only for wifi & guest wifi), but my core network is now composed out of Ubiquity material.

I still advice ASUS for "newcomers" who aren't experienced networking gurus, for the latter I would advice other brands.

But we're stealing the show here ;)

Take care!
CC
 
Top