What's new

TorGuard OpenVPN 2.4 Client Setup for ASUS Merlin 380.65 & 380.65_2 Part II

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Xentrk

Part of the Furniture
Continued from Part I
https://www.snbforums.com/threads/t...for-asus-merlin-380-65-380-65_2-part-i.38281/

Configurations required for All Traffic

Make the following changes if you want all clients on your router to use the VPN Tunnel:

Start with WAN: Yes (Have VPN auto connect on boot)
Username/Password Authentication: Enter your TorGuard VPN Username and Password.
Username/Password Auth. Only: Yes
Accept DNS Configuration: Exclusive
Cipher Negotiation: Disabled
Redirect Internet Traffic: ALL

Note 1: In prior OpenVPN releases, I always used the setting of “None” for Compression. This setting no longer works for me in OpenVPN 2.4. As a result, I use the default LZO Adaptive, which is the recommended setting of TorGuard.

Select the Apply button to save the settings. When finished, the settings should be as follows:

upload_2017-3-28_11-38-12.png


Change Choose Service state to ON to enable the VPN Client. You can verify successful connection by going to the VPN Status tab. You can also navigate to TorGuard's IP detection site http://myip.tg or the ipleak test site at https://ipleak.net for additional validation. The sites should report the IP address of the TorGuard server the router is connected to.

Configurations required for Policy Rules
Make the following changes if you want some clients on your router to use the VPN Tunnel and others to use native WAN:

Start with WAN: Yes (Have VPN auto connect on boot)
Username/Password Authentication: Enter your TorGuard VPN Username and Password.
Username/Password Auth. Only: Yes
Accept DNS Configuration (See Note 2): Strict
Cipher Negotiation: Disabled
Redirect Internet Traffic: Policy Rules
Block Routed Traffic if Tunnel Goes Down: Yes

If the VPN tunnel goes down with this setting, any clients set to route over the VPN will not be able to reach the Internet. You will need to check the System Log. This setting will prevent your true WAN IP from leaking to the services the router is connected to if the VPN tunnel goes down. “Yes” is the recommended setting if you are using a streaming media site that restricts content by geo location or blocks VPN connections.

Custom Configuration (See Note 3):
dhcp-option DNS xxx.xxx.xxx.xxx (xxx’s is the IP address of TorGuard DNS Server 1)
dhcp-option DNS xxx.xxx.xxx.xxx (xxx’s is the IP address of TorGuard DNS Server 2)​

Note 1: In prior OpenVPN releases, I always used the setting of “None” for Compression. This setting no longer works for me in OpenVPN 2.4. As a result, I use the default LZO Adaptive, which is the recommended setting of TorGuard.

Note 2: I had this set to “Exclusive” in prior releases. I use AB-Solution 3.6.5 on all my routers. I discovered that ad blocking only worked for devices connected to the WAN and not for devices connected to the VPN tunnel with Accept DNS Configuration set to “Exclusive”. Changing Accept DNS Configuration to “Strict” solved this problem.

Note 3: As mentioned above, I use AB-Solution 3.6.5 on all of my routers. A few days after upgrading to 380.65, I attempted to update AB-Solution on the router with Policy Rules. I was unable to connect to the AB-Solution server to perform the update and unable to ping the AB Solution server. However, I could connect and ping the AB Solution server on my other router with Redirect Internet traffic set to ALL. This is a symptom of a routing issue. The other item that no longer worked was the email function built into AB-Solution. My AB-Solution email settings are the same on the router with Redirect Internet traffic set to ALL, and on the router with Redirect Internet traffic set to Policy Rules. Having the dhcp-option DNS setting in the Custom Configuration section resolved these two issues.

Rules for routing client traffic thru the tunnel section: For Policy Rules to work, you must enter the Source IP address of the clients that you want to use the VPN tunnel. Enter 0.0.0.0 in the Destination IP field. Entering the Source IP address of the clients that route thru the WAN is optional. See yorgi’s guide for additional details. Select the Apply button to save the settings. When finished, the settings should be as follows:

upload_2017-3-28_11-40-24.png


You can verify successful connection by going to the VPN Status tab. You can also navigate to TorGuard's IP detection site http://myip.tg or the ipleak test site at https://ipleak.net for additional validation. It should report the IP address of the TorGuard server the router is connected to.

Continued in Part III
https://www.snbforums.com/threads/torguard-openvpn-2-4-client-setup-for-asus-merlin-380-65-380-65_2-part-iii.38283/
 
Last edited:
Hello,

You have recommended cipher negotiation setting to "disabled", is this still working for you?
 
Last edited:
At the time I wrote the how to post, TorGuard had not implemented OpenVPN 2.4. I now use cipher negotiation. I will put it on my to do list to update the instructions. I am also able to use Accept DNS Configuration set to Exclusive and have AB-Solution work thru the VPN tunnel now by using a script to manage my selective routing. I have one issue I need to finalize before releasing it out to the community. I am waiting for the nvram backup and restore utility to be updated for the 382.x releases before upgrading. I often find I have to do a restore after an upgrade in order to get my VPN speeds to return to normal. I rely on the nvram backup and restore utility to restore my settings.

upload_2018-1-9_11-25-42.png
 
At the time I wrote the how to post, TorGuard had not implemented OpenVPN 2.4. I now use cipher negotiation. I will put it on my to do list to update the instructions. I am also able to use Accept DNS Configuration set to Exclusive and have AB-Solution work thru the VPN tunnel now by using a script to manage my selective routing. I have one issue I need to finalize before releasing it out to the community. I am waiting for the nvram backup and restore utility to be updated for the 382.x releases before upgrading. I often find I have to do a restore after an upgrade in order to get my VPN speeds to return to normal. I rely on the nvram backup and restore utility to restore my settings.

View attachment 11516
hello Again,

Do you have a guide or link to one describing install of AB-Solution; i think I'd like to try it.

Regards,
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top