Hi All, at the ens of the day I want to setup an OpenVPN server for my company to access the LAN from offsite Locations. so We bought an Asus RT-AC88u rourter which has this funcion built in. Initially I tried to set up the Telstra modem as bridge and Use the Asus as DHCP server but I was unsuccessful. So I decided to put the AC88u behid the telstra modem and setup the OpenVPN server, but again I have failed. This is what I've done so far. the IP Adress of Telstra modem is 192.168.0.1
I manually set up IP adrees for Asus as 192.168.0.3
I disabled DHCP server on Asus.
I enabed OpenVPN server on Asus on port 14455
I have the router connected to a Switch with an ethernet cable to the yellow LAN1 port (Not blue port). I have disabled all NAT functions on Asus router.
Added VPN users with passwords. Generate OpenVPN certificate.
We have a static IP address from our ISP (Telstra) so I manually edited the file client.ovpn and change the first line Changing the address 0.0.0.0 14455 for our IP address XX.XXX.XX.XX 14455 On the Telstra modem I forwarded the port 14455 to the local IP address of the modem 192.168.0.3.
To test it I use my iphone personal hotspot to connect my desktop to the internet. but the Open VPN program tiemes out an it does not connect. However if I am on the same local network as the router The OpenVPN connection is successful. What am I missing?
Was this helpful?
Well, I came across an issue with the port. I checked my port 14455 using this tool https://www.yougetsignal.com/tools/open-ports/ and it says that this port is closed. So the issue is something to do with opening the port at the Asus router. I did re-assigned the same port to a Linux server we have on-premises and it shows as open. So I can rule out the Telstra modem being the problem. Now, how do you guys go about ensuring a port is open at the Asus Router?
my setting for OpenVPN server are these:
The ASUS is listing on its WAN port instead of the LAN ports. You would need to connect the WAN port of the ASUS router to a LAN port of the Telstra modem for port to be shown as open.
Do do you have the ASUS configured as an access point with its WAN port connected to a LAN port of Telstra modem. See link below for settings.
Thank you. I have my Asus router as "Router". I cannot set it up as Access point because it disables VPN options. I tried this before. The main reason for this is because the Telstra modem cannot be set up as Bridge. in other words NAT cannot be disabled. So now I have the Telstra modem to handle DHCP server and the Asus router wtih DHCP disabled.
This is how I do port forward on Telstra modem.I decided to chance to port 22523 for open VPN. The IP adress of Asus router is 192.168.0.3.
The funny thing is that Open VPN works on the local network. but again it shows as closed when using the tool for checking open ports.
What type of internet connection do you have. If its not a DSL connection (ADSL or FTTN/B) you should be able to use the Asus as main router.
There is a IOS and Android app called fing you can use for testing what ports are open on devices on the local network. You could use it to test what ports are open on the ASUS.
The Telstra modem WAN port can connect a LAN port of the ASUS and function as a VOIP adapter with its WiFi turned off. For VOIP to work would need to change LAN IP address of ASUS or Telstra modem so that they don't use the same subset.
Use an ADSL modem in Bridge mode for internet connection.
thanks for the help, but this is not possible. For some reason the V7610 Modem from Telstra cannot be setup as bridge. the reason for this is because NAT cannot be disabled. I've been reading about DMZ. maybe this is this solution. but if I set the DMZ on the modem to point all internet traffic to the Asus router, which one should act as DHCP server? and which port should I use on the router/ WAN or LAN?
The ASUS acts as the DHCP server for the local network and its WAN port is connected to a LAN port of the V7610.
Apart form setting ASUS in the DMZ and turning WiFi off all other settings on Telstra modem are left unchanged.
You will also need to change the LAN IP address range of ASUS so it doesn't use same subset as V7610
The problem with this setup is the ASUS will not have an public IP address. I don know if this will stop the OpenVPN server working properly.
In my previous post the Telstra modem remains in normal mode it is the ADSL modem that is bridged.
ADSL--------ADSL Modem (Bridged)------WAN ASUS LAN------WAN V7610 (Normal)---Phone
Thanks, but it looks like I didn't make myself clear. I do not have a DSL modem. I meant The V7610 is the ADSLmodem. maybe I am vonfused with the terminology. What I know is we get internet from a phone line connected to the V7610. And what I want to achieve is to use The Asus router as VPN server. I gave it a go on DMZ the Asus router but still no luck. This is My Network configuration so far:
Modem Router 1: Telstra V7610.
Gets Internet signal from a phone line (ADSL?)
It has 2 VOIP phone lines for the office.
Fix WAN IP XX.XXX.XX.XX
LAN IP: 192.168.0.1
DMZ Server on: 192.168.0.3
Port forward 22523 to Router 2 on 192.168.0.3
Router 2 Asus RT AC88U
Connected to modem 1 on LAN port 1 ?
Assigned LAN IP as 192.168.0.3
DHCP server OFF
OpenVPN server ON with port 22523.
I do have a working OpenVPN server at home and it turns out the the Port 1194 on this case appear as closed as well, so It looks like closed port is not an issue sice it work in my place.
My question now:
1.With DMZ pointing to the Asus Router do I need use the WAN port on ASUS?
2.Do I need to setup WAN IP address of asus as our Public IP address or the Local IP of the V7610?
3.Since the Azuz Router is in the DMZ now, Do I still need to do port forwarding port 22523 to Asus router? 192.168.0.3? or maybe this is causing an issue and I need to delete this port fwd from V7610 table?
You made yourself clear. Perhaps I didn't make myself clear, I was suggesting that you use another DSL modem that could be bridged and just use the V7610 as a VOIP ATA with its WAN port connected to LAN port of ASUS.
Answer to questions.
All local devices should be connected to the ASUS or else you will end up with two separate networks.
- WAN IP address should be set to the local LAN IP of the V7610 (192.168.0.3)
Thanks Again. but I am having issues with setting up the WAN IP address as the router detects it is a local IP and it wont let me change it. Are you sure is the Local IP that goes on the WAN IP field?
this is the error message. "You have set the WAN IP as RT-AC88U's gateway, and RT-AC88U could not connect to Internet. Please set Gateway with correct value." Please see screenshot.
I've hid our Public IP for security.
Yes you have to change the LAN IP address and the DHCP IP range of the ASUS (example 192.168.1.1 and 192.168.1.2 - 192.168.1.254)
Other ASUS Settings
LAN DHCP enabled.
Need a hand or want to share your expertise?
Register for CrowdSupport and get involved