How to Setup Site-to-Site VPN on ASUS RT-AC86U Merlin Routers

Поділитися
Вставка
  • Опубліковано 29 жов 2024
  • How to Setup Site-to-Site VPN on ASUS RT-AC86U Merlin Routers

КОМЕНТАРІ • 24

  • @Carlos_B_B
    @Carlos_B_B 6 місяців тому

    THX a lot for the tutorial, I was struggling to implement it , so I removed former tries, took notes form your method and adapted to my own IPs and the miracle happened. One of them is behind CG-NAT so I was not able to backup my devices there.

    • @diytechtips247
      @diytechtips247  6 місяців тому

      Very happy that the video was very helpful in getting you through the process of setting up your VPN. 👍

  • @kskorski
    @kskorski Рік тому +2

    Hi, great video. Can you please explain why you set two vpn servers on both ends instead of just one server + one client? I set up a site to site OpenVPN connection between home and office. My office router is behind another router and I cannot set up port forwarding on it. Because of that I set up a server at home and a client at the office but I have some connectivity issues. For example I cannot access the office router configuration page from home. When the office computer is on I can access it from my home computer via a remote desktop app but when it is switched off I cannot wake it up by WOL from home. All connections from the client (office) to the server (home) works fine. Does this configuration have a chance to work in both ways or do I need a double OpenVPN server on each end?

    • @diytechtips247
      @diytechtips247  Рік тому +1

      You only need 1 VPN server and 1 VPN client on the ASUS router. The ASUS VPN services does not perform like the standard high prices firewall like CheckPoint, Cisco, Fortinet, etc. that when you create a 1 way firewall rule it automatically create one vise versa in the opposite direction hence you must setup a client and a server on the ASUS and also setup VPN director rules. What is happening is that although the VPN tunnel is connected to your office location and it receive traffic from your device from home through the tunnel the response from the device at the office will not send the traffic back to the VPN connected to your home because it will send that response through the default destination configured on your office router. You will have to explicitly create a rule on the office firewall that will send destination traffic to your home IP address subnet.
      To access the office router configuration page you may have to use the internal IP address of the router, for example, 192.168.1.x.
      Hope that helps!

    • @TarEkisthis
      @TarEkisthis 3 місяці тому

      @@diytechtips247 good job i like it , what about the speed , will it have any impact ?

  • @jose1660
    @jose1660 8 місяців тому +1

    Hello! I'm wondering if it's possible to create a VPN server in the USA and access it through a no-ip domain using a VPN client router from Spain. Can I then share the internet through WiFi, configured in my client VPN router, with clients using this device? Thank you

    • @diytechtips247
      @diytechtips247  7 місяців тому

      Yes you can do that. The VPN server that is created in the USA will receive the VPN connections either from a client device or another router from Spain and it will route the traffic out the WAN interface on the USA side of the VPN.
      Hope that helps!

  • @steffenrommelaere357
    @steffenrommelaere357 Рік тому

    Great video. Can the exact same setup be done with wireguard?

    • @diytechtips247
      @diytechtips247  Рік тому

      @steffenrommelaere357 Wireguard can be setup on the Merlin firmware but you will have to use ssh, however, there is no GUI on the Merlin firmware. Here is a link directly from Merlin concerning this
      www.snbforums.com/threads/wireguard-gui-on-my-asus-merlin-router.76520/#post-733649
      Hope that helps!

  • @Alex20001s
    @Alex20001s 5 місяців тому

    THX fo this! could you please describe how to "push" instant guard clients to a VPN? So all devices might use a VPN connection to be protected even if they are out of WiFi or LAN.

    • @diytechtips247
      @diytechtips247  5 місяців тому

      What model of router do you have that supports instant guard?

    • @diytechtips247
      @diytechtips247  5 місяців тому

      Can you indicate what model of router you have that you want to enable instant guard on?

  • @obojevic
    @obojevic Рік тому

    Great video, thanks! I'm trying to achieve a similar but I have a problem because one of two locations doesn't have a public IP address so I can't have an accessible VPN server on that side of the VPN tunnel. Is it solvable?

    • @diytechtips247
      @diytechtips247  Рік тому +1

      Yes! On the side that does not have a public IP Address you will have to use port forwarding of port 1195 on the ISP internet router. You will have to create a port forwarding with source address (ANY) port (1195) destination (Internal IP Address of the ASUS router) port (1195).
      Hope that helps!

  • @brunobcardoso
    @brunobcardoso Рік тому

    Friend, searching about my question i found your video.Do you know whats happend?I have an vpn on my job and i use global protection app to autenticate in it, but my connection pass through an RT-AX88U, and it blocks my vpn access.I know it is cause if i use the direct connection cable from my isp, i can access my job environment easy, but when im using wi fi from RT-AX88U, i cant access.Do you know how i can fix it?thanks!

    • @diytechtips247
      @diytechtips247  Рік тому

      Look through the event log on the RT-AX88U router. It will definitely give you some clue as to why the connection is not being established. You can try your connection and take a note of the time and destination and use that information to specifically look through the router log, it will definitely give you a reason or possible area to start troubleshooting. Also do you have Skynet or any firewall rules enabled? Skynet is very granular and May block suspicious activities. There might be an exception that is needed to be added. A very quick check will be to temporarily disable you router firewall and try to see if the connection is established, if it does then the firewall is blocking the connection either inbound or outbound.
      Hope that help!

  • @cyberbud
    @cyberbud Рік тому

    What's the point of Remote IP in VPN Director? I am not able to send Internet traffic on R1 clients via R1 only, traffic still goes thru R2

    • @diytechtips247
      @diytechtips247  Рік тому

      The purpose of remote IP in VPN Director is to be specific as to the destination of the traffic you will be sending over the VPN connection, for example, if you have two routers (A & B) that are connected to each other via openvpn and you have the subnet 172.16.0.0/16 behind router A and you have the subnet 172.30.0.0/16 behind router B, you will create a VPN director entry on router A with the local IP 172.16.0.0/16 and the remote Ip will be 172.30.0.0/16 and Iface you will select the VPN interface. What that does is any traffic from the subnet 172.16.0.0 that is destined for 172.30.0.0 subnet will be routed through the VPN connection. You will also have to setup the reverse VPN director entry on router B for traffic destined from local IP 172.30.0.0/16 to remote IP 172.16.0.0/16.
      One thing to note about Merlin is that you will have to create a VPN connection on each router connecting to the other.
      Hope that helps!

  • @cyberbud
    @cyberbud Рік тому +1

    You did not configure static routes. How can you still ping from Lan A to Lan B. It won't work

    • @diytechtips247
      @diytechtips247  Рік тому

      There is no need to create static routes as VPN director is the one that is doing all the routing. VPN director basically creates static routes and it gets the routing table information from the VPN tunnel that is established between both routers. Whatever the remote IP subnet that is created in VPN director the sending router knows to send the traffic through the tunnel and the destination router knows how to get to the destination subnet so not static route entries are needed.
      Hope that helps!

  • @davidvictory9764
    @davidvictory9764 Рік тому

    Can I do this in china ?