What's new

Asus Merlin FW378.56_2 Open VPN/Policy problem

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

SD Dude

Occasional Visitor
Ive got this on a AC3200.

I have CLIENT 5 set and WORKING (see pic attached... ) when I click SERVICE STATE ON, it connects, and makes EVERYTHING on my LAN work on the VPN....

But when I DUPLICATE All settings and put them into CLIENT 1 and I TURN ON REDIRECT INTERNET TRAFFIC and I click on POLICY rules, I NAME it, I put in my LOCAL IP Address in box 1, then in box 2 for DESTINATION IP, ive tried LEAVING IT BLANK and Ive tried putting in the EXIT SERVER for the VPN, doesnt work, also have tried changing it to for the IFACE to LAN and also tried VPN still get nothing,

Im using PIA (Privateinternetaccess.com) as you can see from the pics....

Id appreciate any nfo (I of course as I said can connect using CLIENT 5 (but that is NOT using a policy).. but when I DUPLICATE ALL and put it on CLIENT 1 and set it to POLICY I cant for the live of me get it to connect.

Any help would be MUCH MUCH Appreciated, thanks

download.jpg
 
Are you using a different VPN server and/or protocol in client 1 than the client 5? Then there's really no point enabling client 1 when you are already using the VPN for all your devices (through the client 5). Otherwise you're already trying to use a certain device on your network in client 1 to use the same VPN settings that's already being used in client 5 (which is having all of your devices in your network use the VPN tunnelling). You should use your client 1 to use a different VPN server and/or protocol if you want to use policy rules for certain devices.

For example, on my settings I'm using 2 different clients, each one has a policy rule but both are using different servers and protocol (ie client 1 is set to Toronto area and using the TCP protocol whereas client 2 is using a server in the states with UDP protocol.)

P.S. You're using the right settings for the policy rules (leaving destination IP blank and using lface as VPN).
 
Thanks for the reply ! Nope I wanna have like a few different policy's all on the SAME VPN Provider... ( like client 1 will be PIA (the VPN Provider)... all TCP... and it will connect to LondonUK, then I want client 2 VPN to be Southampton UK and (client and Client 1 & 2 will goto IPx.x.x.74 (my raspberry Pi for UK Tv channels), then Client 3 my Laptop (for which I use utorrent),will goto ip x.x.x.55 All of the 3 above will be for POLICY Based going to SPECIFIC IP's, then client 5 (which works) will send EVERYTHING through the VPN...(and not have "redirect internet traffic"...set to "NO") the others 1-2 will be set to POLICY BASED....

im baffeled why I cant get #1,2 or 3 using the SAME SETTINGS (Just a DIFFERENT *.OPENVPN file for those respective UK Servers.... ;( anyone suggestions ? :)
 
Last edited:
Just curious why you have 2 clients going to the same device for policy rule? Isn't that going to cause a routing conflict? You can use more than one or more device(s) for policy rule on a client but you don't need to use another client and use a policy rule to use the same device(s) you have used in a different client as well.
 
On the 1st TWO clients, they would NOT be BOTH active at the same time, its so I can go into the router and pick either / or... as they are both different geo locations... its so I can pick.. EITHER/OR... :)
 
You can't have two connections to the same provider. The two routes will conflict.
 
Cant I have multiple connections but just have the one active I want ? "Multiple Clients" but have the SERVICE STATE off on ALL except the one I want to use ? :)
 
Cant I have multiple connections but just have the one active I want ? "Multiple Clients" but have the SERVICE STATE off on ALL except the one I want to use ? :)

That should work, yes, as long you only start one at a time, and you ensure that you disabled the Start with WAN option.

Take a look at your System Log if you need more info as to why the connection failed.
 
yep I have it set to OFF on START with WAN... Ive programmed MULTIPLE clients with the SAME EXACT info (except for the exit server) and have only tried to START client 1,2 etc when client 5 is OFF and when I click the ON button it tries (to login ?) and then goes off... here is the Log..
Nov 30 20:42:18 rc_service: httpd 477:notify_rc restart_vpnclient1
Nov 30 20:42:20 dnsmasq[27611]: warning: interface ppp1* does not currently exist
Nov 30 20:42:20 openvpn[27620]: Options error: You must define CA file (--ca) or CA path (--capath)
Nov 30 20:42:20 openvpn[27620]: Use --help for more information.
Nov 30 20:42:21 dnsmasq[27657]: warning: interface ppp1* does not currently exist
Nov 30 20:42:33 rc_service: httpd 477:notify_rc start_vpnclient1
Nov 30 20:42:35 openvpn[27695]: Options error: You must define CA file (--ca) or CA path (--capath)
Nov 30 20:42:35 openvpn[27695]: Use --help for more information.
Nov 30 20:42:36 dnsmasq[27731]: warning: interface ppp1* does not currently exist

is it also needing the CA.CRT file ? (for the client?) Ive already uploaded the cityname.opvn file

and if so where would I upload the ca.crt file ? as ive already done it for the Client1..
thanks
 
yep I have it set to OFF on START with WAN... Ive programmed MULTIPLE clients with the SAME EXACT info (except for the exit server) and have only tried to START client 1,2 etc when client 5 is OFF and when I click the ON button it tries (to login ?) and then goes off... here is the Log..
Nov 30 20:42:18 rc_service: httpd 477:notify_rc restart_vpnclient1
Nov 30 20:42:20 dnsmasq[27611]: warning: interface ppp1* does not currently exist
Nov 30 20:42:20 openvpn[27620]: Options error: You must define CA file (--ca) or CA path (--capath)
Nov 30 20:42:20 openvpn[27620]: Use --help for more information.
Nov 30 20:42:21 dnsmasq[27657]: warning: interface ppp1* does not currently exist
Nov 30 20:42:33 rc_service: httpd 477:notify_rc start_vpnclient1
Nov 30 20:42:35 openvpn[27695]: Options error: You must define CA file (--ca) or CA path (--capath)
Nov 30 20:42:35 openvpn[27695]: Use --help for more information.
Nov 30 20:42:36 dnsmasq[27731]: warning: interface ppp1* does not currently exist

is it also needing the CA.CRT file ? (for the client?) Ive already uploaded the cityname.opvn file

and if so where would I upload the ca.crt file ? as ive already done it for the Client1..
thanks

Click on "Content modification of Keys & Certificates", and fill up the CA certificate field there. Each client must be provided with its own keys and certificates as required by the provider - just entering it once doesn't make them available for all other clients.
 
I DID it, and all I can say is TOTALLY AWESOME ! Now we know why your called Merlin ! :)
Ive got Client 1 set with a London IP and policy'd to my Kodi n has a UK IP :)
Ive got Client 2 set with a Southhampton UK IP and policy'd to my same Kodi n has a UK IP (of course only one runs at a time)
and then Client 3 for my Laptop only
and client 5 for the WHOLE network ! :)
thanks again so much !
 
Glad to see you got it all sorted out dude! Enjoy :)
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top