Router to Router VPN Tunnel using Asus Routers

Technology Blog

Router to Router VPN Tunnel using Asus Routers

Router to Router VPN Tunnel using Asus Routers

Over the past few years I’ve tried a few times to successfully configure a Router to Router VPN tunnel using Asus Routers. In all the articles online something always was missing. So I figured this was a good article to write about. I currently have a tunnel in place between my house and my parents house so I can manage their network.

Asus Router acting as the OpenVPN Server – Configuration:

OpenVPN Server – Advanced Settings

  • Interface Type = TUN
  • Protocol = TCP
  • Push Lan to Clients = YES
  • Direct clients to redirect Internet traffic = NO
  • Manage Client-Specific Options = YES
  • Allow Client <-> Client = YES
  • Allow only specified clients = YES

OpenVPN Server – Allowed Clients

  • username=gsslinkroute, IP Address=0.0.0.0, Subnet Mask=0.0.0.0, Push=YES

OpenVPN Server – Custom Configuration

Note:┬áreneg-sec is required if you don’t want the tunnel torn down and renegotiated on a regular basis. And username-as-common-name allows specific routing rules to be pushed to a specific client needed for point to point tunnels.

  • username-as-common-name
  • route 10.69.69.0 255.255.255.0
  • route 10.69.71.0 255.255.255.0
  • push “route 10.69.69.0 255.255.255.0”
  • push “route 10.69.71.0 255.255.255.0”
  • reneg-sec 432000

Administration – Enable JFFS Partition via Admin Interface

SSH to router and create the following scripts:

Note: the route and iroute’s are needed to create the routing tables correctly between the two routers and the ccd file is named as the username/cn so that the specific route statements get pushed to the correct client.

vi /jffs/configs/openvpn/ccd1/gsslinkroute

iroute 10.69.69.0 255.255.255.0
iroute 10.69.71.0 255.255.255.0
route 10.69.69.0 255.255.255.0
route 10.69.71.0 255.255.255.0
push “route 10.69.69.0 255.255.255.0”
push “route 10.69.71.0 255.255.255.0”

vi /jffs/scripts/services-start:

#!/bin/sh
iptables -I FORWARD -i br0 -o tun21 -j ACCEPT
iptables -I FORWARD -i tun21 -o br0 -j ACCEPT

Asus Router acting as the OpenVPN Client – Configuration:

OpenVPN Client – Basic Settings

  • Start with WAN = YES
  • Interface Type = TUN
  • Protocol = TCP
  • Create NAT on tunnel = NO
  • Redirect Internet Traffic = NO

OpenVPN Client – Custom Configuration

Note:┬áreneg-sec is required if you don’t want the tunnel torn down and renegotiated on a regular basis.

  • float
  • keepalive 15 60
  • remote-cert-tls server
  • ns-cert-type server
  • push “route 10.69.68.0 255.255.255.0”
  • reneg-sec 432000

Note: I hope this helps someone else configure a point to point tunnel between two Asus Routers or routers running OpenVPN Servers/Clients.

Tags: , ,