Is consumer Asus Router dangerous for OpenVPN/VPN Server application?

[Bert]

This has been discussed several times but I was not able to see any post related to using consumer router, it is mostly about using custom software solution.

I want to set up a simple OpenVPN server to reach my network when I am abroad. At least initially, I want to get it started by using the router ([VPN] How to set up a VPN server on ASUS router –IPSec VPN | Official Support | ASUS USA) and then add a more advance solution via PfSense. I am not fully versed about network security so even if I use PfSense, I don't know how to configure and set safe rules. I also played with it several times, it is time consuming to make it work and a dedicate machine consumes power.

Are there any major gotcha's going with Asus router to get things started?

 

[oldpenguin]

Main issue with all these do-it-all devices that you put at edge is how long they'll be receiving updates and security fixes.

Not owning any of their models, searched a few devices on their support website, that were manufactured between 2016 and 2019. They seem to get firmware updates for about 2 years, then sayonara. For the same price of a capable modern asus, better opt in for a mikrotik. I still get routeros updates for 2017 gen device.

What you won't get is the same "omg i clicked and it works" - needs a bit more, but there's plenty of tutorials everywhere. And it supports both openvpn and wireguard, I'd recommend using the latter for increased vpn speeds.

 

[gregsachs]

Softether is also nice, and will support openvpn clients.

 

[WanWizard]

I run Sophos UTM on x86 (for at least 15 years, from when it was the Astaro Security Gateway), it still is supported and receives updates.

Being x86 based, it means you can easily upgrade the hardware if you need more power (network throughput, utm performance). I currently have gigabit at the WAN side, 10G at the LAN side (multiple VLANs).

 

[eSk8er]

I just love my asus router. I run openvpn on the router and connect my phone to it and PiHole blocks the ads on my phone. The VPN trick also prevents the cellular network from throttling twitch/YouTube videos. I also use the router as a media player/nas , website and game server.

 

[Bert]

I don't need so much power at this moment, ssh into my linux systems is all I need.

Setting up OpenVPN on Asus router was very simple. It was more hassle to set up the client because OpenVPN web page is down ! I am waiting for it to be online to download the client.

Asus router supports 4 different VPN and I went with "OpenVPN" because that's what I keep on hearing.

@eSk8er , can you tell me more about your set up:

1.How did you install Pi-hole to Asus router? Is it safe?
2. There is an app called instant guard. Are you using it?
3. Can you remote desktop/ssh through VPN? Is there a conf change needs to happen? Do I have to manually configure the router to be able to reach the servers/machines in my home network via OpenVPN?

 

[eSk8er]

1. I'm running PiHole on a raspberry pi 3b and pointing the routers DNS Server to the Raspberry's IP
2. NO maybe I'll look into it.
3. What I've been doing is using the OpenVPN android App on my phone. I use Termux to SSH into the machines. I don't recall any config problems.
4. I mostly use RealVNC to administer the Raspberrys. the mobile app works really well for me.
5. I'm trying to move most of my applications to a 11th gen i5 NUC running proxmox, mint, Debian and docker.

 

[Bert]

1. I'm running PiHole on a raspberry pi 3b and pointing the routers DNS Server to the Raspberry's IP
2. NO maybe I'll look into it.
3. What I've been doing is using the OpenVPN android App on my phone. I use Termux to SSH into the machines. I don't recall any config problems.
4. I mostly use RealVNC to administer the Raspberrys. the mobile app works really well for me.
5. I'm trying to move most of my applications to a 11th gen i5 NUC running proxmox, mint, Debian and docker.

Ok I am having a very basic problem My OpenVPN client can connects and gets a valid IP address. I can ping my router (10.8.X.1). Yet I cannot access any of the resources in my home network remotely; I cannot even log in to my router.

Is there anything special I need to do? My home network is on 192.168.X.* and my Open VPN is 10.8.X.*. I understand there must be NAT to stich these networks but I am not sure how to configure that.

Is there a online guide for dummies to capture each step?

 

[BoredSysadmin]

I run Sophos UTM on x86 (for at least 15 years, from when it was the Astaro Security Gateway), it still is supported and receives updates.

Being x86 based, it means you can easily upgrade the hardware if you need more power (network throughput, utm performance). I currently have gigabit at the WAN side, 10G at the LAN side (multiple VLANs).

For my SMB client, I purchased Sophos branded UTM SG-105W hardware firewall all the way back in 2015.

I CAN HARDLY BELIEVE IT, but it still gets software updates!!!

 

[WanWizard]

I CAN HARDLY BELIEVE IT, but it still gets software updates!!!

Yup, it does. And support is still pretty responsive. I run the home version (free license) as a VM on ESXi.

They bought Cyberoam Technologies in 2014, which is the basis of the XG, which as to this day is still crap compared to the good ol' UTM.

 

[Bert]

I mean all those systems sound great but I don't have time to invest on setting them up. I was really hoping this to make the Asus router work, which got recent updates, until I can put time to set up more complete.

So the question is how can I make the VPN make. There must be a step somewhere I can let the remotely connected PC to access local network but how ?

 

[ms264556]

SmallNetBuilder is probably the best place for AsusWrt discussion and info.

This page seems to be what you're after?

Setting Up And Using OpenVPN On ASUS Routers - SmallNetBuilder

http://forums.smallnetbuilder.com/showthread.php?t=20295

www.smallnetbuilder.com

 

[WanWizard]

My guess is that OpenVPN runs in routed mode, and there is no integration in the Asus, so the router isn't aware of the new subnet for VPN users, and it doesn't know how to route to it.

 

[eSk8er]

I mean all those systems sound great but I don't have time to invest on setting them up. I was really hoping this to make the Asus router work, which got recent updates, until I can put time to set up more complete.































































So the question is how can I make the VPN make. There must be a step somewhere I can let the remotely connected PC to access locahttps://youtu.be/KXdhhuBcpgUl network but how

 

[AnthonyUK]

If you have some low powered device or a NAS you can connect to that. I have used OpenVPN on Synology in the past and PiVPN now.
PiVPN was running on an actual Pi3 but now runs in a Proxmox container.

It is useful for using your internal adblocking appliance if nothing else when you are out and about.

 

[Bert]

My guess is that OpenVPN runs in routed mode, and there is no integration in the Asus, so the router isn't aware of the new subnet for VPN users, and it doesn't know how to route to it.

I followed this page, which is pretty much very basic steps. I don't understand how something so simple is failing. I can connect VPN server, I get an IP on VPN network but there is no tunnel to local area network although I enabled the function



I added a static route:



Such a basic scenario should work without sweat but here I spent a few hours but no chance. I tried on 2 different client machines and using my cell phones wifi and company network. In every case, I can connect to OpenVPN but cannot access to LAN subnset: 192.168.*.*

I have low powered devices (to start with I can use a laptop) but it will be even bigger hassle to set that UP, than open routers multiple VNets etc. I guess ASUS has some bug which kills the feature with another existing set up in my router.

What would be the easiest and quickest VPN server I can install on a Laptop? All I need is a secure connection to my LAN.

The reason for desperation is that I need to get this done in a few weeks and I have so many other things to handle. I was really hoping that setting up VPN with the new ASUS router will take an hour or so. As you see, I am only able to get to this over the weekend


Thank you very much for the help so far!

 

[eSk8er]

You could just use port forwarding to the machines IP address and ssh into it. Just use like 60 or 70,000 something

 

[eSk8er]

 

[eSk8er]

 

[Bert]

Did you make any changes for the advanced settings or the routing table?

Why are you enabling pptp? Is it required to make openvpn work? Isn't pptp insecure?