How to setup vpn server on cisco router

Find out What's Going On

How to install vpn (client) on your router - vpn tips

    There are many reasons to install VPN on your home router. First, running VPN on your home router provides a layer of protection to all devices on your network so you don’t need to set up VPN on each device. Second, Apple TV, Fire TV and other media players generally don’t allow you to install VPN on them, so running VPN on your router is often the best option to access restricted content. Finally, most VPN providers allow only three concurrent connections. By installing VPN on your router instead of each device you bypass this limitation. In this article I’ll show you how to set up an OpenVPN client on an Asus router running Asuswrt-Merlin firmware. (If you want to read my upcoming article about setting up VPN on dd-wrt routers be sure to sign up for my newsletter.)

    I use an Asus RT-AC68R, which is hands down one of the best (VPN) routers on the market. Before we set up the OpenVPN client let’s first replace the router’s firmware with the awesome “Asuswrt-Merlin” version. This custom-built firmware offers advanced VPN features that let you configure up to five OpenVPN clients and also offers a “Routing Policy” feature to specify which devices can use VPN and which can’t, a true pro level function. To download the latest Asuswrt-Merlin firmware and instructions click here. Backup your existing settings before installing the new firmware.

    Below you’ll find instructions to configure OpenVPN clients for IPVanish, PIA, Torguard, HideMyAss , AirVPN, and proXPN.

    Instructions

    1. First, download and save the OpenVPN configuration files (.ovpn) from the VPN provider’s website. Some providers (HideMyAss) offer separate configuration files for connections using TCP or UDP protocols. I almost always use UDP. The difference between UDP and TCP is minor. Here are the links to each provider’s OpenVPN configuration files.
      Download IPVanish OpenVPN client settings.
      You need to download two files:
      Download Private Internet Access OpenVPN client settings.
      Download the Certificate Authority file.
      Download TorGuard OpenVPN client settings.
      Download HideMyAss OpenVPN client settings.
      Log in to your CyberGhost account. Next, follow the instructions here to generate your login credentials. Finally, download the OpenVPN configuration files.
      First, log in to the AirVPN Client Area. Click Config Generator to load the OpenVPN Configuration Generator. Follow the instructions to generate and download your configuration file. Next, on the router, simply import the OpenVPN file you downloaded and click Apply.That's it. You can skip the rest of the instructions.
      First, download the proXPN OpenVPN configuration file: proxpn.ovpn. This file includes all the default settings you need. Second, go to the proXPN server location page, choose an OpenVPN server, and then copy its IP address. Next, edit proxpn.ovpn in a text editor; replace the IP address on the first line with the IP address you copied from the location page. Then, on the router, import the edited proxpn.ovpn file. Finally, next to Redirect Internet traffic, choose "All traffic" and click Apply. That's it. You can skip the rest of the instructions.
    2. Open a web browser and enter the IP address of the router. Once logged in successfully you’ll see the Administrative page, as shown in Figure 1-1. Navigate to Advanced Settings and select VPN > OpenVPN Clients.
      OpenVPN Client Settings

