Jump to content
Not connected, Your IP:

Configure Asuswrt Merlin OpenVPN-Server for access with AirVPN Port-Forwarding

Recommended Posts

Dear @all,


my Asus Router RT-AC88U - flashed with current Merlin Beta-Firmware 380.67_alpha2 - is configured to run as AirVPN OpenVPN-Client. ccording to the following AirVPN HowTo:

After importing AirVPN's *.ovpn config-file, I modified the following OpenVPN client-parameters in the advanced settings section (my suggestion to everyone):
  • Accept DNS Configuration (AirVPN -> Disabled): Should be "Strict" (recommended) or alternatively to "Exclusive"
  • Redirect Internet traffic (AirVPN -> No): Should be set to "all", to be sure, that every traffic will be forwarded through the VPN-tunnel
  • I added "mute-replay-warnings" to the custom configuration field.

So, now AirVPN-client connection is up and vpn connection via the router is running successfully.


In addition to that, I'd like to use the OpenVPN-server of the above mentioned router, to enable secure remote access to my home network (NAS, Samba-Shares, Printers etc.) - from the road (when I'm not at home) - using my mobile phone or my Laptop.  


So I startet with the configuration of OpenVPN-server 1.

Sample for Advanced Config: see attached image  

After saving the configuration, I startet the router's export and imported the generated *.ovpn-file to my client devices OpenVPN-installation.


Then I configured an open port using the "remote port forwarding"-feature of AirVPN's client-backend, in order to enable TCP/UDP-Traffic to my local OpenVPN-Server port (e.g. 1149) using a predifined ddns-alias (like XXXXX.airdns.org). So for example Airvpn port 50000 directs to local port 1149 (TCP + UDP).


Unfortunaltely I got now stuck with building up any connection from the clients.

The DNS-resolution of AirVPN works correctly (client receives correct OpenVPN-Server IP), but the OpenVPN-Client (version 1.1.1 build 212 - 64-bit on iPhone)) ends with connection_timeout.


iPhone's OpenVPN-client Log-File (anonymized):


2017-06-11 02:07:16 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec  5 2016 12:50:25
2017-06-11 02:07:16 Frame=512/2048/512 mssfix-ctrl=1250
2017-06-11 02:07:16 UNUSED OPTIONS
2017-06-11 02:07:16 EVENT: RESOLVE
2017-06-11 02:07:16 Contacting 46.165.XXX.XXX:YYYYY via TCP
2017-06-11 02:07:16 EVENT: WAIT
2017-06-11 02:07:16 SetTunnelSocket returned 1
2017-06-11 02:07:16 Transport Error: TCP connect error on 'XXXXXX.airdns.org:YYYYY' (46.165.XXX.XXX:YYYYY): Connection refused
2017-06-11 02:07:16 Client terminated, restarting in 2000 ms...
2017-06-11 02:07:17 NET Internet:ReachableViaWWAN/WR t------
2017-06-11 02:07:18 EVENT: RECONNECTING
2017-06-11 02:07:18 Contacting 46.165.XXX.XXX:YYYYY via TCP
2017-06-11 02:07:18 EVENT: WAIT
2017-06-11 02:07:18 SetTunnelSocket returned 1
2017-06-11 02:07:19 Transport Error: TCP connect error on 'XXXXXX.airdns.org:YYYYY' (46.165.XXX.XXX:YYYYY): Connection refused
2017-06-11 02:07:19 Client terminated, restarting in 2000 ms...


Is there anything more I need to configure on the router or the client? Maybe a firewall forwarding problem (if this could be the problem, what do I need to do)?

Since I do not have to forward to a specific client in my home lan (that is running a OpenVPN-server), but the main router itself is the OpenVPN server, I didn't find a suitable configuration example, yet.


I would be very grateful for tips or helping hints.

Share this post

Link to post

Same problem, I've tried also on my board Odroid U3 with Openvpn Server.. I see correct air ip ....but still wait...


With SSH on Asus modem I've set forward port to device https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/

If shutdown Airvpn client on Asus merlin router openvpn client on iPhone contact without problem openvpn server
Sorry for my English..


Share this post

Link to post



Start Openvpn server on router, and export client.ovpn

Start Openvpn client on router, and import Airvpn.ovpn

Configured client for connect by iPhone

Connection Work 

But I can't surf 

If I ping any device on my network over ISP LTE over Openvpn connection this response

But I can't Surf with my Openvpn connection


Situation is (green:work    red:not work)


MY NETWORK -----> ROUTER <--redirect internet ALL traffic --> AIRVPN -->ipleak.net see ip&dns by AIrvpn> INTERNET OK




With ssh to my router I see this in /etc/openvpn/server1 



# Automatically generated configuration
daemon ovpn-server1
topology subnet
proto udp
port 1194
dev tun21
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-CBC
keepalive 15 60
verb 3
push "route vpn_gateway 500"
client-config-dir ccd
push "redirect-gateway def1"
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status 5
# Custom Configuration


i've edit client ,and  import profile to iPhone


dev tun
proto udp
remote myairdns.airdns.org #xxxx port choice on airvpn
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-CBC
keepalive 15 60
remote-cert-tls server
resolv-retry infinite


I've port farwarding in my area choice port to internal 1194 (openvpnserver)


On iPhone test network with App Net Alayzer :


(Onedrive photo album) https://1drv.ms/a/s!AhgCbyEqsT3yuTDtXsPqkwJfnpZ6 ---> The image "information" report no GATEWAY no IP 


This is Openvpn client logs


2019-02-12 10:39:34 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct  3 2018 06:35:04

2019-02-12 10:39:34 Frame=512/2048/512 mssfix-ctrl=1250

2019-02-12 10:39:34 UNUSED OPTIONS
6 [ncp-ciphers] [AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC] 
14 [resolv-retry] [infinite] 
15 [nobind] 

2019-02-12 10:39:34 EVENT: RESOLVE

2019-02-12 10:39:35 Contacting [185.XXX.XXX.XX]:XXXXX/UDP via UDP

2019-02-12 10:39:35 EVENT: WAIT

2019-02-12 10:39:35 Connecting to [myairdnsname.airdns.org]:XXXXX (185.XXX.XXX.XX) via UDPv4

2019-02-12 10:39:35 EVENT: CONNECTING

2019-02-12 10:39:35 Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client

2019-02-12 10:39:35 Creds: Username/Password

2019-02-12 10:39:35 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894

2019-02-12 10:39:35 VERIFY OK : depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
subject name      : C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
issued  on        : 2019-02-11 21:07:42
expires on        : 2029-02-08 21:07:42
signed using      : RSA with SHA-256
RSA key size      : 1024 bits
basic constraints : CA=false
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2019-02-12 10:39:36 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

2019-02-12 10:39:36 Session is ACTIVE

2019-02-12 10:39:36 EVENT: GET_CONFIG

2019-02-12 10:39:36 Sending PUSH_REQUEST to server...

2019-02-12 10:39:36 OPTIONS:
0 [route] [] [] [vpn_gateway] [500] 
1 [redirect-gateway] [def1] 
2 [route-gateway] [] 
3 [topology] [subnet] 
4 [ping] [15] 
5 [ping-restart] [60] 
6 [ifconfig] [] [] 
7 [peer-id] [0] 
8 [cipher] [AES-128-GCM] 

2019-02-12 10:39:36 PROTOCOL OPTIONS:
 cipher: AES-128-GCM
 digest: SHA1
 compress: NONE
 peer ID: 0

2019-02-12 10:39:36 EVENT: ASSIGN_IP

2019-02-12 10:39:36 NIP: preparing TUN network settings

2019-02-12 10:39:36 NIP: init TUN network settings with endpoint: 185.XXX.XXX.XX

2019-02-12 10:39:36 NIP: adding IPv4 address to network settings

2019-02-12 10:39:36 NIP: adding (included) IPv4 route

2019-02-12 10:39:36 NIP: adding (included) IPv4 route

2019-02-12 10:39:36 NIP: redirecting all IPv4 traffic to TUN interface

2019-02-12 10:39:36 NIP: adding DNS

2019-02-12 10:39:36 NIP: adding DNS

2019-02-12 10:39:36 Connected via NetworkExtensionTUN

2019-02-12 10:39:36 EVENT: CONNECTED username@myairdnsname.airdns.org:XXXX (185.XXX.XXX.XX) via /UDPv4 on NetworkExtensionTUN/ gw=[/]



Can you help me to configure the server ?

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image

  • Create New...