What's new

Best VPN for 86U + Merlins???

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I sign in to my ExpressVPN account, choose set up ExpressVPN. Scroll down and select manual configuration where you will see America’s, Europe, Asia Pacific, Middle East and Africa. This is where you download your .ovpn files to upload to your router. I personally choose a London based server that’s 60 miles away and pretty much have the same download upload speeds that I pay for

I forgot to mention I learned how to upload an .ovpn to my RT-AC86U and setup from videos on YouTube. This forum will have information on it as well

Good luck


Sent from my iPad using Tapatalk
 
Last edited:
Express VPN states that their configuration files are not compatible with the 86U.

For those who are using it on the 86U - how are you doing this?

I've never used VPN before and would appreciate some assistance in setting it up on my 86U w/ Merlin's fw.

I am thinking you may have looked at their DDWRT based “app” they install in certain routers. And yes, last I checked AC86U was not on their list but AC87U was. See previous posts on this. I have used this app in the past but again it was based on DDWRT firmware.

However, this is a different configuration from the one you experience with Asuswrt-Merlin.

Yes you can use ExpressVPN with AC86U. You could download their server ovpn files and go from there. Just follow some of their tutorials for their setup or search the forums for configuration examples. There have been plenty of posts lately about ExpressVPN OpenVPN setup in Merlin firmware.


Sent from my iPhone using Tapatalk
 
I sign in to my ExpressVPN account, choose set up ExpressVPN. Scroll down and select manual configuration where you will see America’s, Europe, Asia Pacific, Middle East and Africa. This is where you download your .ovpn files to upload to your router. I personally choose a London based server that’s 60 miles away and pretty much have the same download upload speeds that I pay for

Thanks for the info. I downloaded the .ovpn files. How can you tell which server has the fastest speeds. For example in Los Angeles (closest server to my location) ExpressVPN has 4 LA servers. Is it just trial and error to see which one of the 4 is the best/fastest one?
 
If you download ExpressVPN app for the phone or Mac or Windows, it has a Speedtest feature that lets you see a variety of servers' speed index so you can compare. Those with greater index would be the ones to start with but you can experiment with whichever server you want.
 
Can someone check these settings please. I followed the instructional video but I don't think my VPN is working/enabled. Did I set it up correctly?

1.jpg 2.jpg 3.jpg 4.jpg
 
Are you needing to setup a CLIENT or VPN SERVER? If Client is what you are looking for then no need to set up a server. My thoughts on your client setup:

On the VPN Client tab:

Automatic start at boot time = change to Yes

Accept DNS configuration - change to Exclusive (if no Diversion), Strict (if Diversion is installed) or Disabled (if Diversion and Stubby will be installed)

(when choosing any of the configurations above then make sure that "Connect to DNS server automatically?" section under the WAN tab has:

Yes (if on Exclusive mode), No (if on Strict mode and add there your ExpressVPN server(s) manually), No (if Stubby installed and leave your router's IP under the DNS 1 server space)

Make sure to APPLY to save

Then go back to the VPN Client tab:

Cipher Negotiation: Disabled

Legacy Cipher: AES -128-GCM or AES-256-GCM (if AC86U or AX router); otherwise leave as shown on the pic

Connection retry attempts: change from 15 to -1

Compression: disabled

For Custom Configuration section (at the very bottom) see this post: https://www.snbforums.com/threads/expressvpn-on-merlin-custom-configuration.49963/#post-475742

If no Diversion (but with Stubby installed): leave all those options there as they are

If Diversion installed, also add at the top:

dhcp option: server 1 IP (if using 1 server from the WAN tab or DNS 1) for example: dhcp option 207.132.135.19
dhcp option server 2 IP (if using 2 servers from the WAN tab or DNS 2) for example: dhcp option 207.132.135.20

For Policy Rules - Enable strict profile) and then add each of the following (use the PLUS sign after each entry) :

Router 192.168.50.1 (or 192.168.1.1) 0.0.0.0 WAN
All devices 192.168.50.0/24 (or 192.168.0/24) 0.0.0.0 VPN

After you make all of these APPLY and then toggle the SLIDER to ON (at the top of the page and next to "Automatic start at boot time").

I am hoping this will help. You may still have to make tweaks to get it
 
Hi Marin. Thanks so much for your detailed post. I'm lost on a couple of things....

I do have Diversion installed and running. FYI.

1) Under the WAN DNS Settings tab, how can I find out what the ExpressVPN servers are to manually input them (is it 8.8.8.8 and 8.8.4.4 - or something else)???

2) Where do I find the following:

"For Policy Rules - Enable strict profile) and then add each of the following (use the PLUS sign after each entry) :

Router 192.168.50.1 (or 192.168.1.1) 0.0.0.0 WAN
All devices 192.168.50.0/24 (or 192.168.0/24) 0.0.0.0 VPN" ???
 
Last edited:
Hi Marin. Thanks so much for your detailed post. I'm lost on a couple of things....

I do have Diversion installed and running. FYI.

1) Under the WAN DNS Settings tab, how can I find out what the ExpressVPN servers are to manually input them (is it 8.8.8.8 and 8.8.4.4 - or something else)???

2) Where do I find the following:

"For Policy Rules - Enable Strict profile) and then add each of the following (use the PLUS sign after each entry) :

Router 192.168.50.1 (or 192.168.1.1) 0.0.0.0 WAN
All devices 192.168.50.0/24 (or 192.168.0/24) 0.0.0.0 VPN" ???

You could call ExpressVPN (or chat with them via their home page) and ask them about their servers; otherwise, you can put there other major DNS server such as Cloudflare (1.1.1.1 and 1.0.0.1) or others.


Once you do that then make sure to go to the VPN Client tab and under the Custom Configuration section add at the very top:

dhcp option 1.1.1.1
dhcp option 1.0.0.1

(Or whichever other DNS servers you decided to go with)

Your Policy Rules will be under Redirect Traffic pull down menu of the VPN Client page (close to the bottom and near Custom Config section).

Also, since you have diversion installed then make sure that Accept DNS configuration choice is Strict.


Marin


Sent from my iPhone using Tapatalk
 
Last edited:
Another option would be to check the “Automatically connect to DNS servers?” to Yes and that will pick their servers as well. However, make sure that Accept DN Configuration election in the VPN Client page is Strict otherwise Diversion will not work.

Once you make these selection, feel free to go to the Express VPN site and use their DNS leak testing tools to see if your IP is leaking or simply use something like www.dnsleaktest.com to test that.


Sent from my iPhone using Tapatalk
 
Last edited:
Thanks for the info. I downloaded the .ovpn files. How can you tell which server has the fastest speeds. For example in Los Angeles (closest server to my location) ExpressVPN has 4 LA servers. Is it just trial and error to see which one of the 4 is the best/fastest one?
Choose the server closest to you. The speed has more to do with your client device than their server. If there are four servers in the same geolocation, there may be no difference in performance. There is variability in speed tests and each test will produce slightly different results.
 
Express VPN states that their configuration files are not compatible with the 86U.

For those who are using it on the 86U - how are you doing this?

I've never used VPN before and would appreciate some assistance in setting it up on my 86U w/ Merlin's fw.
I am curious what made you select Express VPN when they don't support Asus configuration files? Here is a snip of the OpenVPN config tool from TorGuard.

upload_2019-4-8_7-5-10.png


There is no tool for pfSense though. So, I had to manually enter those settings. There is guide in the form for PIA. But it can be applicable to other providers:

https://www.snbforums.com/threads/h...and-other-vpn-providers-384-5-07-10-18.30851/

This guide is primarily for TorGuard. But there are instructions on how to setup if you want VPN to work with the Diversion ad blocker and Stubby DNS over TLS:

https://x3mtek.com/torguard-openvpn-2-4-client-setup-for-asuswrt-merlin-firmware/

You can download one of the other firmware configuration files. The certificates should be inside. You can then open up in a text editor and copy/paste into the appropriate fields in the OpenVPN Client GUI.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top