      Figure 1-1

    3. Client Control
      • Underneath the Client control section, right next to the Select client instance option, choose a VPN client instance from the drop down list.
      • Next, click Choose File, select a configuration file you downloaded earlier, and click Upload. This applies the default settings for you.
      • Next, we’ll go through and fine-tune each setting. Let’s start with changes to the Basic Settings.
    4. Basic Settings
      • Start with WAN: Select Yes if you want the VPN to start automatically when the router boots; select No if you want to manually start the VPN.
      • Interface Type: TUN
      • Protocol: This setting is pre-selected by the file you imported.
      • Firewall: Automatic
      • Server Address and Port: The “Address” and “Port” fields are pre-selected by the file you imported.
      • Authorization Mode: TLS
      • Username/Password Authentication: Yes
      • Username: Fill in the username of your VPN account
      • Password: Fill in the password of your VPN account
      • Extra HMAC authorization: Disabled
      • Create NAT on tunnel: Yes
    5. Advanced Settings
      • Poll Interval: 0
      • Accept DNS Configuration: Choose Strict to use the provider’s DNS settings; choose Disabled to not use the provider’s DNS settings.
      • Encryption cipher: Default
      • Compression: Adaptive
      • TLS Renegotiation Time: -1
      • Connection Retry: -1
      • Verify Server Certificate: No
      • Redirect Internet traffic: No. Using the “Policy rules” option allows you to specify which devices connect to the Internet through VPN, and which devices connect directly.
    6. Custom Configuration
      persist-remote-ip keysize 256 tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
      tls-client remote-cert-tls server reneg-sec 0 disable-occ
      remote-cert-tls server tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 fast-io ping-restart 0 route-delay 2 route-method exe script-security 3 system mute-replay-warnings
      ping 5 ns-cert-type server route-metric 1 ping-exit 30
      auth MD5 ping 5 ping-exit 60 ping-timer-rem explicit-exit-notify 2 script-security 2 remote-cert-tls server route-delay 5 tun-mtu 1500 fragment 1300 mssfix 1300 cipher AES-256-CBC
    7. Now, scroll back up to the Basic Settings section, click on the link Content modification of Keys & Certificates, and a pop-up window will appear, as shown in Figure 1-2.
      IPVanish CA Certificate

      Figure 1-2

    8. Next, go to the folder containing the OpenVPN configuration files you downloaded earlier. Open the key and certificate files using a text editor. Copy and paste the entire contents of each file into its corresponding text box in Figure 1-2.

      Open ca.ipvanish.com.crt. Copy and paste its contents into the Certificate Authority text box.

      Open ca.rsa.2048.crt. Copy and paste its contents into the Certificate Authority text box.

      Open ca.crt. Copy and paste its contents into the Certificate Authority text box.

      No action is required.

      Open ca.crt. Copy and paste its contents into the Certificate Authority text box.

      Open client.crt. Copy and paste its contents into the Client Certificate text box.

      Open client.key. Copy and paste its contents into the Client Key text box.

    9. Click the Apply button.
    10. Return to the Client control section and make sure the Service state is switched to ON. Asus RT-AC68U Service state
    11. Now verify your VPN client status by navigating to VPN > VPN Status, as shown in Figure 1-3.
      Asus RT-AC68U VPN status

      Figure 1-3

    By setting up VPN on your router you’ve added an extra layer of protection for devices connected to your home network. I appreciate all the wonderful feedback. Keep commenting, your support makes this site better!

    Q & A

    Fix for the “routing conflict” error

    Nov 13, 2015
    A couple of readers said they got a “routing conflict” after they made changes to the VPN settings. After testing this issue with IPVanish, PIA and Torguard it seems this problem is exclusive to IPVanish.

    When disconnecting from the IPVanish server the remote IP address assigned to the router’s WAN interface should be removed automatically, but it isn’t. This causes the “routing conflict” error when you re-connect by toggling the “service state” button, or by clicking the “apply” button. This error shouldn’t interfere with your VPN connection, but it does mess up routing tables, and it’s annoying. I have submitted this issue to Erich – Asuswrt-Merlin FW developer, and IPVanish. I’m hoping to see an official solution soon.

    Until there is a solution to this problem you can temporarily fix the “routing conflict” by manually removing the route that should’ve been automatically removed by the VPN server when it disconnected. This manual fix is required each time you disconnect from the VPN server, or after you make changes to the router settings. Here are my brief instructions:

    1. Log into the router using SSH ssh 192.168.1.1
    2. Delete the route associated with the VPN server as shown below (s.s.s.s is the IP address of the VPN server). ip route delete s.s.s.s

    Got a question? Post it in our forums. We’ll work it out.

    Related

News How to setup vpn server on cisco router