VPN SETUP

Discussion in 'General BI Talk' started by Tyyees, Nov 1, 2018.

Share This Page

  1. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    81
    Likes Received:
    11
    Location:
    Northeast
    ***This post started out as VPN VENTURE it is NOT. It turned into a post about setting IP addresses when two routers are involved. With the help of several learned members especially CATCAMSTAR I can now work on the VPN. Nothing to learn about a VPN in this post.

    In the process of setting up my VPN on my Asus router and ran into this problem:

    Noted: If the wireless is using a private WAN IP address (192.168.x.x, 10.x.x.x, or 172.16.x.x), this router may under a multi-layer NAT network. The DDNS service is not able to work under this environment.
    If you have any doubt with your IP, Please refer your ISP for detail information.

    Apparently I fall under that rule. Can anyone tell me how to circumvent this issue? I have a dsl/router, service providers equipment, and a Asus ac1900 dual band gigabit router. The setup seems not that difficult but I don’t know what to do about this issue.
     
    Last edited: Nov 10, 2018
  2. SouthernYankee

    SouthernYankee IPCT Contributor

    Joined:
    Feb 15, 2018
    Messages:
    958
    Likes Received:
    417
    Location:
    Houston Tx
    How is the Asus connect to the internet. Be specific. Who is your internet provider.
    If the DSL/ROUTER is not in passthru mode, the asus router will not work for OPENVPN.
     
  3. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    81
    Likes Received:
    11
    Location:
    Northeast
    Southern Yankee my Asus is connected to the internet via the dsl modem. Cable from dsl modem to Asus modem. I have the Asus set in wireless router mode. According to my provider the visionnet modem/router can’t be set as pass thru, bridge, etc and the wireless can’t be disabled. I can set up a VPN in the visionnet but I haven’t researched that yet. My provider tech strongly suggested using the Asus if possible. According to the tech they can’t provide advice on how to set up their modem. I quest what you saying is I must set this up on the visionnet? Thanks
     
  4. catcamstar

    catcamstar Pulling my weight

    Joined:
    Jan 28, 2018
    Messages:
    473
    Likes Received:
    210
    Yes, at least you have to setup port forwarding FROM your visionnet modem TOWARDS your ASUS router. eg if you have configured UDP 1194 on your asus, that port needs to be forwarded to your asus IN your visionnet thing. Otherwise you cannot connect. But then you have to include your WAN IP address within the ovpn profile, and cannot work with the (handy) ddns service within your asus router. But there are ample services (eg no-ip.com) in which you can manually setup and maintain dns hostnames. And then you can include that DNS name within your ovpn profile.

    Hope this helps!
    CC
     
    drrich1101 likes this.
  5. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    81
    Likes Received:
    11
    Location:
    Northeast
    Catcamstar thanks for the advice. I somewhat understand what you’d saying, not having my provider modem/router being able to be used as a pass thru; that’s about it. The rest I have no clue what your talking about. More researched needed I guess.
     
  6. looney2ns

    looney2ns IPCT Contributor

    Joined:
    Sep 25, 2016
    Messages:
    5,899
    Likes Received:
    3,941
    Location:
    Evansville, Indiana
    What is the exact model number of the dsl modem. Should be a sticker on it to tell you.
     
  7. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    81
    Likes Received:
    11
    Location:
    Northeast
    Looney2ns the model is M505N the only modem they supply. My provider stated they have disable some of the functions of the routers when installed. They charge a fee of $5.00 per month for a static IP address if that is an issue here. I’d just like to know if this is possible to do before spending to much time on something that can’t be done.

    catcamstar indicates it can be done, I think. He also suggested a service like no-ip.com which is a paid service after free trail. Checking into his portforwarding suggestion but I think there’s a monthly cost there also?
     
  8. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    81
    Likes Received:
    11
    Location:
    Northeast
    I contacted my service provider several more times and came across a tech that said modem bridging could only be done at the main office not at tech level support. He transferred my request to them and I’m waiting for a call. Hopefully that solves a few problems.
     
    Bob27 likes this.
  9. catcamstar

    catcamstar Pulling my weight

    Joined:
    Jan 28, 2018
    Messages:
    473
    Likes Received:
    210
    I never had to pay a buck for no-ip.com. But I don't need it anymore, as my ISP also charges $$$ for fixed IPs, but mine never changed in the past 4 years... Even with power cuts, the modem receives the same IP over and over again (which has its advantages and disadvantages). So my .ovpn profiles are hardcoded on IP address, not a DNS. But if you do it the same way like I did, you must built-in a safeline where you have some sort of trail on "discovering" the newly received IP address when your ISP drops you a new IP address. Whether or not it is worth the $5/m, that's up to you.

    Port forwarding within your ISP modem/router shouldn't be a chargeable component either, but better be sure to ask it when they call you back. It's either port forwarding to your VPN server infrastructure, OR alternatively, have them deploy a DMZ on your modem, in which your ASUS gets fully "exposed" on the internet (which it is fully capable of handling, both security and performance wise).

    Hope this helps a bit more!
    CC
     
  10. drrich1101

    drrich1101 Getting the hang of it

    Joined:
    Oct 16, 2018
    Messages:
    123
    Likes Received:
    42
    Location:
    Usa, New York
    I pay for a dyndns account for my office, which allows up to 30 hosts, so I use that account, but I tried no-ip.com recently as a test for a different piece of hardware.
    Just wanted to say that the “free” no-ip account hosrname expires every 30 days, which almost makes it worthless.
     
