Jump to content
Not connected, Your IP: 100.26.140.179

Recommended Posts

A friend of mine is sending me a fairly beefy router which supports the latest builds for all versions of DD-WRT. While I wait, I was reading up on this page, and found myself curious as to whether stunnel is built-in as well, or if there is any way to do SSL tunneling for OpenVPN as in the AirVPN client?

 

Share this post


Link to post
Short answer: Probably not.

 

DD-WRT is known for being less configurable than, let's say, OpenWRT, where you can build any packages and configs you want.

 

In DD-WRT your OpenVPN client is pretty much limited to the GUI options, and you will need an additional OpenSSL client running in the background.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

if you can install optware or entware on the router (eg on a usb memory stick attached) then you should be able to install stunnel

 

I am doing so on my Asus AC68 with merlin firmware.

Share this post


Link to post

if you can install optware or entware on the router (eg on a usb memory stick attached) then you should be able to install stunnel

 

I am doing so on my Asus AC68 with merlin firmware.

"

 

Could you point me to an HowTo or give me some hints?

I'm running actual MerlinWRT on my Asus 68U with airvpn without SSL and it would be nice to switch to SSL tunnel.

Share this post


Link to post

if you can install optware or entware on the router (eg on a usb memory stick attached) then you should be able to install stunnel

 

I am doing so on my Asus AC68 with merlin firmware.

"

 

Could you point me to an HowTo or give me some hints?

I'm running actual MerlinWRT on my Asus 68U with airvpn without SSL and it would be nice to switch to SSL tunnel.

oh, since you have an asus ac68 you need to also use the forums at http://forums.smallnetbuilder.com/forumdisplay.php?f=42 to get information.

 

And look through merlin's wiki to learn how to install optware https://github.com/RMerl/asuswrt-merlin/wiki

 

once optware is installed you should be able to install stunnel with 'ipkg install stunnel'

 

unless you're in a place that requires an SSL tunnel to masq openvpn (China) or your ISP throttles openvpn you'll probably only see a decrease in performance.

Share this post


Link to post

Thanks for the guide. I'll try it.

In case of a problem I'll ask in the forum you mentioned.

 

Hi Anna & Go

 

Can you please advise on how that worked out for you? I need VPN over SSH/SSL to bypass DPI blocking.

 

If it worked for you, I'll go buy one of those ASUS routers.

lso, does it need any special features in the router, or any ASUS (supported by ASUS-WRT) would do?

Does it need special RAM or flash size?

 

E.g. would it work for the ASUS RT-N66U?

 

Thanks a lot for your help.

Share this post


Link to post

 

Thanks for the guide. I'll try it.

In case of a problem I'll ask in the forum you mentioned.

 

Hi Anna & Go

 

Can you please advise on how that worked out for you? I need VPN over SSH/SSL to bypass DPI blocking.

 

If it worked for you, I'll go buy one of those ASUS routers.

lso, does it need any special features in the router, or any ASUS (supported by ASUS-WRT) would do?

Does it need special RAM or flash size?

 

E.g. would it work for the ASUS RT-N66U?

 

Thanks a lot for your help.

 

you should get a version of the AC68, in my opinion.  the N66 has too slow a processor.  the AC68 versions (there are several versions, U, P, etc.) have a dual core processor that can run openvpn at acceptable speeds.  Of course, that depends on what you call acceptable.  Anyway, the AC68 is old enough that most kinks are worked out of firmware.  Remember you'll need to use Merlin Asus firmware for this.

Share this post


Link to post

 

 

Thanks for the guide. I'll try it.

In case of a problem I'll ask in the forum you mentioned.

 

Hi Anna & Go

 

Can you please advise on how that worked out for you? I need VPN over SSH/SSL to bypass DPI blocking.

 

If it worked for you, I'll go buy one of those ASUS routers.

lso, does it need any special features in the router, or any ASUS (supported by ASUS-WRT) would do?

Does it need special RAM or flash size?

 

E.g. would it work for the ASUS RT-N66U?

 

Thanks a lot for your help.

 

you should get a version of the AC68, in my opinion.  the N66 has too slow a processor.  the AC68 versions (there are several versions, U, P, etc.) have a dual core processor that can run openvpn at acceptable speeds.  Of course, that depends on what you call acceptable.  Anyway, the AC68 is old enough that most kinks are worked out of firmware.  Remember you'll need to use Merlin Asus firmware for this.

 

Thanks, Go. What about the AC56? It seems to have the same processor as the AC68, at almost half the price.

Share this post


Link to post

Also, do you have a link to any tutorial explaining how to setup the tunnel then connect the VPN?

