OpenVPN Asus RT-AX86U does not work

[BruceWayne007]

If your DDNS is setup using the Asus DDNS server then the WAN IP showing on your router should match what the website What Is My IP? shows as your IP. And there will be a sun icon next to your DDNS name. Also, on the WAN > DDNS page it will show ACTIVE as your DDNS status.

View attachment 182967

I do not see the Sun icon but my GUI is different than yours. I do have Active like yours. My IP is the same on a local computer, the Asus router and on my MacBook, off that network, that is connect with VPN.

Do I need to use a special port when configuring VPN in the Asus?

 

[Sybertiger]

I believe I shared with you all the screen shots of everything that is needed to make it work. Did you verify What Is My IP website shows the correct IP address of your router? And, does your .ovpn cert file show your DDNS name in it per the screen shot?

 

[BruceWayne007]

I believe I shared with you all the screen shots of everything that is needed to make it work. Did you verify What Is My IP website shows the correct IP address of your router? And, does your .ovpn cert file show your DDNS name in it per the screen shot?

My IP is the same on a local computer, the Asus router and on my MacBook, off that network, that is connect with VPN. Yes, it matches everywhere.


Do I need to use a specific port in the router configuration?

 

[Sybertiger]

And what does the .ovpn file show regarding your DDNS name?

 

[BruceWayne007]

And what does the .ovpn file show regarding your DDNS name?

View attachment 182993

Sybertiger, I really appreciate your help. The VPN connects and works but does not allow the cameras to work. I will get a screenshot or something of the help FAQ.

Yes, the DDNS name is correct but altered.
remote Itwon'twork.asuscomm.com 1194
float
nobind
proto udp
dev tun

 

[BruceWayne007]

BigReDFish and everyone else....

I should not enable the Network > P2P connection, correct?

 

[bigredfish]

Not if you're accessing via OpenVPN, not needed and I think will mess things up on access...hmmm..... though I havent tested it lately, not sure of you'll get all alerts/push notifications?

 

[BruceWayne007]

This is what the DMSS app shows after clicking the help for an error message.

 

[bigredfish]

BTW I also have 2 Asus routers working fine with OpenVPN

You say it connects to your home router via browser (assume the phone is NOT connected to Wifi. It should NOT be to use OpenVPN) but you can’t connect to your NVR using DMSS

Did you add the NVR to DMSS via serial number, QR code, or IP/Domain?

Show a screencap of your “Device Details” for the NVR on DMSS

 

[97JeepXJ]

This may or may not have any relevance to the situation but I would verify in the DMSS settings that local network is on. On iPhone, Settings -> DMSS -> Local Network -> switch is green. Cellular Data too

 

[The Automation Guy]

Two thoughts....

First, if this is your "first time" setting up the VPN, try opening up the router GUI while remote. I know you say that the VPN is connecting, but you need to make sure you can actually communicate with devices on the local network. We know the CCTV system isn't communicating over the VPN, but have you tried connecting to other local devices (like the router via it's GUI)? There are situations where the remote device "connects" to the VPN server, but can't pass the authentication steps and therefore the system won't allow it to communicate with ANY local device. If this is happening, it points to authentication issues, not something with the core VPN setup (what I am trying to say is that the VPN service is working correctly in that case, but you need to figure out the authentication problems). It sounds like this is where your failure is occurring.

Second, if this system was working for a while and then suddenly stopped, it might be that the certificate has expired. The certificates I use/generate with pfSense have to be renewed every couple of years. If they expire, the system won't work properly.

 

[BruceWayne007]

This may or may not have any relevance to the situation but I would verify in the DMSS settings that local network is on. On iPhone, Settings -> DMSS -> Local Network -> switch is green. Cellular Data too

Good thought and Thank you. It was already turned on.

 

[BruceWayne007]

BTW I also have 2 Asus routers working fine with OpenVPN

You say it connects to your home router via browser (assume the phone is NOT connected to Wifi. It should NOT be to use OpenVPN) but you can’t connect to your NVR using DMSS

Did you add the NVR to DMSS via serial number, QR code, or IP/Domain?

