Router to Router VPN Tunnel using Asus Routers

By | March 12, 2018

Router to Router VPN Tunnel using Asus Routers

Over the past few years I’ve tried a few times to successfully configure a Router to Router VPN tunnel using Asus Routers. In all the articles online something always was missing. So I figured this was a good article to write about. I currently have a tunnel in place between my house and my parents house so I can manage their network.

Asus Router acting as the OpenVPN Server – Configuration:

OpenVPN Server – Advanced Settings

  • Interface Type = TUN
  • Protocol = TCP
  • Push Lan to Clients = YES
  • Direct clients to redirect Internet traffic = NO
  • Manage Client-Specific Options = YES
  • Allow Client <-> Client = YES
  • Allow only specified clients = YES

OpenVPN Server – Allowed Clients

  • username=gsslinkroute, IP Address=0.0.0.0, Subnet Mask=0.0.0.0, Push=YES

OpenVPN Server – Custom Configuration

Note: reneg-sec is required if you don’t want the tunnel torn down and renegotiated on a regular basis. And username-as-common-name allows specific routing rules to be pushed to a specific client needed for point to point tunnels.

  • username-as-common-name
  • route 10.69.69.0 255.255.255.0
  • route 10.69.71.0 255.255.255.0
  • push “route 10.69.69.0 255.255.255.0”
  • push “route 10.69.71.0 255.255.255.0”
  • reneg-sec 432000

Administration – Enable JFFS Partition via Admin Interface

SSH to router and create the following scripts:

Note: the route and iroute’s are needed to create the routing tables correctly between the two routers and the ccd file is named as the username/cn so that the specific route statements get pushed to the correct client.

vi /jffs/configs/openvpn/ccd1/gsslinkroute

iroute 10.69.69.0 255.255.255.0
iroute 10.69.71.0 255.255.255.0
route 10.69.69.0 255.255.255.0
route 10.69.71.0 255.255.255.0
push “route 10.69.69.0 255.255.255.0”
push “route 10.69.71.0 255.255.255.0”

vi /jffs/scripts/services-start:

#!/bin/sh
iptables -I FORWARD -i br0 -o tun21 -j ACCEPT
iptables -I FORWARD -i tun21 -o br0 -j ACCEPT

Asus Router acting as the OpenVPN Client – Configuration:

OpenVPN Client – Basic Settings

  • Start with WAN = YES
  • Interface Type = TUN
  • Protocol = TCP
  • Create NAT on tunnel = NO
  • Redirect Internet Traffic = NO

OpenVPN Client – Custom Configuration

Note: reneg-sec is required if you don’t want the tunnel torn down and renegotiated on a regular basis.

  • float
  • keepalive 15 60
  • remote-cert-tls server
  • ns-cert-type server
  • push “route 10.69.68.0 255.255.255.0”
  • reneg-sec 432000

Note: I hope this helps someone else configure a point to point tunnel between two Asus Routers or routers running OpenVPN Servers/Clients.