How to remotely control router with the ASUS Router app on iOS?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

toaruScar

Occasional Visitor
I don't physically live close to my routers. When I want to configure the router, I'll have to do it on the web GUI by accessing example.asuscomm.com. This is not the best experience on a cell phone due to its screen size.

I'd like to use the router app provided by ASUS to control my routers, but since my iPhone is on the WAN side of the router, it is not able to find the router.

I tried to connect to the OpenVPN server on the router, but the app still cannot discover the router. It seems to me that the discovery process is implemented using mDNS, and unfortunately the mDNS query, or UDP multicast packets, do not propagate beyond OpenVPN gateway running in tun mode.

So is there a way to tell the app to connect to the router reachable at, for example, example.asuscomm.com?

Or is it not possible to use the router app outside of the LAN in the first place?
 

eibgrad

Very Senior Member
I don't know the first thing about that app, but if it needs mDNS support (i.e., network discovery), you could configure a bridged (tap) tunnel w/ OpenVPN rather than a routed (tun) one. Then use an Andriod app that supports bridged tunnels.


Using a bridged OpenVPN client is as close as you can get to "being there" when it comes to your home network.
 

toaruScar

Occasional Visitor
I don't know the first thing about that app, but if it needs mDNS support (i.e., network discovery), you could configure a bridged (tap) tunnel w/ OpenVPN rather than a routed (tun) one. Then use an Andriod app that supports bridged tunnels.


Using a bridged OpenVPN client is as close as you can get to "being there" when it comes to your home network.
Unfortunately tap mode is not supported by iOS version of OpenVPN.
 

Saqr42

Occasional Visitor
If remote management is enabled in the Asus router settings, it surely can be managed from anywhere via the mobile app. (named ASUS Router in ios App store) and you don't have to connect to your ASUS network while at home ( no physical restriction ). I am currently monitoring my home network through the app. I don't know about the VPN mode of access.
 

toaruScar

Occasional Visitor
If remote management is enabled in the Asus router settings, it surely can be managed from anywhere via the mobile app.
I see, but first you have to be on the LAN side to somehow "pair" the app with the router, right?
 

bbunge

Very Senior Member
Enabling the remote access on the router is a security risk. I have remotely managed several routers for a long time with OpenVPN. The app even works over VPN. Make sure you use the Arne Schawbe OpenVPN client. It does work!
 

toaruScar

Occasional Visitor
Thanks for all the suggestions. I'll try to connect to the server using OpenVPN in tap mode on linux, since I don't own an Android device.

Then I'll bridge the OpenVPN interface with a wireless network, to which I'll connect my iPhone.

Hopefully this is allow the router app on iOS to discover my router.
 

bbunge

Very Senior Member
Thanks for all the suggestions. I'll try to connect to the server using OpenVPN in tap mode on linux, since I don't own an Android device.

Then I'll bridge the OpenVPN interface with a wireless network, to which I'll connect my iPhone.

Hopefully this is allow the router app on iOS to discover my router.
I use TUN on Linux. Have used a Debian distro and OpenVPN works well with it. Currently using Mint and Ubuntu 20.04 and just import the config from the Asus router.
 

JemTheWire

Senior Member
I have various iOS devices and can connect to my AX88U remotely via OpenVPN without an issue. In fact I regularly access my routers GUI this way.

I don't/won't use the ASUS app to connect as that requires WAN access to be enabled in the router and I consider that to be a high security risk.
 

Ola Malmstrom

Regular Contributor
I have the WAN access disabled on my 4 ASUS devices. I use an openvpn server on my AX88U to connect when working remotely. This works from my Android Phone using the app, from an iPad as well as from a PC to the standard GUI.

Wherever I am, I use my own local IP address behind the NAT to access my devices. The only caveat is that it will not work if the remote subnet is the same as the one I have at home.
 

LimJK

Senior Member
I have various iOS devices and can connect to my AX88U remotely via OpenVPN without an issue. In fact I regularly access my routers GUI this way.

I don't/won't use the ASUS app to connect as that requires WAN access to be enabled in the router and I consider that to be a high security risk.
JemTheWire,

Few days ago, I accidentally found that I am able to have Asus Router App 1.0.0.5.75 (iOS) works with OpenVPN Connect App 3.2.1 to securely access my Home Network from outside WITHOUT enabling WAN Access. It works in most scenarios for me, except my 4G Cellular Operator:(. Try it.

By the way if you are following the AiMesh 2.0 RC2 Beta thread, Asus is going to implement "Instant Guard" App to provide a One Click setup for IPSec VPN Server and IPSec VPN Client for Secure remote management using Asus Router App. See here to join the beta test from 12 October :)
 
Last edited:

JemTheWire

Senior Member
I am happy the way i have it now thanks. I have no interest in adding another ‘point of failure’.

I can do everything on my router that a can when I am at home on my home network. Plus it works over 3/4G.
Why would I want to change to a less secure way?
 

toaruScar

Occasional Visitor
I was able to get my app to discover the router by using OpenVPN in tap mode.
  1. Set the "Interface Type" to "TAP" on router's GUI page.
  2. Export the config file.
  3. On a virtual machine running ubuntu, use OpenVPN client to connect to the router:
    Code:
    openvpn --config /path/to/client.ovpn
    . After the connection is established, there should be a new TAP interface in ifconfig -a. It's ok if no IP is assigned to the TAP interface.
  4. Connect a wireless adapter to the VM, in my case, the Alfa AWUSO36NH, again, use ifconfig to record its interface name.
  5. Use hostapd to create a wireless hotspot.
    1. Create a config file with the following content:
      Code:
      interface=<YOUR-INTERFACE-NAME>
      driver=nl80211
      ssid=<YOUR-HOTSPOT-NAME>
      channel=7
      hw_mode=g
      wme_enabled=1
      macaddr_acl=0
      auth_algs=1
      ignore_broadcast_ssid=0
      wpa=3
      wpa_passphrase=<YOUR-PASSWORD>
      wpa_key_mgmt=WPA-PSK
      wpa_pairwise=TKIP
      rsn_pairwise=CCMP
    2. Run hostapd with the config file: hostapd /path/to/config/file
  6. Bridge the two interface
  7. Code:
    ip link add name br0 type bridge
    ip link set dev br0 up
    ip link set dev <TAP interface name> master br0
    ip link set dev <wireless interface name> master br0
  8. Now connect the iPhone to the WiFi with the name you specified in the config file for hostapd.
  9. If the iPhone did not get an IP address, just manually assigned an IP address in the same subnet, usually in 192.168.50.0/24, and specify the router's IP.
  10. Now open the Asus router app, it should now be able to discover the router.

This is for first time conntion only, after that the app will connect to the router even if the iPhone is on the WAN side of the router.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top