OpenVPN Asus RT-AX86U does not work

[BruceWayne007]

Hey there,
Windows 10 computer hardwired to the Asus RT-AX86U
iPhone 13 with the latest iOS and the latest OpenVPN app.
3.0.0.4.386_44130 firmware and I would get this error message, Open VPN, connection failed, Peer certificate verification failure on my iPhone.

I researched and called Asus support which was very little help. I gave in and reset the router, updated the firmware, reset the router, and manually configured it. Nothing was saved or imported back to the router.
The router is now 3.0.0.4.388_24231

Now the iPhone OpenVPN app connects flawless but it will not allow me access to the DMSS iPhone app cameras. The DMSS app works fine when on my local internet without using the OpenVPN app.

I have tried both Encryption types, and I believe I should use "Internet and local network" to allow access when not at home. I Export the configuration file and upload it to the app. It is not a username or password issue. I am using General Details and not Advanced settings. Unless I need to do something with the Server Port I select.


Thank you!

 

[SpacemanSpiff]

Hey there,
Windows 10 computer hardwired to the Asus RT-AX86U
iPhone 13 with the latest iOS and the latest OpenVPN app.
3.0.0.4.386_44130 firmware and I would get this error message, Open VPN, connection failed, Peer certificate verification failure on my iPhone.

I researched and called Asus support which was very little help. I gave in and reset the router, updated the firmware, reset the router, and manually configured it. Nothing was saved or imported back to the router.
The router is now 3.0.0.4.388_24231

Now the iPhone OpenVPN app connects flawless but it will not allow me access to the DMSS iPhone app cameras. The DMSS app works fine when on my local internet without using the OpenVPN app.

I have tried both Encryption types, and I believe I should use "Internet and local network" to allow access when not at home. I Export the configuration file and upload it to the app. It is not a username or password issue. I am using General Details and not Advanced settings. Unless I need to do something with the Server Port I select.


Thank you!

During your test, are you away from your house (and your home wifi)?

 

[BruceWayne007]

Hello Spaceman,
Yes, I was at work earlier on their guest network and also turned off my iPhone Wi-fi and it did not work. I came home worked/troubleshoot on it more and tried with my iPhone connected and NOT connected to the local Wi-Fi.

I hope that answers or clarifies what you are asking.

 

[OICU2]

I believe there are some issues with OpenVPN and older Asus routers where the certificate encryption needs to be changed/regenerated to higher encryption. Some of the older routers do not have the button that allows you to regenerate the certificate and there is no known work around. If you can generate a new certificate with higher encryption, that might fix it.

 

[BruceWayne007]

I believe there are some issues with OpenVPN and older Asus routers where the certificate encryption needs to be changed/regenerated to higher encryption. Some of the older routers do not have the button that allows you to regenerate the certificate and there is no known work around. If you can generate a new certificate with higher encryption, that might fix it.

Thank you OICU2 but I do not have a certificate error. The app connects to the router just fine.

 

[OICU2]

... I would get this error message, Open VPN, connection failed, Peer certificate verification failure...

Thank you OICU2 but I do not have a certificate error. The app connects to the router just fine.

Ok, just replying to your first post..

 

[BruceWayne007]

Ok, just replying to your first post..

I thought my first post was clear that I had the issue and then I updated the firmware. Maybe I included too many details.

 

[wittaj]

Let's back up a moment - did this work in the past or is this a new setup?

Are you using a VMS system like Blue Iris or an NVR or is it just cameras? The NVR won't allow direct access to the cameras thru a VPN connection and you can only access the NVR (and see the cameras but cannot get into the camera GUI).

Are you using OpenVPN native to the router or did you load OpenVPN on the computer?

If you open the VPN on iOS, can you, with the browser on the iPhone, connect to the device or not to confirm you are actually on the network?

If so, then it is some issue that identifies it is a VPN connection and is denying access.

 

[Sybertiger]

Is that Asus released firmware you are using. Seems like everyone I know with an Asus router is using the AsusWRT Merlin firmware, me included. Not saying that's your issue but you might want to try it.

Home | Asuswrt-Merlin

www.asuswrt-merlin.net

 

[BruceWayne007]

Let's back up a moment - did this work in the past or is this a new setup?

Are you using a VMS system like Blue Iris or an NVR or is it just cameras? The NVR won't allow direct access to the cameras thru a VPN connection and you can only access the NVR (and see the cameras but cannot get into the camera GUI).

Are you using OpenVPN native to the router or did you load OpenVPN on the computer?

If you open the VPN on iOS, can you, with the browser on the iPhone, connect to the device or not to confirm you are actually on the network?

If so, then it is some issue that identifies it is a VPN connection and is denying access.

I don't know if I ever had it working with this router, I had older routers and I swear it worked but that has been a few years.

I am using an Andy Empire NVR. I swear I read a long time ago and help from BigRedFish that you should not enable something on the NVR and to use OpenVPN.

Yes, this router has OpenVPN and 3 other options built into the firmware.

I will check on connecting to NVR while the VPN is connected, stay tuned....
Update, I can use my iPhone with OpenVPN connected and using Chrome go to the IP of my Asus router, and another IP works but the NVR IP will not work.
I installed a program on my MacBook and can use VPN and I can get to the NVR IP.


Thank you for the great questions!

 

[BruceWayne007]

Is that Asus released firmware you are using. Seems like everyone I know with an Asus router is using the AsusWRT Merlin firmware, me included. Not saying that's your issue but you might want to try it.

Home | Asuswrt-Merlin

www.asuswrt-merlin.net

Hey Sybertiger,
Yes this time it is all Asus. Years ago on a different routers I ran DD-WRT and could not get OpenVPN to work. I am not against Merlin firmware if it isn't a nightmare to make it work. Do you have an Asus router with Merlin firmware and using OpenVPN?

 

[Sybertiger]

Hey Sybertiger,
Yes this time it is all Asus. Years ago on a different routers I ran DD-WRT and could not get OpenVPN to work. I am not against Merlin firmware if it isn't a nightmare to make it work. Do you have an Asus router with Merlin firmware and using OpenVPN?

I have an Asus RT-AX86U Pro and use the built-in OpenVPN without issue. I set up my parent's BI system and they have an Asus RT-AC86U using the built in OpenVPN. Both have the latest Merlin firmware installed. Do you know if your ISP does dynamic or static assignment of IP addresses. If it's dynamic, like my parents have with AT&T FIber, then you'll want to set up DDNS (WAN > DDNS) and make sure that the hostname was automatically inserted into the VPN cert.

 

[Sybertiger]

 

[Sybertiger]

 

[Sybertiger]

Lastly (probably not an issue for you) some people reported their certificate getting messed up when they email it to their mobile device and have to use a different method to get the cert file into their device without email altering it. Some people probably use Google Drive then grab it that way when they load it into the OpenVPN app on their phone.

 

[BruceWayne007]

I have an Asus RT-AX86U Pro and use the built-in OpenVPN without issue. I set up my parent's BI system and they have an Asus RT-AC86U using the built in OpenVPN. Both have the latest Merlin firmware installed. Do you know if your ISP does dynamic or static assignment of IP addresses. If it's dynamic, like my parents have with AT&T FIber, then you'll want to set up DDNS (WAN > DDNS) and make sure that the hostname was automatically inserted into the VPN cert.

I believe you are using the older 3.0.0.4.386 firmware which I was using but was getting certificate errors so I flashed it to the latest firmware and no longer get the certificate error and I can connect. I am now on the 3.0.0.4.388 firmware so the GUI is slightly different.

I am fairly certain my ISP uses Dynamic IP's. I think I setup DDNS but need to look into that one.

 

[BruceWayne007]

If another option is better than I am willing to try but it seems most people prefer OpenVPN.

The router has built in
PPTP
OpenVPN
IPSec VPN
WireGuard VPN

 

[Sybertiger]

I believe you are using the older 3.0.0.4.386 firmware which I was using but was getting certificate errors so I flashed it to the latest firmware and no longer get the certificate error and I can connect. I am now on the 3.0.0.4.388 firmware so the GUI is slightly different.

I am fairly certain my ISP uses Dynamic IP's. I think I setup DDNS but need to look into that one.

If your ISP uses Dynamic IP assignment then your router is subject to having a different IP address every time you reboot it. You rebooted and may have had a change of IP address. Now your cert doesn't know how to find your router.

I just helped two folks on this forum with new RT-AX86U routers within the last 30 days. Both have dynamic assignment and are up and running with OpenVPN using the Merlin f/w.

 

[Sybertiger]

If your DDNS is setup using the Asus DDNS server then the WAN IP showing on your router should match what the website What Is My IP? shows as your IP. And there will be a sun icon next to your DDNS name. Also, on the WAN > DDNS page it will show ACTIVE as your DDNS status.

 

[Sybertiger]

To be clear...at the top of your ovpn certificate file you should see your DDNS name. It will be automatically inserted when you generate the certificate....assuming you set up DDNS correctly and it's active.