Настройка openvpn сервера на роутере asus

[VPN] Как настроить VPN сервер на роутере Asus — OpenVPN


  • Что такое VPN?
  • Создание OpenVPN Сервера
  • Экспорт настроек OpenVPN
  • FAQ

Что такое VPN?

Виртуальная частная сеть: Виртуальные частные сети шифруют Ваше сетевое соединение, обеспечивая безопасную передачу важной информации и предотвращая ее кражу. Позволяет удаленным потребителям (VPN-клиентам) безопасно подключаться к VPN-серверам.

VPN имеет множество способов подключения, в этой статье информация о настройках OpenVPN сервера в  маршрутизаторах Asus,  для выполнения настроек, связанных с другими типами поддерживаемых серверов (PPTP VPN, IPSec VPN) настройки можно найти в следующих связанных часто задаваемых вопросах. Рекомендации могут быть выбраны в зависимости от типа VPN, поддерживаемого Вашим устройством.

Для настройки PPTP VPN сервера, пожалуйста,oбратитесь к https://www.asus.com/ru/support/FAQ/114892

Для настройки IPSec VPN сервера, пожалуйста, обратитесь к  https://www.asus.com/support/FAQ/1044190

VPN-серверы, поддерживаемые беспроводными маршрутизаторами ASUS, различаются в зависимости от модели. Рекомендуется обратиться к руководству пользователя продукта или странице технических характеристик продукта, чтобы подтвердить, что Ваш маршрутизатор поддерживает данный функционал.

Пожалуйста следуйте следующим шагам для создания своего OpenVPN сервера:

Шаг 1.  Пожалуйста, подключите свой компьютер или устройство к маршрутизатору, запустите веб-браузер и введите http://router.asus.com, чтобы войти на страницу входа в маршрутизатор.(Графический веб интерфейс, GUI)

Примечание: воспользуйтесь ссылкой, чтобы узнать больше о том, как войти в интерфейс.

Шаг 2. Введите свое имя пользователя и пароль для входа на страницу входа, а затем нажмите [Войти].

Примечание: Если Вы забыли Имя пользователя и пароль, пожалуйста, сбросьте настройки роутера по умолчанию. Пожалуйста, обратитесь к Как сбросить настройки роутера по умолчанию? 

Шаг 3. Откройте настройки [VPN] > [VPN Server] > [OpenVPN], Включите OpenVPN сервер — положение [ON].

Шаг4. Основные настройки

        a. Подробнее о VPN: По умолчанию как [Основные].

        b. Порт сервера: Укажите порт соединения. Текущий порт по умолчанию 1194 определяется IANA номерами портов для OpenVPN.

        c. RSA Encryption: По умолчанию как [1024 bit].

        d. Клиент будет использовать VPN для доступа: По умолчанию [Только локальная сеть]. Когда VPN-клиент подключается к VPN-серверу, он может получить доступ только к локальной сети за VPN-сервером.

 [Интернет и локальная сеть]: Когда клиент подключается к VPN-серверу, он может одновременно получить доступ к локальной сети за VPN-сервером, а также может получить доступ к Интернету через VPN-сервер.


Шаг 5. Введите Ваши имя пользователя и пароль и щелкните по  кнопке чтобы создать новую учетную запись для Вашего сервера OpenVPN.


Шаг 6. Пароль будет автоматически скрыт, щелкните [Применить], чтобы сохранить настройки OpenVPN. 


Экспорт файла настроек OpenVPN

Потребуется несколько минут, чтобы инициализировать настройки сервера OpenVPN и сгенерировать файл конфигурации openv. После этого, пожалуйста, нажмите кнопку [Экспорт], чтобы сохранить файл конфигурации ovpn с именем «client.ovpn».

Теперь Вы завершаете настройку OpenVPN на стороне сервера. Пожалуйста, перейдите на сторону клиента, чтобы установить клиентское соединение OpenVPN.

Для получения информации о настройках VPN-клиента ASUS Router, пожалуйста, обратитесь к

[VPN] Как настроить VPN клиент в роутерах ASUS (Web GUI)? 