Share this post


Link to post

 

 

 

Thanks for the guide. I'll try it.

In case of a problem I'll ask in the forum you mentioned.

 

Hi Anna & Go

 

Can you please advise on how that worked out for you? I need VPN over SSH/SSL to bypass DPI blocking.

 

If it worked for you, I'll go buy one of those ASUS routers.

lso, does it need any special features in the router, or any ASUS (supported by ASUS-WRT) would do?

Does it need special RAM or flash size?

 

E.g. would it work for the ASUS RT-N66U?

 

Thanks a lot for your help.

 

you should get a version of the AC68, in my opinion.  the N66 has too slow a processor.  the AC68 versions (there are several versions, U, P, etc.) have a dual core processor that can run openvpn at acceptable speeds.  Of course, that depends on what you call acceptable.  Anyway, the AC68 is old enough that most kinks are worked out of firmware.  Remember you'll need to use Merlin Asus firmware for this.

Thanks, Go. What about the AC56? It seems to have the same processor as the AC68, at almost half the price.

 

yes, the AC56 has the same processor.  as I posted previously in this thread, visit the merlin asus forum to get some questions answered.  e.g. you'll want to learn how to overclock slightly to increase openvpn speed.

 

there is no tutorial on getting the SSL tunnel running.  I just did it myself.  Again, as mentioned previously, install entware after merlin asus firmware is installed.  Entware has to be installed on a USB drive connected to the router.

 

Once entware is installed you can then install stunnel. 

 

then download the linux configs for the Air server you want, selecting SSL setup.  you'll also want to select resolved hosts in ovpn.

 

put the files stunnel.cert and *.ssl into a directory on the USB drive (this should be easy to do if you enable samba server in the USB options).  Then just run stunnel, "stunnel servername.ssl".

 

When you upload the ovpn config into the openvpn client it'll configure the proper IP address (it'll point to the router itself) and port.

Share this post


Link to post

Thanks a lot, Go. I'll proceed with purchasing the RT-AC56, and attempt tunneling and see how it goes.

Much appreciated.

Share this post


Link to post

Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this.

Share this post


Link to post

Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this.

 

entware has its own repository with stunnel available, if that's what you're asking.  install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel.  something like  opkg install stunnel

 

you'll probably also want to install screen to run stunnel in the background.

 

screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.ssl

Share this post


Link to post

 

Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this.

 

entware has its own repository with stunnel available, if that's what you're asking.  install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel.  something like  opkg install stunnel

 

you'll probably also want to install screen to run stunnel in the background.

 

screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.ssl

Thanks for the reply.

 

I have an R7000, and installed Merlin, set it up, used a thumdrive and installed optware, and uploaded the files into the USB, ran stunnel, but when I upload the openvpn file for SSL, it still points to 127.0.0.1 tcp-client:1413!

 

Not sure what I'm doing wrong, and a lack of proper guide from AirVPN is very disappointing, since where I'm at right now has closed all paths to VPN, aside from SSL. Any help would be much appreciated.

Share this post


Link to post

 

 

Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this.

 

entware has its own repository with stunnel available, if that's what you're asking.  install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel.  something like  opkg install stunnel

 

you'll probably also want to install screen to run stunnel in the background.

 

screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.ssl

Thanks for the reply.

 

I have an R7000, and installed Merlin, set it up, used a thumdrive and installed optware, and uploaded the files into the USB, ran stunnel, but when I upload the openvpn file for SSL, it still points to 127.0.0.1 tcp-client:1413!

 

Not sure what I'm doing wrong, and a lack of proper guide from AirVPN is very disappointing, since where I'm at right now has closed all paths to VPN, aside from SSL. Any help would be much appreciated.

 

yep, that's exactly correct.  stunnel has created a server and is listening on the local device (127.0.0.1) port 1413.  Then you must load the corresponding ovpn file in the openvpn client config which will not point to a remote server but will instead connect to that local stunnel server.  You'll see that in the custom config it's setup to then connect to whatever Air server you chose.

Share this post


Link to post

 

 

Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this.

 

entware has its own repository with stunnel available, if that's what you're asking.  install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel.  something like  opkg install stunnel

 

you'll probably also want to install screen to run stunnel in the background.

 

screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.ssl

Thanks for the reply.

 

I have an R7000, and installed Merlin, set it up, used a thumdrive and installed optware, and uploaded the files into the USB, ran stunnel, but when I upload the openvpn file for SSL, it still points to 127.0.0.1 tcp-client:1413!

 

Not sure what I'm doing wrong, and a lack of proper guide from AirVPN is very disappointing, since where I'm at right now has closed all paths to VPN, aside from SSL. Any help would be much appreciated.

by the way, that's interesting that you have merlin asus firmware successfully working on a netgear router.

Share this post


Link to post

 

 

 

Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this.

 

entware has its own repository with stunnel available, if that's what you're asking.  install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel.  something like  opkg install stunnel

 

you'll probably also want to install screen to run stunnel in the background.

 

screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.ssl

Thanks for the reply.

 

I have an R7000, and installed Merlin, set it up, used a thumdrive and installed optware, and uploaded the files into the USB, ran stunnel, but when I upload the openvpn file for SSL, it still points to 127.0.0.1 tcp-client:1413!

 

Not sure what I'm doing wrong, and a lack of proper guide from AirVPN is very disappointing, since where I'm at right now has closed all paths to VPN, aside from SSL. Any help would be much appreciated.

by the way, that's interesting that you have merlin asus firmware successfully working on a netgear router.

Thank you for your reply.

 

I used this build by Vortex, it seems to work really well for now.

http://xvtx.ru/xwrt/download.htm

Share this post


Link to post

 

 

 

Also, do you recommend a compiled version for Merlin? I don't have access to a Linux machine to compile it...I just need to find a steady solution to this.

 

entware has its own repository with stunnel available, if that's what you're asking.  install merlin firmware, install entware (directions on merlin wiki if I recall correctly), then from SSH command line install stunnel.  something like  opkg install stunnel

 

you'll probably also want to install screen to run stunnel in the background.

 

screen -dmS choose-a-name-for-the-process stunnel sslconfigfromAir.ssl

Thanks for the reply.

 

I have an R7000, and installed Merlin, set it up, used a thumdrive and installed optware, and uploaded the files into the USB, ran stunnel, but when I upload the openvpn file for SSL, it still points to 127.0.0.1 tcp-client:1413!

 

Not sure what I'm doing wrong, and a lack of proper guide from AirVPN is very disappointing, since where I'm at right now has closed all paths to VPN, aside from SSL. Any help would be much appreciated.

 

yep, that's exactly correct.  stunnel has created a server and is listening on the local device (127.0.0.1) port 1413.  Then you must load the corresponding ovpn file in the openvpn client config which will not point to a remote server but will instead connect to that local stunnel server.  You'll see that in the custom config it's setup to then connect to whatever Air server you chose.

The problem is that it doesn't seem to work, and I'm not very well skilled in this department.

 

Btw, should I stick with Optware or use Entware instead?

 

This is what I did step by step:

 

I mounted the USB via this guide:

https://github.com/RMerl/asuswrt-merlin/wiki/Initialize-OPTWARE

 

and then used this guide:

https://www.hqt.ro/how-to-install-new-generation-optware/

When I installed optware with putty, unlike the guide, it asked me to create a Swap file, and the default was 512, which I chose.

But I'm not sure if I was able to successfully "mount" the swapfile.

The end of this guide was not very straight forward for me. Do I need to make sure that swap file was mounted properly?

 

I then used what you had mentioned before, and via putty ran: "ipkg install stunnel"

 

I enabled Samba on the thumbdrive via router, and uploaded all the files you mentioned. in the optware folder and in a new folder I made calle vpn.

 

I then ran the command you mentioned "stunnel servername.ssl", not sure in putty or cmd inside router, but once I defined the VPN/ folder, it worked.

I then uploaded the openvpn file to the VPN client section of the router, and tried to have it connect, to no avail.

 

At this point, I am more than willing to buy you a beer if we can get this to work.

 

Note to AirVPN STAFF: you should create a proper guide for this!!!!!!!!

Share this post


Link to post

well, I guess my fault for not walking through all the steps.  Entware is what you want, Entware-arm to be more specific since that router has ARM CPU.

 

Just to be sure, in the shell type

 

cat /proc/cpuinfo

 

If it's an ARM processor then follow these directions.

 

https://www.hqt.ro/how-to-install-entware-arm/

 

sorry you spent time with the other stuff.

 

edit: truth is, it looks like that optware you have installed should work.  It's a new version compared to the old optware.

 

paste the system log of the router from the time you start stunnel on.  stunnel activity should be in there as well as openvpn.  system log can be seen in the web GUI

Share this post


Link to post

Thanks a lot, Go. I'll proceed with purchasing the RT-AC56, and attempt tunneling and see how it goes.

Much appreciated.

 

How did this all work out?  If successful, are you able to share the step-by-step instructions for us noobs? 

Share this post


Link to post

I'm very interested to see how this works out as well.  I'm using an AC66U stock and am worried about messing with it unless someone else has had some luck bypassing an enterprise DPI Firewall.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...