Quick links

 

email me:

Compuserve
or
WSU

Last update: 1-1-14

VPN Tutorial for Newbies

Installing BolehVPN on the ASUS RT-N66U Router

with Merlin Firmware


By Don DeGracia, Jan 01, 2014

dondeg@compuserve.com

www.dondeg.com


STEP 2: PROGRAM THE OPENVPN CLIENT

Okay, so this is where you really need step by step instructions. Whether you have Merlin, dd-wrt or Tomato, the first thing to do is determine if your VPN company has step by step instructions for programming the VPN client in your firmware. I saw several examples of companies that provide this information. BolehVPN just released, as of Dec. 2013,instructions for programming Merlin.

To install OpenVPN instructions on your router you will need the OpenVPN certificates and key files and *.opvn files that contain connection instructions. These should be supplied by your VPN company and there should be someplace you can download these from your VPN company. You will need these to program the router. REMEMBER, this tutorial assumes you have chosen a VPN company that allows OpenVPN connections.

For BolehVPN, the instructions to program the router are:

  1. From the BolehVPN web site, download the zip file containing the keys/certificates and *.ovpn connection files. Unzip to a folder on your desktop.
  2. Log into the Merlin interface at 192.168.1.1.
  3. Go to Advanced Settings on the left, and click on “VPN”.
  4. Click on the “OpenVPN Client” tab.
  5. You can set up TWO different VPN log on set ups by choosing either “Client 1” or “Client 2”  in “Select Client Instance”. Set either Client 1 or Client 2.
  6. In the “Import ovpn file”, hit “Browse” and select the *.ovpn file that has the connection you wish to use.
  7. Click the “Upload” button.
  8. Many of the subsequent boxes will automatically fill once you upload the *.opvn file. But to be safe, check that the settings are the following:
    1. “Start with WAN” = no
    2. “Interface Type” = TUN
    3. “Protocol” = UDP
    4. “Server Address and Port” = should display IP address to which you will connect, and the port should be 443 (which is specific for the VPN company I use, yours might be different).
    5. “Firewall” = automatic
    6. “Authorization Mode” = TSL
    7. “Username/Password Authentication” = No
    8. “Extra HMAC Authorization” = Outgoing (1)
    9. “Create NAT on tunnel” = Yes
  9. In the “Authorization Mode” (which is set to TSL) click on “Content modification of Keys & Certificates”.  This will open a new floating window with three boxes.  You upload keys and certificates into these boxes as follows:
  10. Certificate Authority is the file named ca.crt
  11. Client Certificate is the file named ‘your-­‐username.crt’ (replace with your actual  username)
  12. Client Key is the file named ‘your-­‐username.key’ (replace with your actual username)

IMPORTANT: For each of the files named above, you will need to open the file with a text editor AND COPY/PASTE ONLY the part that starts with

-----Begin xxx ----
to
-----End  xxx ----

  1. After copying and pasting all 3, click “Save” and return to previous screen.
  2. In “Authentication Mode” drop box choose “Static Key”
  3. Again, click on “Content modification of Keys & Certificates”.
  4. This now opens another floating window with just one box. COPY/PASTE ta.key as per the same format above.
  5. Click “Save” and return to previous screen.
  6. Go back to the “Authentication Mode” drop box and reset it to “TSL”.
  7. Under “Advanced Settings” make sure they are set as:
    1. “Poll Interval” = 0
    2. “Redirect Internet traffic” = Yes
    3. “Accept DNS Configuration” = Exclusive
    4. “Encryption cipher” = AES-128-CBC
    5. “Compression” = Disabled
    6. “TLS renegotiation Time” = -1
    7. “Connection Retry” = -1
    8. “Verify Server Certificate” = No
  8. In the “Custom Configuration” box, do NOT make any changes.
  9. Click “Apply” at the bottom of the screen to save changes.
  10. At the top of the screen click “ON” to start the VPN.

A couple notes about the above:

  1. You can program two separate *.opvn set ups in Client 1 and Client 2 (step 5 above).  You will need to repeat all the steps above if you program into Client 2.
  2. Under Step 8d above, you can manually change the IP address to connect to a different IP address for the VPN.  If all the settings in two *.ovpn files are the same, then all you need to do is change the IP address in the “Server Address and Port” box, and hit “Apply”.  If you do this, you should turn the VPN client OFF first.

BINGO! You are now connected to BolehVPN through your router! All the connections on your local area network (LAN), including wireless connections, will be going through the VPN at this point.

Go to STEP 3: Program which devices go through the VPN