1: Сколько клиентов может подключиться?

OPEN VPN может поддерживать более 10 клиентских подключений, но стабильность зависит от пропускной способности маршрутизатора.

2. Как сохранить файл настроек OpenVPN сервера?

Когда Вы хотите восстановить или заменить маршрутизатор, Вы можете сохранить исходную сертификацию сервера OpenVPN через Экспорт текущей сертификации и импортировать ее на новый маршрутизатор.


3. Где Дополнительные настройки OpenVPN?

Мы предоставляем более продвинутые настройки для OpenVPN. При необходимости, пожалуйста, перейдите к [VPN Details] >[Advanced Settings] для настройки.


4. Как изменить ключи и сертификат сервера OpenVPN?

   Откройте страницу [VPN Details] >[Advanced Settings


Щелкните по [Content modification of Keys & Certificate].


Измените содержимое и щелкните кнопку [Сохранить] для сохранения настроек. 


Нажмите кнопку [Применить] для сохранения настроек OpenVPN. 


Как скачать (Утилиты / ПО)?

Вы можете загрузить последние версии драйверов, программного обеспечения, микропрограмм и руководств пользователя в Центре загрузок ASUS.

Узнать больше о Центре загрузок ASUS можно по ссылке.

  • IT
  • Техника
  • Cancel

VPN — VPN сервер (общие)
Enable VPN Server — On
Server mode — openvpn

В таблице внизу страницы создать пользователя и пароль.
Экспортировать профиль. Это делается в том же разделе, ниже пункта Server mode есть кнопка Export.

openvpn-клиент — сайт openvpn.net. Раздел Download — Community downloads — installer для Windows (на момент написания заметки версия 2.4.4, которая не работает с Windows XP)
Запустить OpenVPN GUI, в трее щелкнуть правой кнопкой по ярлыку, выбрать «импорт конфигурации», найти профиль (файл с раширением .ovpn).
После импорта в контекстном меню иконки в трее выбрать «Подключить».
Ввести логин и пароль пользователя, созданного на маршрутизаторе.

Если при подключении openvpn-клиента в логе появляется сообщение об ошибке «TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small», то необходимо сделать на маршрутизаторе новый профиль, но с использованием DH-key длиной 2048 бит.

Для этого можно использовать утилиту openssl for windows (на сайте раздел Download — Binaries Zip)

Извечь файлы из архива и сгенерировать ключ (это может занять продолжительное время)
cd C:\Path_to_openssl_folder\openssl-0.9.8h-1-bin\bin\
openssl dhparam -out dh.pem 2048

Обсуждение этого вопроса есть по ссылке:

Далее нужно установить этот ключ на роутер.
Подробные инструкции по ссылке:

Делается это в меню VPN — VPN сервер (расширенные настройки)
Напротив пункта Authorization mode, перейти по ссылке «Content modification of Keys & Certification».
Скопировать содержимое файла «dh.pem 2048» и заменить текущее значение в разделе «Diffie Hellman parameters»
Нажать «Применить» и сохранить настройки
Еще раз экспортировать профиль и импортировать его в vpn-клиенте.

Остальные настройки должны выглядеть примерно так:

Другие ошибки/предупреждения при подключении openvpn-клиента:
«WARNING: —ns-cert-type is DEPRECATED.  Use —remote-cert-tls instead»
Внутри профиля можно сделать указанные изменения обычным текстовым редактором.

В последних версиях прошивки от Merlin для роутеров ASUS, пул адресов для vpn-клиентов, описываемый в настройке «VPN Subnet/Netmask», не может совпадать с пулом адресов, выдаваемых в домашней сети. Т.е., если для внутренней домашней сети используется, то для vpn-клиентов нужно выдавать другой диапазон, например, При этом на vpn-клиенте автоматически будет прописан маршрут на домашнюю сеть и доступ получить можно будет (если установлена настройка «Предоставить локальную сеть клиентам») 


Many routers now come with an integrated OpenVPN server to provide secure remote access to both router storage and LAN devices. We haven’t been testing VPN performance in our reviews because, frankly, I dread messing with VPN. I usually get it working eventually, but typically burn a day in the trial-and-error process that is inevitably required.

So in the interest of saving you a day, I am doing a few articles that present both VPN performance test results and step-by-step setup instructions for getting a working OpenVPN tunnel between a Windows client and the router. This tunnel will support connection both to the router’s shared storage and to client devices on the router LAN.

Since ASUS was the first to integrate OpenVPN, I’ll start with them.


My test setup used Win 7 and Win 8.1 computers.

  • Windows 7: Lenovo X220i (Intel Core i3-2310M @ 2.1 GHz, 2 GB RAM) running Win 7 Home Premium SP1 64 bit
  • Windows 8.1: Acer AspireS7 (Intel Core i5-4200U @ 2.3 GHz, 8 GB RAM) running Win 8.1 64 bit

To eliminate internet connection variation, I used the test setup shown below. Note that the two computers are on different private subnets.

OpenVPN test setup

OpenVPN test setup


1) Check your shares
Before you start messing with VPN, you first need to check that your OS sharing permissions are properly set so that shares can be reached among LAN machines on both networks. This sometimes is tricky when mixing Win 7 and 8 devices.

I don’t use Windows Homegroups, don’t use password protected sharing and don’t use Guest accounts. So in Win 8, disabling password protected sharing (Network and Sharing Center > Advanced Sharing Settings > All Networks) and adding access for Everyone in the share’s security properties usually does the trick.

2) Configure your firewall
OS and anti-virus suite application firewalls are another thing that can mess you up. If you run one, you’ve probably already figured out the settings to not block file sharing traffic. Buf if you have any problems pinging a share across the VPN tunnel, temporarily disable the firewall to see if that’s the problem.

3) Install the OpenVPN client
ASUS provides links for downloading Windows, MacOS, iOS and Android OpenVPN clients on the VPN Server tab as shown below. Each link takes you to an ASUS FAQ page that includes a downlink link for the proper app and instructions for installing and configuring it.

ASUS VPN Server tab

ASUS VPN Server tab
  • The Windows FAQ links to the OpenVPN downloads page that has only Windows clients.
  • The MacOS FAQ links to the Tunnelblick installer for Mac OS X.
  • The iPhone (iOS) FAQ tells you to search the App Store, which should turn up this OpenVPN Connect app.
  • The Android FAQ tells you to search Google Play, which should turn up this OpenVPN Connect app.

This OpenVPN FAQ provides a pretty accurate description of the Windows installation process. Don’t bother to launch the app after you install it. It won’t do much until you install an OpenVPN config file.

4) Create User(s)
Create users on the VPN Server General settings page in the Username and Password section as shown below. Please use a stronger password than the one I used. Your connection security depends on it! Be sure to Apply the settings.

ASUS VPN Create user

ASUS VPN Create user

5) Generate the OpenVPN config file
OpenVPN clients won’t do anything without a config file. You can find sample files in the «[program files path]\OpenVPN\sample-config folder on the system you installed the client on, where [program files path] is the path to the Program Files or Program Files (x86) folders for 64 bit and 32 bit apps, respectively.

The sample client.opvn and sample.ovpn files are well commented and useful for advanced users. But it’s much easier to click the Export button on the VPN Server page to generate and save a config that should get you up and running quickly.

Changing the selector on this page to Advanced Settings exposes the detailed settings used to configure the server and generate the client .opvn config file.

VPN Server Advanced Settings - Basic config

VPN Server Advanced Settings – Basic config

All the defaults work and will enable you to reach the router’s shared storage and shares on devices connected to the router LAN. They will not, however, allow network browsing from the remote client. So you’ll have to use \\ipaddress_of _device to reach shares and set up mapped drives for easy access.

VPN Server Advanced Settings - Basic config

VPN Server Advanced Settings – Basic config

If you simply must have network browsing, switching to TAP interface type will do it. But note this is a bridged connection and could cause problems.

Pay attention to the warning shown below that may appear on the VPN Server page. Most people will need to use a dynamic DNS service to reach their router due to the changing IP addresses issued by most ISPs. If you are going to use DDNS, set it up before you export the OpenVPN config file. Otherwise, the router’s WAN IP address will be used. In my case, the WAN IP was fine because I was testing on a private LAN.

VPN Server Advanced Settings - Basic config

VPN Server Advanced Settings – Basic config

If you make any changes to these settings, you need to Apply them first, then Export a new config file.

6) Install the config file
Find the client.opvn file generated by clicking the Export button in Step 5 and copy / move it to the «[program files path]\OpenVPN\config folder, where [program file path] is the path to the Program Files or Program Files (x86) folders for 64 bit and 32 bit apps, respectively. If your client needs to connect to more than one VPN server, you’ll need to generate a config file for each one and give them different names.

7) Start the OpenVPN client
Find the OpenVPN client shortcut created by the installer. Right click on it and select Run as administrator. At this point, this How to connect to a VPN Server with the Desktop Client FAQ screwed me up for awhile. I kept expecting to see the window below shown in the FAQ.

OpenVPN client window you won't see

OpenVPN client window you won’t see

The ASUS FAQ provides a more accurate description of what to expect. The only thing you should see is the OpenVPN client icon in the System Notification Area (tray).

OpenVPN client running

OpenVPN client running

8) Connect
Right-clicking on the OpenVPN icon pops up the config(s), each of which expands into a submenu shown below. Select Connect.

OpenVPN client config selected

OpenVPN client config selected

You’ll be prompted for the username and password you set up in the router.

OpenVPN client - user authentication

OpenVPN client – user authentication

After you enter the credentials, the connection will complete…

OpenVPN client - connecting

OpenVPN client – connecting

…and when it’s done you’ll see a confirmation.

OpenVPN client - connected

OpenVPN client – connected

9) Test the tunnel
We’ll use ping to check that everything is running ok. First, try pinging the OpenVPN router LAN IP address (the default is It should respond. Next try to ping the IP address of a LAN machine. In my test case, the Win 8.1 LAN computer was at The screenshot below shows that the OpenVPN configuration provided connection to LAN clients.

OpenVPN tunnel test passed

OpenVPN tunnel test passed

10) Use the tunnel
At this point, you are up and running! Remember that network browsing isn’t supported. So you must reach LAN devices by IP address, not hostnames. If you’re just accessing shared files, mapped drives are your friend.


I had three ASUS routers handy for testing. My go-to IxChariot performance test tool would not work through the OpenVPN tunnel. So I had to resort to drag-and-dropping a >1 GB Windows backup .bkf file for testing. Drag-and-drops were initiated from the remote (WAN side) machine to ensure that traffic flowed through the tunnel.

Router CPU Firmware Remote > Server Server > Remote
ASUS RT-N66U Broadcom BCM4706
single core, 600 MHz 1.6 1.6
ASUS RT-AC68U Broadcom BCM4708
dual core, 800 MHz 4.1 3.8
ASUS RT-AC87U Broadcom BCM4709
dual core, 1 GHz 5.5 5.0
Table 1: File copy throughput – OpenVPN tunnel (MBytes/sec)

There’s a big difference in stepping up from the single-core BCM4706 to the dual-core BCM4708. But not as large a jump between the 4708 and 4709.

Closing Thoughts

I hope the step-by-step saves you the hassles that I ran into in getting OpenVPN working on ASUS. If you find an error, please let me know so that I can correct it.

Next time, OpenVPN on NETGEAR.

Discuss this in the Forums

Enabling the OpenVPN Server on your router will allow you to access resources hosted on your home network securely from remote locations.  It will also provide you with a free VPN connection to your home network for use when on public Wi-Fi.  Or, perhaps you are the go-to IT support person for your extended family.  Installing OpenVPN on the router will allow to connect securely from wherever you are to perform system maintenance and technical support.

In this article, I’ll show you how to configure:

  • Two free services that are required if your Internet Service Provider provides you with a dynamic WAN IP address
  • OpenVPN Server on Asuswrt-Merlin 384.4
  • OpenVPN Client software on Windows, Android, iOS and Mac OSx operating systems


DDNS is the acronym for Dynamic Domain Name System.  If your Internet Service Provider (ISP) assigns you a dynamic WAN IP address, you need to use a DDNS service.  I use the free DNS-O-Matic service, owned by OpenDNS, to perform this function.  I prefer DNS-O-Matic as it will update other services I use with the WAN IP address of my home network whenever it changes. Others provide a similar service.  Select the one that works best for you.

In a web browser, go to the DNS-O-Matic web site and select the create a free DNS-O-Matic link to create your account

Create a Username and Password, enter your email address and select a country from the drop down list.  Select Create account when finished.   Check your inbox for the confirmation email from DNS-O-Matic.  Select the link to confirm your sign-up request.

On your web browser, manually key in the wireless router’s default IP address or enter http://router.asus.com.

Navigate to WAN > DDNS.

Enable the DDNS Client: Yes

Configure DNS-O-Matic using the example above.  Validate that DDNS is working by navigating to Network Map.  If there is an issue, a yellow explanation mark will appear next to the DDNS field in the Internet Status box.

Free DNS Hosting

The next step is to select a DNS hostname service and sign up for an account.  The hostname service will give you the ability to create a hostname that will store your WAN IP address.  I use the free hostname service yDNS.

Open up a new browser tab and navigate to yDNS.

Select the Get Started button to create an account.  You also have the option to login using your Google email, Facebook or GitHub account.

Once logged in, select the + sign and select the Add Host option.

Select the Domain field and select the Domain name you prefer to use from the drop-down list.

Enter the Name you prefer to use and select Add Host to create the domain name. A web page showing the hostname will now appear.  Select and copy the hostname you created.

Go back to DNS-O-Matic browser tab.

Select yDNS from the drop-down list.  Paste the hostname in the Domain field.

Return to the yDNS browser tab.

Navigate to the Account > Preferences to obtain the API username and password to finish configuring DNS-O-MATIC.

Select the API tab.

Select and copy the yDNS Username.

On your browser, switch to the DNS-O-Matic tab.

Paste the yDNS Username into the API Username field.

In the browser, switch to the yDNS tab.

Select and copy the Password.

On your browser, switch to the DNS-O-Matic tab.

Paste the Password into the API Password field.

Select and copy the yDNS Username.

On your browser, switch to the DNS-O-Matic tab.

Paste the Password into the API Password field.

Select Update account info.

The WAN IP address should will now appear in the Status column.

Return to the yDNS tab.  The hostname should display the WAN IP address if the update process is working properly.

If you have issues, review the previous steps.

Configure the OpenVPN Server

On the Asus router, navigate to VPN > VPN Server.

Server Instance: Server 1

Enable OpenVPN Server: ON

VPN Details: Advanced Settings

I recommend you use most of the defaults.  However, I prefer to change Direct clients to redirect Internet traffic to No.  More on this below.  Change Compression from LZ0 to LZ4 as LZ0 is deprecated in OpenVPN 2.4 and will be removed in OpenVPN 2.5.  LZ4 generally provides the best performance with the least CPU usage.  I have been unable to make the connection work properly when setting Compression to None or Disabled.

Following are the field definitions:

Interface Type
TUN is the preferred method because it works on Windows, iOS, Android and Linux operating systems.  TAP cannot be used on Android or iOS operating systems.  You can read more about the benefits and drawbacks of TUN and TAP on the OpenVPN Wiki.

UDP provides data integrity via a checksum but does not guarantee delivery.  TCP provides both data integrity and delivery guarantee by retransmitting until the receiver acknowledges the reception of the packet.  Select UDP for best performance.

Push LAN to clients
Allows you to access LAN resources via the OpenVPN tunnel.

Direct clients to redirect Internet Traffic
If the Direct clients to redirect Internet Traffic feature is disabled, the remote OpenVPN client will use their existing WAN connection for all Internet traffic and only use the OpenVPN Server when trying to access a resource on the home network.

If the Direct clients to redirect internet traffic feature is enabled, all remote OpenVPN client traffic will first go via the LAN on the OpenVPN Server and back to the Internet.  When you are in coffee shop, this option will route ALL internet traffic to your home router and from there to the internet.  In other words, ALL internet traffic will go through the secure tunnel from the coffee shop to the home network.

Respond to DNS
Enable these settings so that OpenVPN Clients will use the DNS of the VPN server.  When you type an address in your browser, the DNS of your home router is used to perform domain name resolution and not the DNS of the coffee shop network.

Advertise DNS to clients
Instructs the OpenVPN clients to use the router’s LAN IP address as their DNS server

You can further customize the VPN server by changing the encryption cipher and server port from their default values.  The default negotiable ciphers are sufficient encryption for maintaining a proper security when connecting to your Server.

Select Export to download the OpenVPN configuration file.

OpenVPN Client

In this section, I will show you how to install the OpenVPN client on Windows, Android, iOS and Mac OSx platforms.


Download the OpenVPN client from the OpenVPN download page

Double click on the file to install the OpenVPN software.  The default location is “C:\Program Files\OpenVPN”.

In Widows Explorer, open the “C:\Program Files\OpenVPN\config” folder.

Open another Windows Explorer session.  Navigate to the Download folder.  Copy the client.ovpn file exported from the OpenVPN server to “C:\Program Files\OpenVPN\config” folder.

Open up the file in a text editor.

Update the remote line (4th line in the file).  Replace the IP address with the yDNS hostname.  Save the file.

Right click the OpenVPN icon on the desktop and click Run as administrator.

The OpenVPN GUI will appear on the windows task bar.

Right click the OpenVPN icon.  Select the OpenVPN Configuration file you saved and click Connect.

Enter Username and Password for authentication and select connect.

A confirmation screen will appear if you connect successfully.


Use the Google Play Store to download the OpenVPN app and install it on your device.

Tether your Android device to your computer.  Open Windows Explorer and navigate to the SD card.  Create a directory called OpenVPNConfigs.  Select and copy the client1.ovpn file from your computer to your Android device.  I recommend that you rename the file to a name that is more descriptive (e.g. HomeNetwork) if you have more than one location you need to connect to.

Start the OpenVPN app.  Select the OVPN Profile option.

Select the  icon at the bottom right hand corner to add a new OVPN Profile.

Navigate to the OpenVPNConfigs folder.  Select the HomeNetwork.ovpn profile from the SD card.  A check mark will appear next to the profile.  Select IMPORT from the upper right hand corner.

Edit the profile title if necessary.  Enter the Username.  Check the Save password box and enter the Password.  Select Done when finished on the keyboard.  Select ADD from the upper right hand corner.

5.2.7         Press the toggle button establish the connection.

5.2.8         Select OK to grant permission.


You should now have a connection established to the OpenVPN server.


Download OpenVPN app from the Apple itunes store onto your iPad or iphone.

Next, connect your iPad to iTunes on your computer.

5.3.3         Click the iPad icon

Select File Sharing.

Select the OpenVPN App.  Select Add File… at the bottom of the OpenVPN Documents box.

Locate the folder of the OpenVPN config file. Click Open.

On your iPad, you will now see the Profile.  Select the green + icon to import the profile.

Select the profile.  Enter your User ID and Password.  Select the Save toggle button to save the User ID and Password.  Toggle the Connection button to establish the connection.

Mac OSx

Tunnelblick is a popular free OpenVPN software for OS X and macOS.

Download the Tunnelblick file to your Mac.

Use Finder to locate the file.  Double-click on the file name.  A Tunnelblick box will appear.

Double-click the Tunnelblick icon.

Select Open.  Enter your Mac OSx Username and Password to confirm the installation.  Wait for the installation to complete.

In Finder, select Applications.  Locate the Tunnelblick application and double-click.

Select the + sign in the bottom left hand corner of the Configuration panel.  A pop-up will appear with instructions.  Acknowledge by pressing the OK button.

In Finder, select the OpenVPN configuration file.  Drag and drop the configuration file to the Tunnelblick Configurations pane.

To connect, highlight the file and select Connect.  Enter the Username and Password when prompted.

