Open in app

Sign in

Write

Sign in

Accessing Cisco’s DevNet Sandbox with an ASUS router

Jeremy Worden
automate builders
Published in
3 min readJul 29, 2020

I wanted to share how I access Cisco’s DevNet sandbox with my home router. My setup allows me to use the various sandboxes as labs and VPN directly to it with my ASUS router. Anything behind my router can access the lab, including hardware phones.

Here is what you will need to accomplish a similar setup:

  • ASUS router that supports Asuswrt-Merlin firmware (I have a RT-AC5300)
  • USB flash drive/disk connected to your router
  • Cisco DevNet account
  • SSH access to router

After you have all the necessary pieces here’s how you configure the router to connect:

  • Turn on SSH on your router. You can enable this under Administration > System > Enable SSH. I would enable this for LAN Only at this stage.
  • Format USB flash drive as ext4 and connect to router. Your router should mount the drive.
  • Log into your router via ssh
  • Install amtm with the following command: curl -Os https://raw.githubusercontent.com/decoderman/amtm/master/amtm && sh amtm (amtm should load automatically)
  • Go to install scripts and install Entware
  • Once you have Entware installed, you can exit amtm. You can always come back to it by typing amtm at the command line.
  • Install OpenConnect with the following command: opkg install openconnect
  • Reboot your router
  • With your router back up you should be able to test connection to Sandbox with: openconnect devnetsandbox-us-sjc.cisco.com:<PORT> -b -u <USERNAME> --os=win
  • It should prompt you to accept the certificate and then for the password (Note: you may get an error regarding vpnc-script. We can ignore that for now)
  • Disconnect OpenConnect with the following command: pkill -SIGINT openconnect
  • Navigate to the following: cd /jffs/scripts/
  • Create a new file with the following command: nano enableDevNet.sh
  • Paste in the following:
#!/bin/bash
openconnect devnetsandbox-us-sjc.cisco.com:<PORT> -b -u <USERNAME> --os=win --script /jffs/scripts/vpnc-script < vpn.txt
sleep 10
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
  • Update permissions of newly created file: chmod 755 enableDevNet.sh
  • Create a new file with the following command: nano vpn.txt
  • Paste in the following:
yes
<DEVNET VPN PASSWORD>
  • Create a new file with the following command: nano vpnc-script
  • Paste in text from this link
  • Test new script with following command: sh enableDevNet.sh
  • Update dnsmasq with Option 150:
cd /jffs/config
nano dnsmasq.conf.add
  • Paste in the following:
dhcp-option=150,10.10.20.1
server=/abc.inc/10.10.20.100
  • Restart dnsmasq with the following: service restart_dnsmasq

And you should be good to go! IP Phones connected to your router should get an Option 150 in the DHCP request and reach the lab environment over the VPN.

Hope this helps someone and happy coding!

Devnet
Cisco
Collaboration
Asus Router
Open Connect

--

--

Jeremy Worden
automate builders

Written by Jeremy Worden

38 Followers
Editor for

Cisco UC engineer that codes on the side

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams