Asuswrt-Merlin and Nordvpn

Hoganwch

New Around Here
Trying to install the vpn UDP file in Asuswrt-Merlin ver. 386.4 for Asus RT-AC88U. (Having the same issue with RT-AC3100). When I upload the file it clears everything else. I've tried numerous combinations, but the router does NOT redirect. Using Nordvpn. Had great success with earlier versions. Nordvpn actually has a "how to" on their site which I've used several times as well. Wondering what ideas anyone has to resolve.
 

ColinTaylor

Part of the Furniture
On the VPN client page first click on Default. Wait a few seconds for everything to reset and then browse to your ovpn file, select it and click Upload. After a few seconds the new settings should appear and you can scroll down to add your username and password.
 

Hoganwch

New Around Here
Thanks for the response. You can see the result here. It doesn't redirect. I'm very familiar with this and have set up numerous routers. The file uploads and clears everything. It doesn't appears to stay resident. I populate everything and this is what I get. When I re-upload the udp file, I have to re-enter the user name and password. It appears to be an error in the file upload. I'm using a udp file from Nordvpn.
1642221507788.png


Any insight will be appreciated...
 

eibgrad

Part of the Furniture
Beware, if the .ovpn file does NOT contain the following directive ...

Code:
redirect-gateway def1

... then it will leave the "Redirect internet traffic through tunnel" setting in the GUI as No (the default), rather than "Yes (all)". Since most providers push that directive from the server to the client, it wouldn't surprise me if many (most?) don't bother to include it in the client's config file. Prior to 386.3, having "Redirect internet traffic through tunnel" set to No would still allow the client to be redirected over the VPN provided the server pushed that directive. But with the introduction of 386.3 and beyond, that's no longer the case. When "Redirect internet traffic through tunnel" is set to No, it means NO!
 

Hoganwch

New Around Here
Beware, if the .ovpn file does NOT contain the following directive ...

Code:
redirect-gateway def1

... then it will leave the "Redirect internet traffic through tunnel" setting in the GUI as No (the default), rather than "Yes (all)". Since most providers push that directive from the server to the client, it wouldn't surprise me if many (most?) don't bother to include it in the client's config file. Prior to 386.3, having "Redirect internet traffic through tunnel" set to No would still allow the client to be redirected over the VPN provided the server pushed that directive. But with the introduction of 386.3 and beyond, that's no longer the case. When "Redirect internet traffic through tunnel" is set to No, it means NO!
THAT fixed it. Thank you. I've used these instructions for 386.2 - https://support.nordvpn.com/Connectivity/Router/1047410642/AsusWRT-Merlin-setup-with-NordVPN.htm. I put the code you suggested in the Custom Configuration field. I them realized I could simply select redirect all internet traffic using the network settings, so eliminated the custom statement (for ease of use). It seems to be working fine. (I found that I could not specify the WAN DNS settings they suggest.) THANK YOU. I use this to setup multiple vpns for various language feeds.
 

Viktor Jaep

Very Senior Member
THAT fixed it. Thank you. I've used these instructions for 386.2 - https://support.nordvpn.com/Connectivity/Router/1047410642/AsusWRT-Merlin-setup-with-NordVPN.htm. I put the code you suggested in the Custom Configuration field. I them realized I could simply select redirect all internet traffic using the network settings, so eliminated the custom statement (for ease of use). It seems to be working fine. (I found that I could not specify the WAN DNS settings they suggest.) THANK YOU. I use this to setup multiple vpns for various language feeds.
Glad you got that working. If you're interested, there's actually a much better custom config available than the one that NordVPN provides... this one has definitely helped boost my speed considerably.

Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
 

Viktor Jaep

Very Senior Member
What rates do you gents see with NordVPN? I only have LTE so can't test it.
I have a 1GB Xfinity Cable connection... the results I get yield a little over 200Mbps to my closest server over NordVPN.

Screenshot 2022-01-15 19.11.28.png
 

KingBravery

Senior Member
Glad you got that working. If you're interested, there's actually a much better custom config available than the one that NordVPN provides... this one has definitely helped boost my speed considerably.

Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
wow thank for your custom code.. I've tried to setup Mullvad OpenVPN for more than a month using their config but always have error configuration.. After paste your code, VPN connection run succesfully..
 

Viktor Jaep

Very Senior Member
wow thank for your custom code.. I've tried to setup Mullvad OpenVPN for more than a month using their config but always have error configuration.. After paste your code, VPN connection run succesfully..

You're very welcome! ;)
 

Tech Junky

Very Senior Member
Should really try to find a way to use the NordLynx (wire guard) option if possible if you want to use your full bandwidth.


1643115468446.png


890/42 is not the max I can hit but, just a random speed test.
 

RMerlin

Asuswrt-Merlin dev

eibgrad

Part of the Furniture
wow thank for your custom code.. I've tried to setup Mullvad OpenVPN for more than a month using their config but always have error configuration.. After paste your code, VPN connection run succesfully..

Beware of the following directive.

Code:
reneg-sec 0

This does improve performance ever so slightly (barely). And that's because it disables rotation (renegotiation) of the session key! By default, this directive is set to 3600 (secs), which means every hour the session key is changed for the purposes of perfect forward secrecy. And so by setting it to 0, you're compromising your security!

OpenVPN providers love to instruct their customers to use this directive because it definitely improves *their* performance much more than yours. If they don't have to rotate sessions keys every hour (or even sooner, you could set it lower) for 10's of thousands of users, that saves them substantially in terms of overhead. But as I said, at the price of your security.
 

Tech Junky

Very Senior Member
Wireguard isn't going to give you anywhere near that either.
How can you state that when it's a fact?

The Asus being used might not be capable but, the technology is. I'm using a PC as a router and get consistent line speed bandwidth.
 

ColinTaylor

Part of the Furniture
How can you state that when it's a fact?
Because this thread is talking specifically about running a VPN client on the router, not on a PC. Wireguard performance on Asus routers has been tested so it is a proven fact.
 

Tech Junky

Very Senior Member
VPN client on the router, not on a PC
I'm using the PC as the ROUTER... Thus performance is proven to be higher than OVPN.

Cable Modem <> PC <> clients / AP

NOT

CM <> router <> PC

Now, if Asus can't handle WG which is lighter weight and more performant then it's time to get a different "router".
 

ColinTaylor

Part of the Furniture
I'm using the PC as the ROUTER... Thus performance is proven to be higher than OVPN.

Cable Modem <> PC <> clients / AP

NOT

CM <> router <> PC

Now, if Asus can't handle WG which is lighter weight and more performant then it's time to get a different "router".
Again, this has nothing to do with the subject being discussed in this thread.
 

eibgrad

Part of the Furniture
I'm using the PC as the ROUTER... Thus performance is proven to be higher than OVPN.

Cable Modem <> PC <> clients / AP

NOT

CM <> router <> PC

Now, if Asus can't handle WG which is lighter weight and more performant then it's time to get a different "router".

Now you're being disingenuous. Obviously @ColinTaylor meant the ASUS router. Not some PC acting as a router. Obviously that changes everything, and is not even relevant to this forum, other than for the purpose of comparing performance on the router vs. PC. Certainly the latter is more likely to outperform the former. But again, that's NOT the issue here as far the OP is concerned.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top