I’ve owned a AR750 for a few years, and have not had any issues with it. However, I recently bought a AR750S and have a frustrating problem.
I run a OpenVPN server on my home network with access to the LAN only. I have used the client on the AR750 to connect and use this connection with no problems. However, when I load the same config file on the AR750S client, I have a big problem - the internet is not accessible. I am able to access the local LAN on my home network, able to ssh into my plex server, etc. However, even though DNS resolution succeeds (verified by nslookup), the route does not go to the IP. Doing a tracert shows the route stops at my LAN gateway IP.
I am running the latest firmware on the AR750S (v3.211).
Here is the openvpn config:
client
dev tun
proto udp
remote REDACTED PORT
resolv-retry infinite
nobind
float
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
auth SHA512
comp-lzo adaptive
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-crypt>
So you set up a vpn sever at home and use the router to connect to the home server from out side your home, right?
When you use the vpn connection on the router, you want to connect to your home and use the Internet (without vpn), right? For this setup you need to use vpn policy.
How did you set up on AR750? I think the firmware are rather the same, assuming you use 3.211 for both.
You’re partially right. The VPN server is set to only allow access to the LAN. It does not route internet connections through the server. The server is running on a router running AsusMerlin.
From my understanding, VPN policy as you are describing would need to not allow the VPN connection on a specific machine. If so, this is not what I want. I want to be able to access the internet normally from my physical location, while also having access to the subnet of my home LAN.
Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
100% loss.
and tracert:
Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:
1 1 ms <1 ms 1 ms console.gl-inet.com [172.16.8.1]
2 167 ms 137 ms 140 ms 10.4.0.1
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
I’m pretty sure it’s not a problem on the Asuswrt Merlin side, I am posting this connected to the AR750 using the same openvpn config, and I have no problems. I can both access the internet and access my home LAN. The tracert for this router however, routes to the modem instead of the tunnel. It seems as this is some sort of issue with the AR750S, since the AR750 works fine with the same config file.
btw the firmware on the AR750 is 2.272, so it is significantly behind in versions from the AR750S. I just don’t know enough about what extra config on the AR750S is needed to get this to work. It’s been a long time, but I don’t recall setting anything special in the config on the AR750 to get this to work.
Well I guess this is the best solution. The only thing that doesn’t seem to work is using my pihole as a custom dns resolver (dns queries timeout), but I guess that’s a different issue.
Were you able to solve this? I seem to have the same issue. OpenVPN config from my Asus router as server works fine on all other devices as clients but when I setup my Beryl as a client I can’t get internet access.