VPN Primer for Noobs

[DWW0311]

unfortunately i have googled and saw the complaints (and no solution) - am still trying to find out if someone found a workaround. +1 more instance on the complaint.

about OpenVPN - imported the .ovpn file and i assume the act of doing so applied it to my setting... i see my hostname automatically pr-epopulated correctly. router is AC5300 if that matters (dont think it does)

That's the tradeoff with cheaper wireless, I guess. Pay less & looks like you get less. Judging from the hordes of angry users still up in arms about it, I'm guessing nobody has found a workaround. About the only thing that I can think of -and it's a sh*tty option - is to configure OpenVPN to use a common port that ST does allow.

If you got the config file imported (OpenVPN / Menu / Import Profile from [wherever you stored it]) and it's greyed out - won't let you select that imported profile, my money is on the config file being faulty in some way - which means going back to the server and rechecking your work there.

 

[Michael Shen]

Ok thanks. that is why I mentioned router... Config is straight from their generated file.

problem with openvpn way is i cant get far enough to play with the ST ports as something is wrong with the 'simple' import

 

[NVR990]

your camera is a full blown computer running Linux; they just have to load there own malware onto it and off they go..

Thanks, Nayr. So, how would one determine if their cameras were hacked and infected with malware? I imagine that it might be tough to tell, if you are running a Gigabit LAN with high-speed Internet connection?

 

[e007]

Thanks, Nayr. So, how would one determine if their cameras were hacked and infected with malware? I imagine that it might be tough to tell, if you are running a Gigabit LAN with high-speed Internet connection?

I think most of the Internet providers have some type of a firewall.

Usually they disable internet access and send a warning, because operators don't want to be origin of attacks.

 

[Cupofschmoe]

Thanks, Nayr. So, how would one determine if their cameras were hacked and infected with malware? I imagine that it might be tough to tell, if you are running a Gigabit LAN with high-speed Internet connection?

You need to look at your traffic logs from either your router or managed or smart switch.

 

[NVR990]

I think most of the Internet providers have some type of a firewall.
Usually they disable internet access and send a warning, because operators don't want to be origin of attacks.

Well, I'm glad I haven't heard from my ISP, then .

You need to look at your traffic logs from either your router or managed or smart switch.

Thanks. Unfortunately, my router doesn't not log such info. Considering the ASUS BRT-AC828 when it becomes available (already shipping overseas). Does this seem like a good choice?

ASUS Announces BRT-AC828

 

[aabs]

Finally got my hands on a Asus88U

Set up OpenVPN on the router without much drama and decided connect and test with iPad.

Ipad connects to vpn and shows connected on iPad OpenVPN app and also on Asus Router. All good...... I thought......

Issue is that I cannot access any of my local clients
e.g. NAS drives, NVR, cameras on my LAN

my LAN subnet is 192.168.2.

So close but no cigar yet !!
I'm hoping it's a noob mistake that someone can spot easily

A few screen shots of my config

 

[DWW0311]

Finally got my hands on a Asus88U

Set up OpenVPN on the router without much drama and decided connect and test with iPad.

Ipad connects to vpn and shows connected on iPad OpenVPN app and also on Asus Router. All good...... I thought......

Issue is that I cannot access any of my local clients
e.g. NAS drives, NVR, cameras on my LAN

my LAN subnet is 192.168.2.

So close but no cigar yet !!
I'm hoping it's a noob mistake that someone can spot easily

A few screen shots of my config

Check your firewall rules to ensure that traffic is allowed between those two subnets (in both directions). Often the default is to treat a VPN subnet like a sandbox, and if that's the case, unless you explicitly allow the traffic nothing will ever talk to each other.

Also consider changing that OpenVPN port. It's standard / the default one, which means that hackers will include it in their portscans.

 

[aabs]

Here are some instructions I wrote up
Randy : OpenVPN on a Asus router

There are some router settings missing from the asus page that I needed to do to get it to work.
Also the Asus page doesn't discuss DDNS, which you should set up before VPN. Its in the instructions.

Randy

Followed this sticky kindly created by Randy but no mention of changing firewall rules?
All other docs I read had no mention of changing firewall rules ?

Read all they way through the thread again and maybe 443 is the reason I didn't read any firewall rules being set.

 

[aabs]

Okay now tried TCP443 but still no connection to my NAS or any clients or shares within my LAN when connected from WAN OpenVPN.

Another screen shot of my connection all the edited with red Ip are the same.
Is there suppose to be a value in the client ip ?

 

[MrRalphMan]

I'm not familiar with OpenVPN on the Asus, but on my Synology NAS my OpenVPN has the following option.

'Allow clients to access servers LAN'

Do you have that option and how is it set?

 

[DWW0311]

Okay now tried TCP443 but still no connection to my NAS or any clients or shares within my LAN when connected from WAN OpenVPN.

Another screen shot of my connection all the edited with red Ip are the same.
Is there suppose to be a value in the client ip ?

You want to avoid any of the commonly used ports. 443 is standard https. Pick something way up in the 40,000s IMO. Something odd that isn't used by anything else.

Again, check your firewall rules. If possible, post a screenshot of that page.

 

[randytsuch]

Okay now tried TCP443 but still no connection to my NAS or any clients or shares within my LAN when connected from WAN OpenVPN.

Another screen shot of my connection all the edited with red Ip are the same.
Is there suppose to be a value in the client ip ?

I don't think I had to change any firewall rules on my Asus to get this working.

When I open a connection from my iPhone, I see my ASUS DDNS address in the format "MyDDNSName.asuscomm.com" under server, and some random IP address for the server IP.
Did you setup Asus DDNS?

Did you look at the OpenVPN log file on the iPhone?
Mine says something like
Date Time EVENT: CONNECTED username@MyDDNSName.asuscomm.comort(Some IP Addrs) via /UDPv4 on tun/10.8.x.x/...


I'm assuming what you are trying to do with OpenVPN you can do at home, when directly on your network. VPN just makes your iPhone think its at home, on your wifi network.


Randy

 

[aabs]

Yeah it's all connected Randy all exactly as above but can't access any of my LAN clients as I can when physically on my LAN.

When I log onto the router from a client within the LAN & can see the client connected (ipad) on the OpenVPN server.

Router is a Asus DSL-AC88U if anyone had same issue resolved.

 

[randytsuch]

Router is a Asus DSL-AC88U if anyone had same issue resolved.

So it's combined DSL modem and router?
Maybe that has something to do with it?

My ASUS is just a router.

 

[aabs]

I'm not familiar with OpenVPN on the Asus, but on my Synology NAS my OpenVPN has the following option.

'Allow clients to access servers LAN'

Do you have that option and how is it set?

That sounds like the issue but no such option on the Asus OpenVPN, well not worded as simple as that

 

[Dseg42]

So the Asus router has a free VPN setup but people are using OpenVPN on their Asus routers.
Why - because it is better?
And I believe OpenVPN costs money, correct?

 

[aabs]

Asus router has OpenVPN server as standard, all is explained by nayr on the very first post

 

[tangent]

In this thread we're talking about the free open source "community" edition of OpenVPN not one of their paid services.
OpenVPN Community Software

 

[aabs]

I tried a windows tab tonight but exact same result!

I can see on the Asus OpenVPN screen that both iPad & windows tablets are connected but neither can browse the LAN when connected from external ip to the OpenVPN. Openvpn shows the connected client on 10.8.0.2 and my Lan is on 192.168.2.x but can't access any of the nodes I can access when physically on my LAN.

Screenshot from Windows tab log after logging onto Asus OpenVPN

Hope someone can help out as I'm out of ideas now and going round in circles