Show a screencap of your “Device Details” for the NVR on DMSS
View attachment 183039

MacBook connected to a Cellular hotspot with VPN connected.
-SmartPSS shows the NVR offline
-I cannot ping the NVR IP
-I cannot get to the NVR webpage using Chrome
-I can get to my Asus router GUI using Chrome
-I can log into another local device using the local IP using Chrome

iPhone using Cellular or a Cellular hotspot with the VPN connected.
-The webpage for the NVR will not open
-The DMSS app will not display the cameras

----------------------------------------------------------------------------------------------------------------------

MacBook connected to the local home internet not using the VPN.
-SmartPSS works flawless
-I can ping the NVR IP
-I can get to and login to the NVR webpage using Chrome

iPhone connected to the local home internet not using the VPN.
-I can get to the NVR webpage and login
-The DMSS app displays live camera video



I don't think this has anything to do with how the iPhone is configured or how the MacBook is configured if I cannot ping the NVR while using the VPN. I am trying to see if I can disconnect my modem from the Asus and use the Cellular hotspot as a test ISP.

 

[bigredfish]

On my remote router that I'm VPN'd into, Under "Clients" I see two devices in this case, the NVR and a PTZ setup directly

I would think your Router should show a list of attached devices..? And the NVR, if on the same DHCP pool, should be shown there...?

 

[BruceWayne007]

I am still looking into it but my Asus router is setup as 192.168.21.xx and not the standard 192.168.1.xx

I found my MacBook is showing 192.168.1.3 but wouldn't using OpenVPN put it on my local IP of 192.168.21.xx

 

[bigredfish]

All 3 should be on the same subnet.

Router assuming its the gateway 192.168.1.1 usually
Router DHCP pool 192.168.1.X-192.168.1.X
All devices connecting to router 192.168.1.x

OR .21.X - but all would need to be the same

 

[bigredfish]

What is the IP of your NVR?

 

[The Automation Guy]

I am still looking into it but my Asus router is setup as 192.168.21.xx and not the standard 192.168.1.xx

I found my MacBook is showing 192.168.1.3 but wouldn't using OpenVPN put it on my local IP of 192.168.21.xx

Honestly I am a little confused by these subnets. I'm not sure what you have set up on purpose and what might be an error. Is the NVR set up on a different network subnet as the rest of your network? (If so, that is something I address below).

That being said, there are there are three network subnets (more if you use VLANs) in play when you use a VPN and you need to understand how they relate and interact with each other......

First you have your local network. As I noted above I am a little unsure if it is set up as a 192.168.21.0/24 network or a 192.168.1.0/24 network, or both because you have set up a VLAN or are trying to keep your CCTV devices separate from the rest of the network. However if your local network has more than one subnet (which it would if you are using VLANs) you need to specify both/all subnets that you want to be able to access across the VPN. If you only entered 192.168.1.0/24 in this particular setting, then nothing on 192.168.21.0/24 would be available across the VPN, even if you can normally access it from the 1.0 network when you are on the local network. If you aren't intending to use two different network subnets on your local network, then it seems there might be some unresolved core network issues that need to be solved at the "local" level before you attempt to continue with the VPN.

Second you have the "tunnel" subnet. This is a network that is created by the VPN service for the sole purpose of connecting the two ends (local and remote) together. You should be able to enter the subnet you want to use for this "tunnel" as part of the VPN settings.

Third, you have the "remote" network that your device is on. It might be a cellular network, or a network at work, or another house, etc, etc, etc.

All three of these networks have to be on different subnets. You can control the first two subnets, but you really can't control the "remote" network subnet. For example, If you find yourself at someone's home that uses the same network subnet that you use at your home (192.168.1.0/24 for example), you will run into issues. Obviously 192.168.1.0/24 and 192.168.0.0/24 networks are the two most commonly used "default" networks on "residential grade" routers. Therefore it might be smart for you to choose a more random network subnet for your local network to prevent potential conflicts in the future when you find yourself on a residential network that has been set up on it's "default" settings.

 

[BruceWayne007]

On my remote router that I'm VPN'd into, Under "Clients" I see two devices in this case, the NVR and a PTZ setup directly

I would think your Router should show a list of attached devices..? And the NVR, if on the same DHCP pool, should be shown there...?

View attachment 183131

When the MacBook is connected to the local wireless router I see it as a client and I also see my iPhone as a client when connected locally. I see the NVR in the list of devices. I cannot find either one in the list when using the VPN but I may be overlooking them.

 

[BruceWayne007]

All 3 should be on the same subnet.

Router assuming its the gateway 192.168.1.1 usually
Router DHCP pool 192.168.1.X-192.168.1.X
All devices connecting to router 192.168.1.x

OR .21.X - but all would need to be the same

The NVR is static 192.168.21.xxx