echable wrote: > Turns out it's not that difficult. But believe me, there are so many > posts and articles about this, each of them gives their own procedure, > often using complex ssh scripts and all kinds of stuff. > > AFAIK all VPN stuff is based on the OpenVPN protocols, so it shouldn't > be that difficult. > > On my Asus router with Merlin firmware, in the end, successfully > establishing a VPN server that gives me remote access to home network > with no errors or error messages, was literally a matter of less than > twenty clicks and typing >5 digits. > > > My problem was, with the router VPN server running, with the default > settings, the router DHCP (local network IP address allocation) page > would report that there was somehow a conflict between the IP addresses > on my network - i.e. between the IPs usually there - and the ones > allocated when they connected remotely through OpenVPN Connect app. > > Actually connecting to the VPN server and accessing home network > resources seemed to work fine the few times I had a chance to test it, > but there were error messages, but I'm hard-pressed to point out any > occasion I tried it where it failed, but I didn't do extensive testing > since I wasn't happy anyway because of the error messages. > > Like I think I said, I have literally spent weeks trying to figure this > out - because it would be good for a lot of other networking stuff too. > > > > In the end, I just chanced upon the solution last night, and it was > this: > > Under "LAN - LAN IP - Configure the LAN setting of RT-AC87U", where it > used to say the standard value that I had on every router I ever owned: > IP Address 192.168.1.1 > Subnet mask 255.255.255.0 > > I changed the "IP Adress" from 192.168.1.1 to 192.168.1.35 > The router itself takes the first IP address, so its admin interface is > now not at 192.168.1.1 like it always has been, but at 192.168.1.35. And > all other home network devices have IP addresses with higher numbers. > > The DHCP router page no longer reports any error or conflict. > > > The VPN OpenVPN Server config page, with default setup/PIA .ovpn file, > has, under advanced settings, one single line that could be related to > this: > > VPN Subnet / Netmask 10.8.0.0 255.255.255.0 > > > I did not change anything there. So literally the only thing I had to do > to make this work without any error messages was change 192.168.1.1 to > 192.168.1.35, on the LAN IP page, next to the DHCP page. The DHCP page > now remarks, however, in yellow letters, that the router IP address is > 192.168.1.35, but it does not report this as an "error" or "conflict". > > So it seems the problem in this case is simply that the default subnet > specified when you create a default configuration VPN Server on the > router is wrong, it conflicts with the default values for the router. A > very unfortunate oversight from the programmers ? > > Still seems strange, since the OpenVPN Server page says 10.8.0.0, that > it should be affected by changing 192.168.1.1 to 192.168.1.35. Can > anybody explain that to me ? In my reading I've read there are three > "classes" or ranges of IP addresses set aside for "internal" network > use, the 192.168.X range, the 10.0.X one, and I think the 127.0.X one. > So if to begin with, with the default configurations for both the LAN > IP/DHCP stuff and the OpenVPN server stuff, and them having specified > two different ones of these ranges, why would there be a conflict ? How > could have changing LAN IP from .1 to .35 fixed it ? > > The battle now will be getting the router VPN server and router VPN > client to work at the same time. When I had it set up before - setting > up a router as VPN client is a lot more complicated, strangely, since > it's more typically done by nothing more than downloading the VPN > provider's app and typing your username and password. But I used a .ovpn > file generator from my VPN provider privateinternetaccess.com, and I > could have one or the other working, but not both at the same time, like > you're supposed to be able to. If I was connected to the VPN server, as > soon as I turned on the router as a VPN client, the VPN server > connection would drop its connections. > > So I think these are "subnets". I think it had something to do with > something called "subnets" the whole time. Someone could have told me a > bit more than "use a VPN", most people think of a VPN of what is > actually using a device that is a VPN -client-, not connecting through > your own home network by setting up a home network VPN -server- to > connect to.
Glad to hear you have it working. It is very difficult to write a guide for this as it depends on the router (VPN server) you are using and the network subnet that you use. I could easily write a guide for using my particular router but it would be useless for someone with adifferent router. An important note about subnets. If your internal network is 192.168.1.x - which is very common on domestic routers - and you were trying to connect from somewhere external that also used 192.168.1.x as their network then your VPN simply won't work as the external router at wherever you are will think that your connection to LMS at say 192.168.1.200 or whatever is local and on the network there. To avoid this consider changing your entire internal networking to use something a bit different from the "norm" for example 192.168.55.x - you can use anything up to 192.168.254.x - 254 is the highest you can go. I'd suggest you have a bit of a google about network IP ranges. As you said there are 3 ranges reserved for private use but keeping to the 192.168.x.x as the example there is another critical piece of info - the netmask. In a domestic environment the netmask is usually 255.255.255.0. Coupled with 192.168.1.x as your network this means that 254 clients can use the network at the same time each with 192.168.1.x as their allocated IP up to 254. If however the network was changed to 192.168.0.x and netmask was changed to 255.255.0.0 the range becomes 65534 clients. i.e 192.168.0.x = 254 192.168.1.x = 254 192.168.2.x = 254 upto 192.168.254.x = 254 a machine on your network with an IP of 192.168.0.1 would be able to see and route to all 65534 clients on all of the subnets NOTE I'm not advocating that you change the netmask as this would almost certainly mean that your VPN wouldn't work anywhere that used a 192.168.x.x network. I'm just trying to explain its purpose. The three RFC approved private network types are 192.168.x.x / 255.255.0.0 - maximum 65534 clients 172.16.x.x / 255.240.0.0 - 1048574 clients 10.x.x.x / 255.0.0.0 - 16777214 clients This explains a bit more - https://community.mellanox.com/s/article/ip-address-allocation-for-private-networks VB2.4[/B] STORAGE *QNAP TS419P (NFS) [B]Living Room* - Joggler & SB3 -> Onkyo TS606 -> Celestion F20s *Office* - Pi3+Sreen -> Sony TAFE320 -> Celestion F10s / Pi2+DAC & SB3 -> Onkyo CRN755 -> Wharfedale Modus Cubes *Dining Room* -> SB Boom *Kitchen* -> UE Radio (upgraded to SB Radio) *Bedroom (Bedside)* - Pi2+DAC ->ToppingTP21 ->AKG Headphones *Bedroom (TV)* - SB Touch ->Sherwood AVR ->Mordaunt Short M10s Everything controlled by iPeng ------------------------------------------------------------------------ d6jg's Profile: http://forums.slimdevices.com/member.php?userid=44051 View this thread: http://forums.slimdevices.com/showthread.php?t=111300 _______________________________________________ Squeezecenter mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/squeezecenter