  11. J Sigmo

    J Sigmo Getting comfortable

    Joined:
    Feb 5, 2018
    Messages:
    474
    Likes Received:
    417
    I believe that when you set up the VPN in an Asus router, Asus provides the DNS to track your IP if it changes. What gets coded into the .OVPN files is a URL (yourname.asuscomm.com) that points to the account Asus maintains for you, and they resolve that to your actual IP.

    This is free since you bought your router from Asus. So you shouldn't need to worry about the IP address your ISP assigns. Static, changing, whatever, as long as you're setting this up on an Asus router.
     
    looney2ns and icecoffee like this.
  12. drrich1101

    drrich1101 Getting the hang of it

    Joined:
    Oct 16, 2018
    Messages:
    123
    Likes Received:
    42
    Location:
    Usa, New York
    Thanks you are definitely right about that. I set up the dyndns account many years ago for my office, so I merely added a host name I use the Asus router to check in with dyndns periodically to update my IP if it changed. There was no need to set up another dynamic act with Asus.
    But you are correct and thank u. (No Asus router at my office so I need the paid service there plus they do webhops etc
     
  13. catcamstar

    catcamstar Pulling my weight

    Joined:
    Jan 28, 2018
    Messages:
    473
    Likes Received:
    210
    But back to the OP: if your asus is on an internal lan (behind another router/gateway) like 192.x, 10.x, your dyndns agent running on your asus isn't able to send out its "real" WAN ipaddress to the DNS system, which renders it useless.
     
  14. drrich1101

    drrich1101 Getting the hang of it

    Joined:
    Oct 16, 2018
    Messages:
    123
    Likes Received:
    42
    Location:
    Usa, New York
    How might that happen? I only have one router, the Asus and its wired to my modem.
    Why would I want a second router? I do have multiple switches though
     
  15. catcamstar

    catcamstar Pulling my weight

    Joined:
    Jan 28, 2018
    Messages:
    473
    Likes Received:
    210
    I referred to the 1st post (@Tyyees ) which noted:
    Your Asus is "first in line", then dyndns (and others) work, because your router knows the WAN IP. If you ain't (because you are behind a 1st router, nat, gateway,...) these services tend to fail.
     
    icecoffee likes this.
  16. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    81
    Likes Received:
    11
    Location:
    Northeast
    Catcamstar I called my isp internet support one more time and spoke to a very knowledgeable tech. I explained again what I was trying to accomplish and he was more than willing to help resolve my issue. He in fact had the same set up as mine, same provider, but different coverage area. That turned out to be a key issue. Short story after 1 1/2 hours trying we had no success, with a work around. Not matter what he tried he could not get the two routers to communicate with each other. Because of the isp’s set up it requires a change to the dsl modem/router for my situation to work, password and user name not available to them because of regional restrictions. He said he has had several other customers call about the same problems and has been able help but not in my case. The bottom line is without being able to bridge this modem nothing can be done period, and no matter what you try, NO work arounds. Of course there is going to be a fee for the bridging.

    What I’m going to do,at his suggestion, have my modem Bridged at my isp main office. Instead I’m going to purchase a new modem from them and have it bridged and keep the other modem in reserve in case I fail at setting up a a VPN and screw up my setting.

    All of this has nothing to do with setting up a VPN on a second router. Catcamstar and a few other are well aware of what I’m talking about. I really still don’t understand but I’ll spent a few more dollars and see what happens.
     
  17. SouthernYankee

    SouthernYankee IPCT Contributor

    Joined:
    Feb 15, 2018
    Messages:
    958
    Likes Received:
    417
    Location:
    Houston Tx
    Is it possible with your service provider to purchase your own modem, that will work with your service and provided the needed bridge to the ASUS router ?
    Who is your service provider ?
    What is the make and model number of your modem/router ?
     
  18. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    81
    Likes Received:
    11
    Location:
    Northeast
    Southern Yankee: yes they will allow you to buy whatever modem, modem/router you want but it has to be set up by them ie: password and username to access their network. They modify the software settings, at least in their modems and I assume any modem you give them for bridging. Tech support says they do this so customers don’t fiddle with the settings. It cuts down on service calls when a customer changes settings they shouldn’t. I’m guilty of that myself. The only modem they supply is a Visionnet. You can buy the same modem from other sources but the software will NOT be the same. Their modems are about $60.00. Don’t know what they charge for bridging hopefully nothing if I buy from them. On Monday I will have my answers to all these questions. There are the only game in town so I don’t want to piss them off.
     
    catcamstar likes this.
  19. looney2ns

    looney2ns IPCT Contributor

    Joined:
    Sep 25, 2016
    Messages:
    5,899
    Likes Received:
    3,941
    Location:
    Evansville, Indiana
    Have you tried logging into your modem and looked to see if you indeed have access to set bridge mode or a DMZ.
    http://crc.visionnetusa.com/Support...M505N_R3-1/VNET_S3Manual_M505N_R3-1_v0_1f.pdf
     
    Tyyees likes this.
  20. Tyyees

    Tyyees Young grasshopper

    Joined:
    Oct 31, 2018
    Messages:
    81
    Likes Received:
    11
    Location:
    Northeast
    Looney2ns thanks for the information. I have spent hours researching this problem and I have a copy of the modem manual, specifically mine, but as I stated in previous posts the software is altered, for my isp. There is no problem logging into the modem software. The problem is the needed software enteries aren’t there as shown in the manual. Even if they were there several key ingridents are missing, company sign in authorization and password. Not my passwords the companies internal passwords. It’s difficult to explain but this project is at a standstill until they decided to help me. Like other isp’s they live up to there reputation on being difficult and slow to respond. I’m not going to push the issue. So it’s just a wait and see game at the moment.
     
    catcamstar and looney2ns like this.