Setup OpenVPN with Asus Router

Discussion in 'Accessories' started by Rick Simonton, Jan 12, 2019.

Share This Page

  1. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    Hello,
    I've been advised by you kind folk that I should set up an openVPN for remote access to my Hik IP cameras from an iPhone. My Router is an Asus RT-AC86U with support for OpenVPN. To accomplish this I'm following the procedure as described here...
    I'll be using OpenVPN Connect on my phone.
    My questions are, is this a good approach?
    Is there a downside that is not obvious to this noob?
    How do I tell if my address is static or dynamic?
    Did I post the in the right place?


    Thanks in advance!

    Rick
     
    GentlePumpkin likes this.
  2. Whoaru99

    Whoaru99 Pulling my weight

    Joined:
    Dec 22, 2018
    Messages:
    423
    Likes Received:
    159
    Location:
    Here
    Odds are you have a dynamic IP. If you had static you'd probably remember needing to configure the router accordingly.

    Provided that's true you'd also want to set up a dynamic DNS account with one of those services too. I use the DynDNS service and OpenVPN to access my system.
     
    Last edited: Jan 12, 2019
  3. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    Great! Thanks for the reply! I think I have that covered as the router OpenVPN setup has the option to create a web address for the client rather than a IP address.

    But I do have a Question... The router generated a file called client.ovpm and a folder with two documents inside cert.pem and key.pem.
    I think the latter two in the folder are related to the DNS function you are referring to, but the instructions did NOT cover what to do with them. They were referred to as a certificate. I see that I have nothing listed in my certificates section on OpenVPN Connect on the phone app.

    At this point when i try to access the VPN on the phone, it reports back with "Authentication failed".
     
    Last edited: Jan 12, 2019
  4. Whoaru99

    Whoaru99 Pulling my weight

    Joined:
    Dec 22, 2018
    Messages:
    423
    Likes Received:
    159
    Location:
    Here
    In the OpenVPN app on the phone typically you'd import the OPVN file exported from the router.

    The dynamic DNS stuff is a completely different thing to set up regardless of using OpenVPN.

    Dynamic DNS allows you to always use the same domain name to access the VPN despite a changing dynamic IP address.

    Been a while since I set up those two, but I think you'd want to set up dynamic DNS before OpenVPN so the VPN knows the domain name to hit to get to your public IP.
     
    Last edited: Jan 12, 2019
  5. SouthernYankee

    SouthernYankee IPCT Contributor

    Joined:
    Feb 15, 2018
    Messages:
    1,725
    Likes Received:
    957
    Location:
    Houston Tx
  6. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    Thanks for Responding ...Yes I think Ive done that and it had me export two addition files separate from the .opvm files. They are " inside cert.pem" and "key.pem", but i don't know what6 to do with them. At this point when i try to access the VPN on the phone, it reports back with "Authentication failed".
     
  7. Whoaru99

    Whoaru99 Pulling my weight

    Joined:
    Dec 22, 2018
    Messages:
    423
    Likes Received:
    159
    Location:
    Here
    I believe those are certificates to authenticate the web page of (presumably) the router. Without them you get warnings about untrusted website when you try to go to that address/domain. While that would be icing on the cake I think that's probably not why the VPN isn't working.
     
    Last edited: Jan 14, 2019
  8. catcamstar

    catcamstar Getting comfortable

    Joined:
    Jan 28, 2018
    Messages:
    759
    Likes Received:
    446
    Depending on your openVPN client (eg iOS / android), you can either "try" to import these certificates in your wallet, OR (and this is what I did), include them in the .ovpn file itself: Openvpn23ManPage – OpenVPN Community

    Especially if you want to have the additional security with HMAC, you can easily include that key into the .ovpn file.

    Hope this helps!
    CC
     
  9. SouthernYankee

    SouthernYankee IPCT Contributor

    Joined:
    Feb 15, 2018
    Messages:
    1,725
    Likes Received:
    957
    Location:
    Houston Tx
    Never used the perm files. Just opvm files. My openvpn cients connect with no problems.

    I use Android and windows.
     
  10. Whoaru99

    Whoaru99 Pulling my weight

    Joined:
    Dec 22, 2018
    Messages:
    423
    Likes Received:
    159
    Location:
    Here
    I'm presently using a Linksys router for VPN, not an ASUS router, but same here with W7 and W10, an Android phone (mine), and two iPhones (work, and hers).

    Have used Netgear routers with OpenVPN too, same client set, and dealt only with the .ovpn file to make it work as well.
     
  11. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    Baby steps! But I'm getting closer! I found that I mis typed the user name in the profile page of OpenVPN Connect on the iphone...DAH! So I fixed that and now it appears I have the VPN working! There is a VPN indicator just to the right of my wifi indicator on the top left of the phone. I started it with wifi only and with cell only, so I think it's working...BUT...how do I get to my hik cameras? Or to my home network?
     
  12. Whoaru99

    Whoaru99 Pulling my weight

    Joined:
    Dec 22, 2018
    Messages:
    423
    Likes Received:
    159
    Location:
    Here
    If you are on the VPN then, essentially, you are on your LAN.

    I'm not familiar with Hik cams. To access my Dahua cams from a remote computer, I start the VPN then put the IP of the camera I want to access in the address bar of the browser.

    Or, from smart phone, you start the VPN and use one of the IP camera apps. I've heard of TinyCam and a couple others. I use the free version of Onvifer on my phone if I want a quick look. If the Hik cameras don't need a special plug-in to view in a browser you might be able to simply use the IP as mentioned before to pull up a view on your phone.
     
    Last edited: Jan 15, 2019
  13. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    As I understand it, with my VPN on I launch iVMS 4500 app to see the camera. I've tried to add my camera to devices but its not connecting. I'm fairly sure I'm doing it wrong.
    But I also don't know how to see my network so i'm not 100% sure the VPN is working correctly. I do get the VPN logo at the top of my iphone.

    Rick
     
  14. SouthernYankee

    SouthernYankee IPCT Contributor

    Joined:
    Feb 15, 2018
    Messages:
    1,725
    Likes Received:
    957
    Location:
    Houston Tx
    Rick
    start simple.
    I am assuming your device is a phone.
    With the openvpn on your phone turned off. The phone cell network off. Using the phone and app iVMS4500 at home on the wifi connect and use the app. Does it work connect and use see the cameras ?

    If yes. Then at home, disable the wifi on the phone, enable the cell network. Start the openVPN app. Do you get the green horse shoe icon on the top of the screen? If not it is not connected. If it is connected use the app. make no changes to the iVMS4500 app. Does it work ?

    If no then your problem may be your cell network or the openVPN.
    Go to a remote location with wifi, coffee shop, work, library .... Connect your phone to the local wifi, turn off your cell service. Verify that the phone is connected to the wifi , go to a few web site. If connected start the openVPN app. do you have the green horse shoe. If not your openVPN is not configured correctly. If you have the green horse shoe try the app. Does it work
     
  15. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    Yes iPhone 6 plus ios 11.2.6

    Can we start even simpler? The answer is NO but i don't think i'm entering the device data correctly to iVMS4500. I need to confirm the correct way to do this. Tomorrow I will focus on that.
    In the mean time i can tell you I can access the login pages (using IP address with safari) of the cameras with CEL OFF (airplane mode), WIFI ON and VPN OFF, but not with VPN ON.

    HOWEVER... I CAN NOT access the login pages (using IP address with safari) of the cameras with CEL ON, WIFI OFF and VPN ON or OFF.

    Thank you for time!
    Rick
     
  16. SouthernYankee

    SouthernYankee IPCT Contributor

    Joined:
    Feb 15, 2018
    Messages:
    1,725
    Likes Received:
    957
    Location:
    Houston Tx
    I am not an apple person.

    Login to your asus router.
    From your home PC/MAC provide a screen shot of your ASUS router home page !
    On the asus router open the system log screen. note the time in the log.
    From your phone on the cell network open and connect with the vpn client.
    Save the asus system log file. Post the new items in the log file
     
  17. Whoaru99

    Whoaru99 Pulling my weight

    Joined:
    Dec 22, 2018
    Messages:
    423
    Likes Received:
    159
    Location:
    Here
    Out of curiosity, what provides your internet connection?
     
  18. SouthernYankee

    SouthernYankee IPCT Contributor

    Joined:
    Feb 15, 2018
    Messages:
    1,725
    Likes Received:
    957
    Location:
    Houston Tx
    The OP has never answered back with any information. A waste of time
     
  19. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    Not a waste of time. Sorry it took me 24 hours to respond, but I had not got a response for weeks, I thought everybody gave up on me.
    My IP is spectrum.

    I’m am guilty of not responding to your previous suggestion Jan 17, because I wanted to do it thoroughly and thoughtfully, but I’ve become overcome by events that I’m still addressing.

    I will be following up ASAP. I’m very appreciative of you and everyone from IP talk who are taking their time helping me with my system.
    Rick