Router to Router VPN Tunnel using Asus Routers
Router to Router VPN Tunnel using Asus Routers
Over the past few years I’ve tried a few times to successfully configure a Router to Router VPN tunnel using Asus Routers. In all the articles online something always was missing. So I figured this was a good article to write about. I currently have a tunnel in place between my house and my parents house so I can manage their network.
Asus Router acting as the OpenVPN Server – Configuration:
OpenVPN Server – Advanced Settings
- Interface Type = TUN
- Protocol = TCP
- Push Lan to Clients = YES
- Direct clients to redirect Internet traffic = NO
- Manage Client-Specific Options = YES
- Allow Client <-> Client = YES
- Allow only specified clients = YES
OpenVPN Server – Allowed Clients
- username=gsslinkroute, IP Address=0.0.0.0, Subnet Mask=0.0.0.0, Push=YES
OpenVPN Server – Custom Configuration
Note:Â reneg-sec is required if you don’t want the tunnel torn down and renegotiated on a regular basis. And username-as-common-name allows specific routing rules to be pushed to a specific client needed for point to point tunnels.
- username-as-common-name
- route 10.69.69.0 255.255.255.0
- route 10.69.71.0 255.255.255.0
- push “route 10.69.69.0 255.255.255.0”
- push “route 10.69.71.0 255.255.255.0”
- reneg-sec 432000
Administration – Enable JFFS Partition via Admin Interface
SSH to router and create the following scripts:
Note: the route and iroute’s are needed to create the routing tables correctly between the two routers and the ccd file is named as the username/cn so that the specific route statements get pushed to the correct client.
vi /jffs/configs/openvpn/ccd1/gsslinkroute
iroute 10.69.69.0 255.255.255.0
iroute 10.69.71.0 255.255.255.0
route 10.69.69.0 255.255.255.0
route 10.69.71.0 255.255.255.0
push “route 10.69.69.0 255.255.255.0”
push “route 10.69.71.0 255.255.255.0”
vi /jffs/scripts/services-start:
#!/bin/sh
iptables -I FORWARD -i br0 -o tun21 -j ACCEPT
iptables -I FORWARD -i tun21 -o br0 -j ACCEPT
Asus Router acting as the OpenVPN Client – Configuration:
OpenVPN Client – Basic Settings
- Start with WAN = YES
- Interface Type = TUN
- Protocol = TCP
- Create NAT on tunnel = NO
- Redirect Internet Traffic = NO
OpenVPN Client – Custom Configuration
Note:Â reneg-sec is required if you don’t want the tunnel torn down and renegotiated on a regular basis.
- float
- keepalive 15 60
- remote-cert-tls server
- ns-cert-type server
- push “route 10.69.68.0 255.255.255.0”
- reneg-sec 432000
Note: I hope this helps someone else configure a point to point tunnel between two Asus Routers or routers running OpenVPN Servers/Clients.