Xentrk
Part of the Furniture
Continued from Part I
https://www.snbforums.com/threads/t...for-asus-merlin-380-65-380-65_2-part-i.38281/
Configurations required for All Traffic
Make the following changes if you want all clients on your router to use the VPN Tunnel:
Start with WAN: Yes (Have VPN auto connect on boot)
Username/Password Authentication: Enter your TorGuard VPN Username and Password.
Username/Password Auth. Only: Yes
Accept DNS Configuration: Exclusive
Cipher Negotiation: Disabled
Redirect Internet Traffic: ALL
Note 1: In prior OpenVPN releases, I always used the setting of “None” for Compression. This setting no longer works for me in OpenVPN 2.4. As a result, I use the default LZO Adaptive, which is the recommended setting of TorGuard.
Select the Apply button to save the settings. When finished, the settings should be as follows:
Change Choose Service state to ON to enable the VPN Client. You can verify successful connection by going to the VPN Status tab. You can also navigate to TorGuard's IP detection site http://myip.tg or the ipleak test site at https://ipleak.net for additional validation. The sites should report the IP address of the TorGuard server the router is connected to.
Configurations required for Policy Rules
Make the following changes if you want some clients on your router to use the VPN Tunnel and others to use native WAN:
Start with WAN: Yes (Have VPN auto connect on boot)
Username/Password Authentication: Enter your TorGuard VPN Username and Password.
Username/Password Auth. Only: Yes
Accept DNS Configuration (See Note 2): Strict
Cipher Negotiation: Disabled
Redirect Internet Traffic: Policy Rules
Block Routed Traffic if Tunnel Goes Down: Yes
If the VPN tunnel goes down with this setting, any clients set to route over the VPN will not be able to reach the Internet. You will need to check the System Log. This setting will prevent your true WAN IP from leaking to the services the router is connected to if the VPN tunnel goes down. “Yes” is the recommended setting if you are using a streaming media site that restricts content by geo location or blocks VPN connections.
Custom Configuration (See Note 3):
Note 1: In prior OpenVPN releases, I always used the setting of “None” for Compression. This setting no longer works for me in OpenVPN 2.4. As a result, I use the default LZO Adaptive, which is the recommended setting of TorGuard.
Note 2: I had this set to “Exclusive” in prior releases. I use AB-Solution 3.6.5 on all my routers. I discovered that ad blocking only worked for devices connected to the WAN and not for devices connected to the VPN tunnel with Accept DNS Configuration set to “Exclusive”. Changing Accept DNS Configuration to “Strict” solved this problem.
Note 3: As mentioned above, I use AB-Solution 3.6.5 on all of my routers. A few days after upgrading to 380.65, I attempted to update AB-Solution on the router with Policy Rules. I was unable to connect to the AB-Solution server to perform the update and unable to ping the AB Solution server. However, I could connect and ping the AB Solution server on my other router with Redirect Internet traffic set to ALL. This is a symptom of a routing issue. The other item that no longer worked was the email function built into AB-Solution. My AB-Solution email settings are the same on the router with Redirect Internet traffic set to ALL, and on the router with Redirect Internet traffic set to Policy Rules. Having the dhcp-option DNS setting in the Custom Configuration section resolved these two issues.
Rules for routing client traffic thru the tunnel section: For Policy Rules to work, you must enter the Source IP address of the clients that you want to use the VPN tunnel. Enter 0.0.0.0 in the Destination IP field. Entering the Source IP address of the clients that route thru the WAN is optional. See yorgi’s guide for additional details. Select the Apply button to save the settings. When finished, the settings should be as follows:
You can verify successful connection by going to the VPN Status tab. You can also navigate to TorGuard's IP detection site http://myip.tg or the ipleak test site at https://ipleak.net for additional validation. It should report the IP address of the TorGuard server the router is connected to.
Continued in Part III
https://www.snbforums.com/threads/torguard-openvpn-2-4-client-setup-for-asus-merlin-380-65-380-65_2-part-iii.38283/
https://www.snbforums.com/threads/t...for-asus-merlin-380-65-380-65_2-part-i.38281/
Configurations required for All Traffic
Make the following changes if you want all clients on your router to use the VPN Tunnel:
Start with WAN: Yes (Have VPN auto connect on boot)
Username/Password Authentication: Enter your TorGuard VPN Username and Password.
