What are your goals with the RT-AC68U? Are you wanting to set up a VPN and connect to it while traveling or is the 750S just to make an access point for your devices while connected to hotel / coffee shop wifi?
For the AC68U (which is the same router I use!) I’d highly recommend using Asuswrt-Merlin firmware on it. This is based on the stock Asus firmware but adds many bug fixes and options. Well supported on the SmallNetBuilder forums.
The AC68U is a bit under powered for OpenVPN if you are looking for high speeds but it does keep up with most hotel wifi’s that I’ve encountered. The kernel used is too old for wireguard so if that is your plan you’ll need to find another option (I’ve got a Odroid-C2 that runs as a wireguard server for me and I no longer use OpenVPN).
Good stuff! I’d be happy to help if you have questions.
Yes, the slate 750S just to make an access point for my devices while connected to hotel/coffee shop wi-fi?
The slate travel router I bought I wanted to know what settings you make in it to get faster wi-fi when you are out and about like in cafes or hotels or overseas, etc that`s all.
A problem I keep getting when I have another router connected in Wi-Fi is the Asus 192.168.1.1 won’t connect saying the page is blocked with a firewall, I turned off the firewall in my Norton anti-virus and it didn`t make any difference!
So to get it I turn off the other router and it seems to work!
That Asuswrt-Merlin firmware is it a free download? and where do I get it!
Electronics Hey?? Cant live with them cant live without them??
Sounds like you know your stuff with these Routers!
With the Slate, don’t expect faster wi-fi when you are out… you are still facing the speed of whatever access point you are bridged to. The two main uses (that I’ve found) are:
Provide multiple devices access to a “single device” access point (like at a hotel that charges you for each device connected to their network).
Create a VPN to either a commercial VPN service or your home router in order to increase security while in public.
I used to travel to China frequently and would connect to my home VPN from the hotel in Shanghai. I’d have a Amazon Firestick with me and using my Slate could watch Netflix while behind the Great Firewall of China.
As for Asuswrt-Merlin, yes, it’s a free download. While it’s not an offical Asus product, it’s been “blessed” by Asus and the developer often works with Asus on bug fixes and enhancements. The latest version of the firmware can be found in the first post of this thread:
It’s OpenVPN implementation works great with the Slate and once it’s set up, I’ve found it nearly seamless. As I said, I primarily use Wireguard now but I do keep an OpenVPN server online as backup.
For your connection issues, I’m not sure what is going on there. I don’t really understand the setup. It almost sounds like you have two routers with conflicting settings…
Let me know if you have more questions! If you have more specific AC68U questions feel free to look me up at SmallNetBuilder. I’m Lost Dog on there as well. There are a handful of people over there with gl-inet equipment with similar setups!
I know that gl-inet has some home routers as well and I don’t mean to take away from their success! I just don’t have any experience with them. For the travel routers, I’m a HUGE fan!!!
Sorry to drag up an old topic… i’m trying to set up a slate to connect to an Rt-AC68u running latest Merlin and openVPN server. I’m having the issue that the slate can connect to the VPN no problem, and can browse the network at the Asus end, but all devices on the slate lose internet… including the device i’m browsing on… its a basic setup… i’ve not changed much except to add the ovpn file from the Asus, which is set to lan only (should keep internet local to the slate)
Using the same config my pixel 5 can connect easily using the ovpn client and can brose internet and connect to the computers behind the asus.
Any tricks that you had to get it working? Do you have and configs you could share or screen shots to see what I’m missing?
It’s been a while since I’ve used OpenVPN on the slate as I now have another server I use for Wireguard (still behind the RT-AC68u). If I get a chance today I’ll see if I can connect to OpenVPN. That being said, make sure you have “Client will use VPN to access” set to either “Internet only” or “Both”.
Also check your config files to see if they are set up to give Internet access. I know Merlin has made some big changes to OpenVPN in the past firmware or two so it may be a good idea to make new configs and re-connect the Slate.
Accessing the LAN side of the Asus router is a function of pushing a route to the remote device so it knows how to reach the LAN side. Whether you reach the internet through the tunnel into the Asus router, and then out from there, or alternatively, not through the tunnel at all, is a function of whether the server is pushing a default gateway over the tunnel, and whether the client is accepting it or ignoring it.
Also: if any of the nets along the way have the same subnet, you will be messed up. Asus has moved from 192.168.1.x to 192.168.50.x, for example, and GL-inet is using 192.168.8.x, and you want to avoid 0.x or 1.x since they are likely to be in your mix somewhere. This can come into play unexpectedly in your path, for example with a DSL or cable modem.
I may just reset the 68u as its been running the same config for years… Now re the Both / Lan only… I ONLY want lan access, specifically because the slate is behind an lte modem so cgnat… so by having this connect to my home network, i’m hoping i can access the devices behind the slate from home - specifically a raspberry pi on my boat. I dont want to shove all the internet access through the home network. So I’m expecting all devices on the slate have local internet access from the LTE modem and then when accessing the lan they access it via the vpn only… this is how it currently works on my phone, laptop etc using the current config file… just not via the slate.
I’ll check the link out… thanks and re the subnet ive just moved to 0.1 as my work network is 1.1 and i’m hooked up to that too… so if I redo the 68u from scratch… i’ll change it to something more obscure and then try and retrain my brain to the number…
This is a third thing–having devices at home reach devices behind the slate.
So if the slate is connecting as a client to your home 68U Openvpn server, “Lan Only” on the 68U will allow devices behind the slate to reach devices on your home network by pushing the route. It won’t push a new default gateway, so your slate devices should continue to reach the internet as before. For devices behind the 68U to reach devices behind the slate, you have to have the 68U add a route to the slate’s network when it connects.
Sorry to dig this up, can you expand on this a bit more “you have to have the 68U add a route to the slate’s network when it connects”
Is this entey added to vpn director on merlin?
What would that entry look like?
This is the last step in my setup and it has proven elusive. I would love to access some web ui’s that are wired clients on my slate
Current setup for ref
Site a asus/merlin openvpn server with “both” access. Site b slate running openvpn client with an ipcam and a onvif ptz keyboard. All good the ptz keyboard can control a bunch of ipcams on the asus side. The ptz keyboard hosts a web ui server thats reachable from a browser to set settings. I would love to reach that webui (192.168.8.25) from the asus side of things
VPN director only affects which VPN client a device on the lAN will use. It doesn’t have anything to do with the VPN server.
You want to go to the Advanced Settings page on the VPN Server in use, and under “Allowed Clients” you want to add the Slate’s Lan and user name, but NOT push it.it. so: "client1 192.168.8.0 255.255.255.0 no".
If you have several possible users, it may be that you use different certificates for each, or it may be that you use one set of certificates but different username/password combinations to differentiate them. If that is the case, you may need to add username-as-common-name in the configuration box.
When the Slate’s user name connects to the OpenVPN server, the server will add a route to the Slate’s LAN.
Dang, that worked. Thank you so much. And a second thank you for foreseeing what would have been my next problem with the multiple users scenario you explained. I threw a second slate in the mix and changed to 10.0 with a different user name and it all just works wonderfully.
What would the “allowed clients” entry look like if i were to use a third user name running the openvpn app on a smartphone instead of on the slate. The smartphone would be tunneling in from its cellular network, so im not sure what to enter in “subnet” and “mask” field of the “allowed clients”
This determines how traffic from the server lan is directed to the client lan. If it is just the smartphone that needs to be reached, then I don’t think you need to do anything. But if the smartphone is acting as a hotspot, then it is running its own LAN, so that is the equivalent of the 8.0 or 10.0 you are using. If the smartphone is tethered to a travel router, then I’m not quite sure what you would use-the client router wan or client router lan. But OpenVPN doesn’t care about all the steps along the way; it only needs to know that traffic to that subnet goes down that tunnel.
The next step is whether you allow traffic from 8.0 to go to 10.0 and vice versa, so all three LANs are tied together. I forget that part, to be honest, and at that point you might want to be looking at wireguard–those two peers would communicate directly, and not through the common asus router, which would be encrypting and decrypting traffic twice, and subjecting all traffic to any ISP speed limitations up or down.
Also, looking at the screenshot, I don’t think you necessarily need to allow only the specified allowed clients. If you have a laptop, for example, you might want to connect without worrying about LANs. The GUI is written a little weird–the “allowed clients” table means that if one of the connections made by an allowed client is one of the clients listed in the table, then add those routes.
Right again, i set that 3rd option “allow only specified clients” to off and smartphone joined the party from lte network. Its definitely a bit confusing the way that whole section is worded, setting that to off might lead one to think that the list below it is voided or not used