VPN Primer for Noobs

[erkme73]

I guess I should have said, cheap and very inexperienced with all of this. If $60 gets the job done, then I will gladly cut my teeth along that route. Thanks for the suggestion though, I looked it up and the first couple pictures I looked at made it seem like this would be much more difficult than configuring the built-in VPN of a new router. Maybe I'm wrong though.

Consider the Asus RT-AC68U... It can be had for $100 or less. There's a TM-1900, a TMobile variant which can be flashed (even by a newb) to function 100% identically to the stock Asus RT-AC68U - and those can be had for sub-$50 when on sale.

I recently flashed mine to the Asus-Merlin fork (which is a much more capable version of the OEM firmware). Either stock or with Merlin, the OpenVPN server that is built in makes it stupid simple. Rather than having to create custom keys and certificates, it does it all for you. With stock settings, you click one button and it creates an .ovpn config file that you import on the OpenVPN connect client (the software you run on a PC/Android/iFruit), and it just works. It allows you to hop onto your local network from anywhere on the web. It is so easy to do, I was able to do it (and I am an total VPN greenie).

 

[cordes]

Consider the Asus RT-AC68U... It can be had for $100 or less. There's a TM-1900, a TMobile variant which can be flashed (even by a newb) to function 100% identically to the stock Asus RT-AC68U - and those can be had for sub-$50 when on sale.

I recently flashed mine to the Asus-Merlin fork (which is a much more capable version of the OEM firmware). Either stock or with Merlin, the OpenVPN server that is built in makes it stupid simple. Rather than having to create custom keys and certificates, it does it all for you. With stock settings, you click one button and it creates an .ovpn config file that you import on the OpenVPN connect client (the software you run on a PC/Android/iFruit), and it just works. It allows you to hop onto your local network from anywhere on the web. It is so easy to do, I was able to do it (and I am an total VPN greenie).

Consider the Asus RT-AC68U... It can be had for $100 or less. There's a TM-1900, a TMobile variant which can be flashed (even by a newb) to function 100% identically to the stock Asus RT-AC68U - and those can be had for sub-$50 when on sale.

I recently flashed mine to the Asus-Merlin fork (which is a much more capable version of the OEM firmware). Either stock or with Merlin, the OpenVPN server that is built in makes it stupid simple. Rather than having to create custom keys and certificates, it does it all for you. With stock settings, you click one button and it creates an .ovpn config file that you import on the OpenVPN connect client (the software you run on a PC/Android/iFruit), and it just works. It allows you to hop onto your local network from anywhere on the web. It is so easy to do, I was able to do it (and I am an total VPN greenie).

Thanks for the model suggestions. I'll look into all of this and report back.

 

[catcamstar]

Thanks for the model suggestions. I'll look into all of this and report back.

The thing is: OpenVPN can run nearly everywhere, the TPlinks/Asus/Netgears of this world who provide them OOTB with a OpenVPN server is great for (inexperienced) home users, however depending on your backend solutions (eg synology nas): these may host this OpenVPN Service too. If you employ a BI server who runs 24/7, then you might opt for that route too to add OpenVPN onto it.

Choices choices choices

Good luck!
CC

 

[cordes]

OK it looks like my Archer A7 router will indeed do this. Per several youtube videos, I've generated a cert, exported it, sent it to my wife's phone, and opened it in OpenVPN for android. For some reason, OpenVPN says "waiting on server reply" the whole time. When I try to type the IP address for my router into Chrome on her phone, that times out. Any ideas? I'm sure I'm missing something simple here. Thanks for all the help so far, I can do everything on my home network really well as a result of all the help I've received here. That's pretty amazing.

 

[wittaj]

OK it looks like my Archer A7 router will indeed do this. Per several youtube videos, I've generated a cert, exported it, sent it to my wife's phone, and opened it in OpenVPN for android. For some reason, OpenVPN says "waiting on server reply" the whole time. When I try to type the IP address for my router into Chrome on her phone, that times out. Any ideas? I'm sure I'm missing something simple here. Thanks for all the help so far, I can do everything on my home network really well as a result of all the help I've received here. That's pretty amazing.

First obvious one is making sure her phone is not on the home wifi and is on cellular.

Next thing is if it works on your phone and not hers - are you both on same cellular provider as one may block the common used VPN port and you would need to change it.

 

[cordes]

Thanks. I know hers was on the wifi. For clarification, I don't use a cellular telephone at all. I just have everything working on my desktop at home. I'm pretty proud of that, given my skill set. I'll try it tomorrow with her wifi turned off. Thanks!

