Skip to content

Author: Robin

EdgeRouter OpenVPN Setup

In this post, I will help you through configuring an OpenVPN connection. I have found out that could not find a good configuration guide that configures everything I wanted in one post. I had to use 4-6 different websites to configure my OpenVPN on the EdgeRouter.. so i’ve decided to create a guide myself.

So about VPN.. In short, what is a VPN? You can think of a VPN connection like encrypted tunnels used to connect computers on different networks over the internet. VPNs can be used to provide yourself with a secure connection when using the internet on a public network, like a public wifi hotspot. They are also being used a lot to create a secure, remote connection to your (work or home) local network.

I have chosen to use the OpenVPN protocol instead of other well known protocols like PPTP (older, more insecure, easily detacable and blockable) or L2TP/IPSec (easily detacable and blockable but available on most operating systems).
I like the OpenVPN protocol because it is easy to setup, open source, more secure than PPTP and can be used with port 443 (https) which makes it almost undetectable and shown as normal HTTPS traffic. The downside of OpenVPN is that it uses a third-party app instead of the built-in software from Windows or your phone.

Different types of VPN tunneling

When configuring the VPN, you will need to chose how you want to use it. You can chose to use a split-tunnel or a full-tunnel.

  • Split-tunnel allows you to access your local network resources but normal internet traffic is not going through the tunnel and is not encrypted
  • full-tunnel allows you to access your local network resources and your normal internet traffic is going through the tunnel and is encrypted. But you can probably cannot access local resources, unless you are already connected to them.

I have chosen to use the full tunnel, because I want secure internet access and access to my local resources. You can also add a route to your work network to access its resources through vpn. I haven’t tested that.

Click the READ MORE button to start going though the actual configuration

7 Comments

T-Mobile Thuis fiber with EdgeRouter X SFP (updated)

Update 10-2021: I have updated this post at the end since it is for (some) new customers possible to configure only VLAN300 for both internet and television. So a router with built-in switch is not required.

In my previous post I have shown you my configuration with T-Mobile Thuis fiber with the EdgeRouter Lite. I’ve told you there that I still had a few configuration issues with IPTV. I wasn’t able to create a working scenario without a few (annoying) workarounds.
So to create a better working setup I have chosen to replace the EdgeRoute Lite with the EdgeRouter X SFP. As the name already tells you, this router has an built-in SFP (fiber) port. This router is alo has switching capabilities and PoE (Power over Ethernet) to directly power my Ubiquiti Access Points.

My set-up

I have updated my set-up a bit since my last post. I have added the (two) Ubiquiti AP’s to the PoE ports on the EdgeRouter instead of the managed switch, so I can get rid of the PoE converters. The T-Mobile settopbox is directly attached to the EdgeRouter. I can also chose to attach these to the managed switch, so I can add more settopboxes than two. All my other ethernet devices are attached to the managed switches (like my Tradfri gateway, PS4, SmartTV, HTPC, etc.)
Both switches are configured to deliver VLAN300 (internet) and VLAN640 (IPTV). Between both switches is a trunk configured to transfer both VLAN’s.

The configuration of the EdgeRouter X SFP

Below here is a copy of my configuration with a few details like port mappings, IP assignments and passwords cleared.
In short, i have the following configuration:

  1. Configure ETH5/SFP as the WAN port;
  2. Create an internal switch for seperating traffic to VLAN300 (internet) and VLAN640 (IPTV) and VLAN1 for the internal network;
  3. Configure the PoE ports for the Access Points;
  4. Configure the internal switch and assign the ports on the router for internet, internal network or iptv;
  5. Configure default firewall rules, allow NAT, configure offloading, etc.

Click ‘read more’ to view the configuration details.

44 Comments

Changing a computers asset tag in the MDT database

My brother (Stefan van Bruggen) wrote this function for me. I will be using this function in my script(s) that I’m writing to allows my customers and co-workers to add and change various information without manually manipulating the MDT SQL database.

The script uses the MDTDB module created by Michael Niehaus (which can be foundĀ HERE). This module allows you to change a lot of information in the database except for the asset tag.

Add this to the MDTDB.psm1 to be able to change the asset tags and the other scripts, which I will post on here soon.

function Set-MDTComputerAssetTag {
 
    [CmdletBinding()]
    PARAM
    (
        [Parameter(ValueFromPipelineByPropertyName=$true, Mandatory=$true)] $id,
        [Parameter(ValueFromPipelineByPropertyName=$true)] $assetTag
    )
    
    Process
    {
        # Tell SQL which table to edit and what to look for
        $sql = "UPDATE ComputerIdentity 
        SET AssetTag = '$assetTag'
        WHERE ID = '$id'"
        Write-Verbose "About to execute command: $sql"
        $identityCmd = New-Object System.Data.SqlClient.SqlCommand($sql, $mdtSQLConnection)
        $identity = $identityCmd.ExecuteScalar()
        Write-Verbose "Added computer identity record"
 
        
        # Write the updated record back to the pipeline
        Get-MDTComputer -ID $id
    }
}

 

Leave a Comment