Username/Password Auth. Only: Yes
Accept DNS Configuration: Exclusive
Cipher Negotiation: Disabled
Redirect Internet Traffic: ALL
Note 1: In prior OpenVPN releases, I always used the setting of “None” for Compression. This setting no longer works for me in OpenVPN 2.4. As a result, I use the default LZO Adaptive, which is the recommended setting of TorGuard.
Select the Apply button to save the settings. When finished, the settings should be as follows:
Change Choose Service state to ON to enable the VPN Client. You can verify successful connection by going to the VPN Status tab. You can also navigate to TorGuard's IP detection site http://myip.tg or the ipleak test site at https://ipleak.net for additional validation. The sites should report the IP address of the TorGuard server the router is connected to.
Configurations required for Policy Rules
Make the following changes if you want some clients on your router to use the VPN Tunnel and others to use native WAN:
Start with WAN: Yes (Have VPN auto connect on boot)
Username/Password Authentication: Enter your TorGuard VPN Username and Password.
Username/Password Auth. Only: Yes
Accept DNS Configuration (See Note 2): Strict
Cipher Negotiation: Disabled
Redirect Internet Traffic: Policy Rules
Block Routed Traffic if Tunnel Goes Down: Yes
If the VPN tunnel goes down with this setting, any clients set to route over the VPN will not be able to reach the Internet. You will need to check the System Log. This setting will prevent your true WAN IP from leaking to the services the router is connected to if the VPN tunnel goes down. “Yes” is the recommended setting if you are using a streaming media site that restricts content by geo location or blocks VPN connections.
Custom Configuration (See Note 3):
dhcp-option DNS xxx.xxx.xxx.xxx (xxx’s is the IP address of TorGuard DNS Server 1)
dhcp-option DNS xxx.xxx.xxx.xxx (xxx’s is the IP address of TorGuard DNS Server 2)
dhcp-option DNS xxx.xxx.xxx.xxx (xxx’s is the IP address of TorGuard DNS Server 2)
Note 1: In prior OpenVPN releases, I always used the setting of “None” for Compression. This setting no longer works for me in OpenVPN 2.4. As a result, I use the default LZO Adaptive, which is the recommended setting of TorGuard.
Note 2: I had this set to “Exclusive” in prior releases. I use AB-Solution 3.6.5 on all my routers. I discovered that ad blocking only worked for devices connected to the WAN and not for devices connected to the VPN tunnel with Accept DNS Configuration set to “Exclusive”. Changing Accept DNS Configuration to “Strict” solved this problem.
Note 3: As mentioned above, I use AB-Solution 3.6.5 on all of my routers. A few days after upgrading to 380.65, I attempted to update AB-Solution on the router with Policy Rules. I was unable to connect to the AB-Solution server to perform the update and unable to ping the AB Solution server. However, I could connect and ping the AB Solution server on my other router with Redirect Internet traffic set to ALL. This is a symptom of a routing issue. The other item that no longer worked was the email function built into AB-Solution. My AB-Solution email settings are the same on the router with Redirect Internet traffic set to ALL, and on the router with Redirect Internet traffic set to Policy Rules. Having the dhcp-option DNS setting in the Custom Configuration section resolved these two issues.
Rules for routing client traffic thru the tunnel section: For Policy Rules to work, you must enter the Source IP address of the clients that you want to use the VPN tunnel. Enter 0.0.0.0 in the Destination IP field. Entering the Source IP address of the clients that route thru the WAN is optional. See yorgi’s guide for additional details. Select the Apply button to save the settings. When finished, the settings should be as follows:
You can verify successful connection by going to the VPN Status tab. You can also navigate to TorGuard's IP detection site http://myip.tg or the ipleak test site at https://ipleak.net for additional validation. It should report the IP address of the TorGuard server the router is connected to.
Continued in Part III
https://www.snbforums.com/threads/torguard-openvpn-2-4-client-setup-for-asus-merlin-380-65-380-65_2-part-iii.38283/
Last edited: