Configure Asuswrt Merlin OpenVPN-Server for access with AirVPN Port-Forwarding

[Wolfschiesst 2]

Dear @all,

 

my Asus Router RT-AC88U - flashed with current Merlin Beta-Firmware 380.67_alpha2 - is configured to run as AirVPN OpenVPN-Client. ccording to the following AirVPN HowTo:

https://airvpn.org/asuswrt/

 

After importing AirVPN's *.ovpn config-file, I modified the following OpenVPN client-parameters in the advanced settings section (my suggestion to everyone):

• Accept DNS Configuration (AirVPN -> Disabled): Should be "Strict" (recommended) or alternatively to "Exclusive"
• Redirect Internet traffic (AirVPN -> No): Should be set to "all", to be sure, that every traffic will be forwarded through the VPN-tunnel
• I added "mute-replay-warnings" to the custom configuration field.
   

So, now AirVPN-client connection is up and vpn connection via the router is running successfully.

 

In addition to that, I'd like to use the OpenVPN-server of the above mentioned router, to enable secure remote access to my home network (NAS, Samba-Shares, Printers etc.) - from the road (when I'm not at home) - using my mobile phone or my Laptop.  

 

So I startet with the configuration of OpenVPN-server 1.

Sample for Advanced Config: see attached image  

After saving the configuration, I startet the router's export and imported the generated *.ovpn-file to my client devices OpenVPN-installation.

 

Then I configured an open port using the "remote port forwarding"-feature of AirVPN's client-backend, in order to enable TCP/UDP-Traffic to my local OpenVPN-Server port (e.g. 1149) using a predifined ddns-alias (like XXXXX.airdns.org). So for example Airvpn port 50000 directs to local port 1149 (TCP + UDP).

 

Unfortunaltely I got now stuck with building up any connection from the clients.

The DNS-resolution of AirVPN works correctly (client receives correct OpenVPN-Server IP), but the OpenVPN-Client (version 1.1.1 build 212 - 64-bit on iPhone)) ends with connection_timeout.

 

iPhone's OpenVPN-client Log-File (anonymized):

 

2017-06-11 02:07:16 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec  5 2016 12:50:25
2017-06-11 02:07:16 Frame=512/2048/512 mssfix-ctrl=1250
2017-06-11 02:07:16 UNUSED OPTIONS
2017-06-11 02:07:16 EVENT: RESOLVE
2017-06-11 02:07:16 Contacting 46.165.XXX.XXX:YYYYY via TCP
2017-06-11 02:07:16 EVENT: WAIT
2017-06-11 02:07:16 SetTunnelSocket returned 1
2017-06-11 02:07:16 Transport Error: TCP connect error on 'XXXXXX.airdns.org:YYYYY' (46.165.XXX.XXX:YYYYY): Connection refused
2017-06-11 02:07:16 Client terminated, restarting in 2000 ms...
2017-06-11 02:07:17 NET Internet:ReachableViaWWAN/WR t------
2017-06-11 02:07:18 EVENT: RECONNECTING
2017-06-11 02:07:18 Contacting 46.165.XXX.XXX:YYYYY via TCP
2017-06-11 02:07:18 EVENT: WAIT
2017-06-11 02:07:18 SetTunnelSocket returned 1
2017-06-11 02:07:19 Transport Error: TCP connect error on 'XXXXXX.airdns.org:YYYYY' (46.165.XXX.XXX:YYYYY): Connection refused
2017-06-11 02:07:19 Client terminated, restarting in 2000 ms...

 

Is there anything more I need to configure on the router or the client? Maybe a firewall forwarding problem (if this could be the problem, what do I need to do)?

Since I do not have to forward to a specific client in my home lan (that is running a OpenVPN-server), but the main router itself is the OpenVPN server, I didn't find a suitable configuration example, yet.

 

I would be very grateful for tips or helping hints.

[Joost123 0]

I have the same problem. 

 

Did you find a solution?

[Brax84 0]

Same problem, I've tried also on my board Odroid U3 with Openvpn Server.. I see correct air ip ....but still wait...

 

With SSH on Asus modem I've set forward port to device https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/

 

If shutdown Airvpn client on Asus merlin router openvpn client on iPhone contact without problem openvpn server

 

Sorry for my English..

 

Ideas?

 

[Brax84 0]

Edit...

 

Start Openvpn server on router, and export client.ovpn

Start Openvpn client on router, and import Airvpn.ovpn

Configured client for connect by iPhone

Connection Work 

But I can't surf 

If I ping any device on my network over ISP LTE over Openvpn connection this response

But I can't Surf with my Openvpn connection

 

Situation is (green:work    red:not work)

                                                                

MY NETWORK -----> ROUTER <--redirect internet ALL traffic --> AIRVPN -->ipleak.net see ip&dns by AIrvpn> INTERNET OK

 

ME OUT HOME---->>>MY IPHONE ---> LTE ISP----> OPENVPN TO HOME ---->CONNECTION OK--->PING LAN OK---> NO SURF INTERNET

 

With ssh to my router I see this in /etc/openvpn/server1 

config.ovpn

 

# Automatically generated configuration
daemon ovpn-server1
topology subnet
server 10.8.0.0 255.255.255.0
proto udp
port 1194
dev tun21
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-CBC
keepalive 15 60
verb 3
push "route 192.168.1.0 255.255.255.0 vpn_gateway 500"
client-config-dir ccd
client-to-client
duplicate-cn
push "redirect-gateway def1"
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status 5
# Custom Configuration

 

i've edit client ,and  import profile to iPhone

 

client
dev tun
proto udp
remote myairdns.airdns.org #xxxx port choice on airvpn
float
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-CBC
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
#myca
</ca>
<cert>
#mycert
</cert>
<key>
#mykey
</key>
resolv-retry infinite
nobind

 

I've port farwarding in my area choice port to internal 1194 (openvpnserver)

 

On iPhone test network with App Net Alayzer :

 

(Onedrive photo album) https://1drv.ms/a/s!AhgCbyEqsT3yuTDtXsPqkwJfnpZ6 ---> The image "information" report no GATEWAY no IP 

 

This is Openvpn client logs

 

2019-02-12 10:39:34 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct  3 2018 06:35:04

2019-02-12 10:39:34 Frame=512/2048/512 mssfix-ctrl=1250

2019-02-12 10:39:34 UNUSED OPTIONS
6 [ncp-ciphers] [AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC] 
14 [resolv-retry] [infinite] 
15 [nobind] 

2019-02-12 10:39:34 EVENT: RESOLVE

2019-02-12 10:39:35 Contacting [185.XXX.XXX.XX]:XXXXX/UDP via UDP

2019-02-12 10:39:35 EVENT: WAIT

2019-02-12 10:39:35 Connecting to [myairdnsname.airdns.org]:XXXXX (185.XXX.XXX.XX) via UDPv4

2019-02-12 10:39:35 EVENT: CONNECTING

2019-02-12 10:39:35 Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client

2019-02-12 10:39:35 Creds: Username/Password

2019-02-12 10:39:35 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2


2019-02-12 10:39:35 VERIFY OK : depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
subject name      : C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
issued  on        : 2019-02-11 21:07:42
expires on        : 2029-02-08 21:07:42
signed using      : RSA with SHA-256
RSA key size      : 1024 bits
basic constraints : CA=false
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication


2019-02-12 10:39:36 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

2019-02-12 10:39:36 Session is ACTIVE

2019-02-12 10:39:36 EVENT: GET_CONFIG

2019-02-12 10:39:36 Sending PUSH_REQUEST to server...

2019-02-12 10:39:36 OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0] [vpn_gateway] [500] 
1 [redirect-gateway] [def1] 
2 [route-gateway] [10.8.0.1] 
3 [topology] [subnet] 
4 [ping] [15] 
5 [ping-restart] [60] 
6 [ifconfig] [10.8.0.2] [255.255.255.0] 
7 [peer-id] [0] 
8 [cipher] [AES-128-GCM] 


2019-02-12 10:39:36 PROTOCOL OPTIONS:
 cipher: AES-128-GCM
 digest: SHA1
 compress: NONE
 peer ID: 0

2019-02-12 10:39:36 EVENT: ASSIGN_IP

2019-02-12 10:39:36 NIP: preparing TUN network settings

2019-02-12 10:39:36 NIP: init TUN network settings with endpoint: 185.XXX.XXX.XX

2019-02-12 10:39:36 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0

2019-02-12 10:39:36 NIP: adding (included) IPv4 route 10.8.0.0/24

2019-02-12 10:39:36 NIP: adding (included) IPv4 route 192.168.1.0/24

2019-02-12 10:39:36 NIP: redirecting all IPv4 traffic to TUN interface

2019-02-12 10:39:36 NIP: adding DNS 8.8.8.8

2019-02-12 10:39:36 NIP: adding DNS 8.8.4.4

2019-02-12 10:39:36 Connected via NetworkExtensionTUN

2019-02-12 10:39:36 EVENT: CONNECTED username@myairdnsname.airdns.org:XXXX (185.XXX.XXX.XX) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]

 

 

Can you help me to configure the server ?

[King0777 0]

If I'm not mistaken, the problem is with redirecting all internet traffic.
The client trying to connect to the router is connecting directly to the router, but the router respond through the VPN.
There are 2 solutions :
- the client contact the router through the VPN endpoint, you will have to open a forward port on the AirVPN interface with the same port number as the VPN server on the router. Using AirVPN ddns when opening the forwarding port would allow you to easily find the ip where the client must connect.
- change the force internet option on the router client configuration to policy rules (strict) and add 2 rules. The first one redirecting all your LAN through the VPN (src 192.168.0.0/24 dest 0.0.0.0 VPN (use the correct ip values for your LAN)), the second one redirecting only the router outside the VPN (src 192.168.0.1 dest 0.0.0.0 WAN)