On 06/09/2022 16:48, Bo Berglund wrote:
On Tue, 6 Sep 2022 16:00:20 +0200, David Sommerseth
<open...@sf.lists.topphemmelig.net> wrote:
On 06/09/2022 15:42, Bo Berglund wrote:
On Tue, 6 Sep 2022 15:23:29 +0200, David Sommerseth
<open...@sf.lists.topphemmelig.net> wrote:
On 06/09/2022 10:14, Bo Berglund wrote:
2. Find a way to push the blocking of persist-tun via a ccd command for this
client only. But it might not be possible if the persisted tun is in
operation already when the client reaches the server?
Unfortunately, this is not possible to push. This is only possible to
set in the local configuration file. Long story short: It's related to
when this option is parsed; which is before it starts to connect to the
remote server.
Figured as much!
It stands to reason that a client function executed *before* there is an actual
connection to the server cannot be changed by a push with a different argument.
Thanks for the clarification!
So I have to tell the person at the remote location to bring the router back
when he travels to Sweden next so I can modify the config file.
When doing that, I'd recommend you to ensure you can SSH into this
router without needing the VPN. Use SSH keys and possibly restrict the
IP ranges to networks you know you can connect from (typically ISP
subnets and such like).
But doing it without VPN is hard when the ISP is not providing a public IP
address to the connected device...
Use services like nsupdate.info ... or you could have a script running
regularly reporting it's IP address to a web server of yours; then you
would have the IP in your web server logs.
You mentioned this was an ASUS RT-51UC ... I see that the ASUS RT-51U
model is supported by OpenWRT[0], but I don't know what the difference
between the UC and U models might be. If you're not running OpenWRT, I
would recommend you to take that approach. OpenVPN is available here as
well as a functional SSH server and iptables.
[0] <https://openwrt.org/toh/asus/rt-ac51u>
When I configured the router 4 months or so back I forgot to enable Telnet (SSH
is not available on the RT-AC51U router firmware)...
I would not enable Telnet .... that's like asking for trouble. Plain
text auth ...
My plan is to make it possible to access the router via the tunnel IP from here
using the terminal interface. In that case I could modify the config files on
the system via the connected tunnel in the future.
But I must enable these items (both Telnet and Setup page) first in the GUI of
course, so for a later day...
I really do recommend you to kick out the ASUS firmware in favor of
OpenWRT. I mean, even lower-end hardware from other vendors have ssh as
an option to telnet these days. And it's not the device's fault; it's
the firmware.
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
