ASUS Router – VPN with Android phone

rcragun

3 years ago

I have a specific use scenario where I need to be on my home network to control a device but may want to control that device when I’m not home. After considering several options, I realized that my newly purchased ASUS router – ASUS AX6000/RT-AX88U – has the ability to create a VPN. Rather than pay extra for an additional service, I thought I’d try the built-in VPN option to see if I could get it to work. It took a little doing, especially since ASUS’s directions were vague, but I got it working. Here’s how…

Setting Up Your Router

First, note that I’m doing this on Firmware Version: 3.0.0.4.386_42820. This may change over time.

First, log in to the router and navigate to Advanced Settings where it says VPN:

In that tab, you’ll see three buttons. I ended up getting it to work with OpenVPN (I tried the other two to no avail). Click on OpenVPN and select the button to turn it on and you’ll see this:

I set my port to 1025. Remember what port you select as you’ll need that in the optional section below. If you’ll be connecting from outside your local network (which, obviously, you are), select “Internet and local network.” Finally, at the bottom, create a username and password that you’ll use to connect.

Once you’ve done all of that, hit “Apply.”

Now, where it says “Export OpenVPN configuration file,” click “Export” and you’ll get an “.ovpn” file. You can open that file with a text editor and you’ll see content like this:

remote 192.168.1.23 1025
float
nobind
proto udp
....
------BEGIN CERTIFICATE----
[lots of letters and numbers]
------END CERTIFICATE-----

If your router is connected directly to the internet, you can move on to the section below where you set up your phone. However, I recommend you continue reading as you may need the directions that follow.

In my case, my server is behind my ISP’s gateway, so it isn’t connected directly to the internet. What that means for me is that I have to forward a port from my ISP’s gateway to my ASUS router – port 1025. Log in to your ISP gateway. Mine is an Arris NVG468MQ Gateway. I have to select Firewall -> Port Forwarding to get to where I need to open a port to my ASUS router. Here’s what I added to forward my port to my router: I selected my device from the drop-down list (it’s the only device connected to my gateway, which makes it an easy choice), named this “VPN”, then selected TCP/UDP (technically, you only need UDP for this), then put in the port: 1025. Once that’s done, select “Add.”

Once it’s added, you’ll get this line in your forwarded ports:

If your ASUS router is set up like mine, behind a gateway, the IP address in your OVPN file is wrong. You’ll need to set it to your external-facing (a.k.a. WAN IP) IP address. You can find that in the settings of your Gateway. Or use a website (Google: “What’s my IP”). However, an even better approach is to set up a DNS service either on your router or on a computer on your home network that keeps track of your WAN IP. I use entryDNS with my fileserver. As a result, I have a DNS address that is always current that I used in my OVPN file. Swap out the IP address that was in that OVPN file for either your WAN IP or your DNS address. Here’s how my OVPN file looks now with a fake DNS address (that’s not actually my DNS address)…

remote ryananddebi.randomdns.org 1025
float
nobind
proto udp
....
------BEGIN CERTIFICATE----
[lots of letters and numbers]
------END CERTIFICATE-----

With your port forwarded to your ASUS router and the correct external IP address in the OVPN file, you can now move on to setting up your phone.

Setting Up Your Phone

I installed the OpenVPN app from the Google Play Store on my Pixel 4a:

I then emailed myself the OVPN file, opened that email on my phone, and downloaded the file to my downloads. In the OpenVPN app, click on the + to add a new profile. Find the OVPN file you downloaded: