zimwebob 7 Posted ... A friend of mine is sending me a fairly beefy router which supports the latest builds for all versions of DD-WRT. While I wait, I was reading up on this page, and found myself curious as to whether stunnel is built-in as well, or if there is any way to do SSL tunneling for OpenVPN as in the AirVPN client? Quote Share this post Link to post
zhang888 1066 Posted ... Short answer: Probably not. DD-WRT is known for being less configurable than, let's say, OpenWRT, where you can build any packages and configs you want. In DD-WRT your OpenVPN client is pretty much limited to the GUI options, and you will need an additional OpenSSL client running in the background. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
go558a83nk 362 Posted ... if you can install optware or entware on the router (eg on a usb memory stick attached) then you should be able to install stunnel I am doing so on my Asus AC68 with merlin firmware. Quote Share this post Link to post
AnnaGlup 0 Posted ... if you can install optware or entware on the router (eg on a usb memory stick attached) then you should be able to install stunnel I am doing so on my Asus AC68 with merlin firmware." Could you point me to an HowTo or give me some hints? I'm running actual MerlinWRT on my Asus 68U with airvpn without SSL and it would be nice to switch to SSL tunnel. Quote Share this post Link to post
go558a83nk 362 Posted ... if you can install optware or entware on the router (eg on a usb memory stick attached) then you should be able to install stunnel I am doing so on my Asus AC68 with merlin firmware." Could you point me to an HowTo or give me some hints?I'm running actual MerlinWRT on my Asus 68U with airvpn without SSL and it would be nice to switch to SSL tunnel.oh, since you have an asus ac68 you need to also use the forums at http://forums.smallnetbuilder.com/forumdisplay.php?f=42 to get information. And look through merlin's wiki to learn how to install optware https://github.com/RMerl/asuswrt-merlin/wiki once optware is installed you should be able to install stunnel with 'ipkg install stunnel' unless you're in a place that requires an SSL tunnel to masq openvpn (China) or your ISP throttles openvpn you'll probably only see a decrease in performance. Quote Share this post Link to post
AnnaGlup 0 Posted ... Thanks for the guide. I'll try it.In case of a problem I'll ask in the forum you mentioned. Quote Share this post Link to post
Spyker 2 Posted ... Thanks for the guide. I'll try it.In case of a problem I'll ask in the forum you mentioned. Hi Anna & Go Can you please advise on how that worked out for you? I need VPN over SSH/SSL to bypass DPI blocking. If it worked for you, I'll go buy one of those ASUS routers.lso, does it need any special features in the router, or any ASUS (supported by ASUS-WRT) would do?Does it need special RAM or flash size? E.g. would it work for the ASUS RT-N66U? Thanks a lot for your help. Quote Share this post Link to post
go558a83nk 362 Posted ... Thanks for the guide. I'll try it.In case of a problem I'll ask in the forum you mentioned. Hi Anna & Go Can you please advise on how that worked out for you? I need VPN over SSH/SSL to bypass DPI blocking. If it worked for you, I'll go buy one of those ASUS routers.lso, does it need any special features in the router, or any ASUS (supported by ASUS-WRT) would do?Does it need special RAM or flash size? E.g. would it work for the ASUS RT-N66U? Thanks a lot for your help. you should get a version of the AC68, in my opinion. the N66 has too slow a processor. the AC68 versions (there are several versions, U, P, etc.) have a dual core processor that can run openvpn at acceptable speeds. Of course, that depends on what you call acceptable. Anyway, the AC68 is old enough that most kinks are worked out of firmware. Remember you'll need to use Merlin Asus firmware for this. 1 Spyker reacted to this Quote Share this post Link to post
Spyker 2 Posted ... Thanks for the guide. I'll try it.In case of a problem I'll ask in the forum you mentioned. Hi Anna & Go Can you please advise on how that worked out for you? I need VPN over SSH/SSL to bypass DPI blocking. If it worked for you, I'll go buy one of those ASUS routers.lso, does it need any special features in the router, or any ASUS (supported by ASUS-WRT) would do?Does it need special RAM or flash size? E.g. would it work for the ASUS RT-N66U? Thanks a lot for your help. you should get a version of the AC68, in my opinion. the N66 has too slow a processor. the AC68 versions (there are several versions, U, P, etc.) have a dual core processor that can run openvpn at acceptable speeds. Of course, that depends on what you call acceptable. Anyway, the AC68 is old enough that most kinks are worked out of firmware. Remember you'll need to use Merlin Asus firmware for this. Thanks, Go. What about the AC56? It seems to have the same processor as the AC68, at almost half the price. Quote Share this post Link to post
Spyker 2 Posted ... Also, do you have a link to any tutorial explaining how to setup the tunnel then connect the VPN? Quote Share this post Link to post
go558a83nk 362 Posted ... Thanks for the guide. I'll try it.In case of a problem I'll ask in the forum you mentioned. Hi Anna & Go Can you please advise on how that worked out for you? I need VPN over SSH/SSL to bypass DPI blocking. If it worked for you, I'll go buy one of those ASUS routers.lso, does it need any special features in the router, or any ASUS (supported by ASUS-WRT) would do?Does it need special RAM or flash size? E.g. would it work for the ASUS RT-N66U? Thanks a lot for your help. you should get a version of the AC68, in my opinion. the N66 has too slow a processor. the AC68 versions (there are several versions, U, P, etc.) have a dual core processor that can run openvpn at acceptable speeds. Of course, that depends on what you call acceptable. Anyway, the AC68 is old enough that most kinks are worked out of firmware. Remember you'll need to use Merlin Asus firmware for this.Thanks, Go. What about the AC56? It seems to have the same processor as the AC68, at almost half the price. yes, the AC56 has the same processor. as I posted previously in this thread, visit the merlin asus forum to get some questions answered. e.g. you'll want to learn how to overclock slightly to increase openvpn speed. there is no tutorial on getting the SSL tunnel running. I just did it myself. Again, as mentioned previously, install entware after merlin asus firmware is installed. Entware has to be installed on a USB drive connected to the router. Once entware is installed you can then install stunnel. then download the linux configs for the Air server you want, selecting SSL setup. you'll also want to select resolved hosts in ovpn. put the files stunnel.cert and *.ssl into a directory on the USB drive (this should be easy to do if you enable samba server in the USB options). Then just run stunnel, "stunnel servername.ssl". When you upload the ovpn config into the openvpn client it'll configure the proper IP address (it'll point to the router itself) and port. 1 Spyker reacted to this Quote Share this post Link to post
Spyker 2 Posted ... Thanks a lot, Go. I'll proceed with purchasing the RT-AC56, and attempt tunneling and see how it goes.Much appreciated. Quote Share this post Link to post
abieteh 0 Posted ... Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this. Quote Share this post Link to post
go558a83nk 362 Posted ... Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this. entware has its own repository with stunnel available, if that's what you're asking. install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel. something like opkg install stunnel you'll probably also want to install screen to run stunnel in the background. screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.ssl 2 abieteh and Spyker reacted to this Quote Share this post Link to post
abieteh 0 Posted ... Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this. entware has its own repository with stunnel available, if that's what you're asking. install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel. something like opkg install stunnel you'll probably also want to install screen to run stunnel in the background. screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.sslThanks for the reply. I have an R7000, and installed Merlin, set it up, used a thumdrive and installed optware, and uploaded the files into the USB, ran stunnel, but when I upload the openvpn file for SSL, it still points to 127.0.0.1 tcp-client:1413! Not sure what I'm doing wrong, and a lack of proper guide from AirVPN is very disappointing, since where I'm at right now has closed all paths to VPN, aside from SSL. Any help would be much appreciated. Quote Share this post Link to post
go558a83nk 362 Posted ... Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this. entware has its own repository with stunnel available, if that's what you're asking. install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel. something like opkg install stunnel you'll probably also want to install screen to run stunnel in the background. screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.sslThanks for the reply. I have an R7000, and installed Merlin, set it up, used a thumdrive and installed optware, and uploaded the files into the USB, ran stunnel, but when I upload the openvpn file for SSL, it still points to 127.0.0.1 tcp-client:1413! Not sure what I'm doing wrong, and a lack of proper guide from AirVPN is very disappointing, since where I'm at right now has closed all paths to VPN, aside from SSL. Any help would be much appreciated. yep, that's exactly correct. stunnel has created a server and is listening on the local device (127.0.0.1) port 1413. Then you must load the corresponding ovpn file in the openvpn client config which will not point to a remote server but will instead connect to that local stunnel server. You'll see that in the custom config it's setup to then connect to whatever Air server you chose. 2 abieteh and Spyker reacted to this Quote Share this post Link to post
go558a83nk 362 Posted ... Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this. entware has its own repository with stunnel available, if that's what you're asking. install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel. something like opkg install stunnel you'll probably also want to install screen to run stunnel in the background. screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.sslThanks for the reply. I have an R7000, and installed Merlin, set it up, used a thumdrive and installed optware, and uploaded the files into the USB, ran stunnel, but when I upload the openvpn file for SSL, it still points to 127.0.0.1 tcp-client:1413! Not sure what I'm doing wrong, and a lack of proper guide from AirVPN is very disappointing, since where I'm at right now has closed all paths to VPN, aside from SSL. Any help would be much appreciated. by the way, that's interesting that you have merlin asus firmware successfully working on a netgear router. 1 abieteh reacted to this Quote Share this post Link to post
abieteh 0 Posted ... Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this. entware has its own repository with stunnel available, if that's what you're asking. install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel. something like opkg install stunnel you'll probably also want to install screen to run stunnel in the background. screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.sslThanks for the reply. I have an R7000, and installed Merlin, set it up, used a thumdrive and installed optware, and uploaded the files into the USB, ran stunnel, but when I upload the openvpn file for SSL, it still points to 127.0.0.1 tcp-client:1413! Not sure what I'm doing wrong, and a lack of proper guide from AirVPN is very disappointing, since where I'm at right now has closed all paths to VPN, aside from SSL. Any help would be much appreciated. by the way, that's interesting that you have merlin asus firmware successfully working on a netgear router. Thank you for your reply. I used this build by Vortex, it seems to work really well for now.http://xvtx.ru/xwrt/download.htm Quote Share this post Link to post
abieteh 0 Posted ... Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this. entware has its own repository with stunnel available, if that's what you're asking. install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel. something like opkg install stunnel you'll probably also want to install screen to run stunnel in the background. screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.sslThanks for the reply. I have an R7000, and installed Merlin, set it up, used a thumdrive and installed optware, and uploaded the files into the USB, ran stunnel, but when I upload the openvpn file for SSL, it still points to 127.0.0.1 tcp-client:1413! Not sure what I'm doing wrong, and a lack of proper guide from AirVPN is very disappointing, since where I'm at right now has closed all paths to VPN, aside from SSL. Any help would be much appreciated. yep, that's exactly correct. stunnel has created a server and is listening on the local device (127.0.0.1) port 1413. Then you must load the corresponding ovpn file in the openvpn client config which will not point to a remote server but will instead connect to that local stunnel server. You'll see that in the custom config it's setup to then connect to whatever Air server you chose.The problem is that it doesn't seem to work, and I'm not very well skilled in this department. Btw, should I stick with Optware or use Entware instead? This is what I did step by step: I mounted the USB via this guide:https://github.com/RMerl/asuswrt-merlin/wiki/Initialize-OPTWARE and then used this guide:https://www.hqt.ro/how-to-install-new-generation-optware/When I installed optware with putty, unlike the guide, it asked me to create a Swap file, and the default was 512, which I chose.But I'm not sure if I was able to successfully "mount" the swapfile.The end of this guide was not very straight forward for me. Do I need to make sure that swap file was mounted properly? I then used what you had mentioned before, and via putty ran: "ipkg install stunnel" I enabled Samba on the thumbdrive via router, and uploaded all the files you mentioned. in the optware folder and in a new folder I made calle vpn. I then ran the command you mentioned "stunnel servername.ssl", not sure in putty or cmd inside router, but once I defined the VPN/ folder, it worked.I then uploaded the openvpn file to the VPN client section of the router, and tried to have it connect, to no avail. At this point, I am more than willing to buy you a beer if we can get this to work. Note to AirVPN STAFF: you should create a proper guide for this!!!!!!!! Quote Share this post Link to post
go558a83nk 362 Posted ... well, I guess my fault for not walking through all the steps. Entware is what you want, Entware-arm to be more specific since that router has ARM CPU. Just to be sure, in the shell type cat /proc/cpuinfo If it's an ARM processor then follow these directions. https://www.hqt.ro/how-to-install-entware-arm/ sorry you spent time with the other stuff. edit: truth is, it looks like that optware you have installed should work. It's a new version compared to the old optware. paste the system log of the router from the time you start stunnel on. stunnel activity should be in there as well as openvpn. system log can be seen in the web GUI Quote Share this post Link to post
p1812 0 Posted ... Thanks a lot, Go. I'll proceed with purchasing the RT-AC56, and attempt tunneling and see how it goes.Much appreciated. How did this all work out? If successful, are you able to share the step-by-step instructions for us noobs? Quote Share this post Link to post
mbeau88 0 Posted ... I'm very interested to see how this works out as well. I'm using an AC66U stock and am worried about messing with it unless someone else has had some luck bypassing an enterprise DPI Firewall. Quote Share this post Link to post