 

[cordes]

OK. We turned off the wifi, and when in the OpenVPN app, it just said waiting for server reply. I must be missing a simple step on this.

 

[wittaj]

Did you create a user/pw for her OpenVPN account (I seem to recall needing to do that)? And who is the cellular provider?

 

[cordes]

Did you create a user/pw for her OpenVPN account (I seem to recall needing to do that)? And who is the cellular provider?

I did not create a username or anything. So far, I've just checked the box in my router menu and generated the certificate; I then downloaded the app to her phone, and used the file from my computer to attempt a connection.

She has Boost Mobile which is owned by Sprint I believe

 

[SouthernYankee]

@cordes
What IP address are you using, it must not be the local address, it must be the internet address.
From the phone can you PING the internet address, you may need to enable ping in your router.
Who is your internet provider ?
Is your internet cell, fiber, coax ?
Who is your cell phone provider ?


Private ip addresses. Local IP addresses. These addresses are NOT used by the internet. They are for your local home/business network.
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255

 

[wittaj]

Hmm, I followed this guide and created a user and PW:

OpenVPN on a Asus router

Sept 2021 Turned off comments because of ads July 2021 Bought a new Asus router, an RT-AX86U. Loaded it right away with Merlin firmware, s...

randyshomeprojects.blogspot.com

 

[cordes]

@cordes
What IP address are you using, it must not be the local address, it must be the internet address.
From the phone can you PING the internet address, you may need to enable ping in your router.
Who is your internet provider ?
Is your internet cell, fiber, coax ?
Who is your cell phone provider ?


Private ip addresses. Local IP addresses. These addresses are NOT used by the internet. They are for your local home/business network.
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255

Thanks. I must be doing this entirely incorrectly. I was trying to put in the same address that I have the NVR set to. I have no idea how to ping anything. My internet provider is Frontier, it's DSL. My wife's cellphone provider is Boost Mobile, which I think is owned by Sprint.

Hmm, I followed this guide and created a user and PW:

OpenVPN on a Asus router

Sept 2021 Turned off comments because of ads July 2021 Bought a new Asus router, an RT-AX86U. Loaded it right away with Merlin firmware, s...

randyshomeprojects.blogspot.com

Thanks a ton. I'll check that out. I'm sure it'll be remarkably similar on my A7.

 

[cordes]

OK, I'm still a little fuzzy on how all of this works, but I did enable the DDNS on my router, which now has an domain name of MYNAME.tplinkdns.com Will that be where I go on the phone? You guys have been more than helpful here. I feel like I must be getting fairly close with this.

 

[wittaj]

The DNNS has to be part of the certificate that goes to the phone.

So create a new certificate and send to the phone and try again.

 

[cordes]

I just tried it again, and I'm still stuck in "waiting for server reply" land. I must be missing something.

 

[Kitsap]

I just tried it again, and I'm still stuck in "waiting for server reply" land. I must be missing something.

I am only familiar with the Open VPN application on Android. Once you have generated the certificate files and copied them to the phone, you have to run the application and import the profile into the application.

 

[Jay Roman]

I just tried it again, and I'm still stuck in "waiting for server reply" land. I must be missing something.

I Literally just wen through this whole process and got it working !!

Ima be honest I have not read your previous post, but follow this guide to the T and it will work.

OpenVPN on a Asus router

Sept 2021 Turned off comments because of ads July 2021 Bought a new Asus router, an RT-AX86U. Loaded it right away with Merlin firmware, s...

randyshomeprojects.blogspot.com

I am more than happy to help you set it up.


My biggest obstacle was my ISP. I needed them to make the router/modem they provided me set to bridge mode.

are you seeing an error message that is talking about how your WAN is a Private IP?

This is in reference to what they call a double NAT Situation.

 

[cordes]

Still not working for me. I tried watching a ton of videos, but nothing worked. Calling it quits for tonight, but I'm not giving up.

 

[Sam.oliv3ira]

I have a doubt. I have a 5416 4k s2 nvr, which i bought on Ebay, and unfortunately the admin account is blocked. I am able to have local access via Wi-Fi to cameras and recordings. If I configure with a vpn network will I be able to access the nvr anywhere?

 

[wittaj]

Yes, if you do the VPN like OpenVPN that puts you back into YOUR network, it should work like you are sitting on the couch.

The paid VPNs that HIDE your IP address for illegal video streaming and porn LOL will not work.