1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Dedicated SSID for VPN

Discussion in 'Asuswrt-Merlin' started by Michael R Stamper, Jun 17, 2018.

Tags:
  1. Michael R Stamper

    Michael R Stamper New Around Here

    Joined:
    Jun 17, 2018
    Messages:
    1
    Hello

    I am new to networking and I apologize in advance if this has been asked and I was too naive to know what to search for.

    I live in Japan and I have an Asus RT-AC3200 router. I have a VPN provider that I pay for, NordVPN.

    I would like to setup multiple SSIDs on my router - for local Japan internet use and VPN US internet use (for use with Roku streaming device). I have installed the Merlin firmware and I am still lost. The end goal is to have a list of SSIDs as such:

    MyNet_2.4_VPNUSA -- this would connect via NordVPN OpenVPN
    MyNet_2.4_DNSUSA -- this is not required but would be nice - I would use this to ONLY change the DNS settings - no VPN
    MyNet_2.4_Japan -- this is straight to the internet - no VPN and no DNS settings

    Is this possible? If so - could someone please be kind enough to point me in the right direction?

    Thanks!
     
    Last edited: Jun 17, 2018
    st3v3n likes this.
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. st3v3n

    st3v3n Senior Member

    Joined:
    Feb 24, 2016
    Messages:
    373
    Location:
    Central US
    Michael, welcome. This may be the exact answer for your post, but anything is possible. Had a bit of extra time today, so hope this points you where you want/need to be.

    If your Roku is close enough to your router for Ethernet, you'd have greater speed/bandwidth with less buffering of HD and/or 4K, especially if the Roku device is set to use 2.4 wireless. Video streaming often severely impacts not only your viewing pleasure but slows performance of your other 2.4 devices to a crawl, depending on amount of bandwidth you have. You're correct in assuming almost any problem posed has been answered many times, many ways so if you use the search function you can usually find what you need. Sometimes it's difficult to find answers so here's a few pointers. First, take snapshots so you can refer back if you become unsure what changes you made and/or saved.

    Go to the WAN tab/section in the router GUI, and choose if you wish to allow the router to automatically go 'straight' to the internet (WAN/ISP), which is your ISP. You can use the ISP's choice of DNS, or set the 'automatically choose' button to 'no' so you can choose any other DNS solution you like. These days, the ISP's DNS may not be as private or as fast as you like, and they can now sell your information as they see fit, so do your research. DO use a primary and secondary DNS, either here or on your LAN DHCP Server page, preferably from different servers in case the primary ever goes down. Example; #1 DNS could be google, 8.8.8.8, then QuadNine, 9.9.9.9 or even 1.1.1.1. These are good, fast public DNS servers; some say they don't log your searches and don't keep records very long; it's up to you to check privacy policies, and to be able to see and go where you choose.

    This reply assumes you've set the device names/SSID scheme as you wrote for your 2.4 band, but remember, there's only one 2.4 band (not going into or counting 'guest' bands). We use a single SSID for all of the bands, even though we don't have much use for 2.4 these days. If you haven't read the posts, an unknown bug causes problems with the 2.4 band on some RT-AC3200s, with no fix on the horizon. The bug affects some more than others but we haven't had any problems. Try to keep your SSIDs as simple as possible and change your passwords at least once a month; don't use short easy (dumb) passwords, but for now, stay away from exotic characters.

    Proceed to the LAN DCHP Server section. Since the router sees the MAC address of every device, regardless whether it's connected by wire or wireless, instead of using different SSIDs to route your devices to OpenVPN clients or WAN/ISP, (if that is the idea), the LAN DHCP section can assist you in sending/routing your devices to WAN/ISP (DNS) or to your OpenVPN client; the OpenVPN client will use whatever the VPN provider has coded into their config.

    IF you hover over and/or click on BOLD items or sections, information or a link to a page may appear to help you. Here's a link to get you started: https://www.asus.com/support/FAQ/1000906
    When the top portion of the LAN DHCP page is set up, save the page and move down to 'Manual Assignment; on this you can choose YES but if you choose 'no' the rest of this may not help you very much. You'll be down to the 'Manually Assigned IP around the DHCP list (Max Limit : 128) section, which will list all devices by their MAC address. Use the MAC address pull-down menu to choose each device; give each device a 'friendly' hostname, such as MikeiPad, AlicePC, instead of trying to remember every MAC addresses. After doing so, the router makes it easy for you to see and select your devices. Add each device in this section to the setup using the plus ( + ) symbol on the right of the page, you can remove them using the minus ( - ) symbol. Save the page.

    Now go to the VPN Client tab/section, to set up and load your Nord OpenVPN client. Choose whether you want to turn the VPN client on manually or have it start with the router. You can name each client as you please, i.e., Nord1, etc. Check all settings then save the page. At this point, make sure you've taken a screen shot of each page you configured, then save the entire router setup before you reboot the router. You don't have to reboot, but over the years, we've found that starting everything fresh by rebooting works well. It can take several minutes to load so grab a beverage, etc. If for some reason the bands/SSIDs or devices don't work as expected, have your screen grabs ready to refer to for troubleshooting.

    Nord used to provide a tutorial for setting up Asus/Merlin, but it may not be up to date for the latest version. Remember, the search function in the forums and the wiki are your best friend. Keep your search terms basic/simple and you'll eventually find what you need, and be patient. This is a basic way to set up your SSIDs, devices, alternate DNS and OpenVPN config from scratch, it can be as simple, yet as complicated you want. Good luck.
     
  4. Zirescu

    Zirescu Very Senior Member

    Joined:
    Jul 16, 2013
    Messages:
    721
    Location:
    Kelowna, BC
  5. bilboSNB

    bilboSNB Senior Member

    Joined:
    Oct 7, 2011
    Messages:
    310
    Location:
    Road racing capital of the world.
  6. agilani

    agilani Senior Member

    Joined:
    Nov 30, 2012
    Messages:
    248
    You should be able to just setup a guest ssid for it and assign a static ip address to the device and then configure openvpn to route that ip address to the internet over the vpn.

    I'm not sure you can select the ssid to route over the vpn.
     
    st3v3n likes this.
  7. Zirescu

    Zirescu Very Senior Member

    Joined:
    Jul 16, 2013
    Messages:
    721
    Location:
    Kelowna, BC
    That'll only get you so far though. Say you have one device you want to be able to sometimes connect to the VPN and other times you want it to connect as through your ISP. Setting up the rules based on the static IP address forces it to always report through that one interface. Switching between the SSID give you the flexibility of having the device connect out based on how it's connected to the router.
     
  8. st3v3n

    st3v3n Senior Member

    Joined:
    Feb 24, 2016
    Messages:
    373
    Location:
    Central US
    Thanks guys, knew others would quickly be posting URLs to posts and wikis rather than attempting to dictate the ideas. Guest SSIDs are tricky beasts on the new FW, if you don't want to assign a static IP address for a guest IP. The post was puzzling as Agliani mentions in his last sentence. We've never selected an SSID to 'route' over a VPN; just devices. Long week, perhaps it's a matter of perception. (Been away awhile, Good job Jack, love 'YazFI') G'day and good luck gents.
     
  9. st3v3n

    st3v3n Senior Member

    Joined:
    Feb 24, 2016
    Messages:
    373
    Location:
    Central US
    Any aspect of this will only get you so far, and there'a always a way to skin a cat, er network. I tried to stick with what might help the OP instead of go too far astray; if that was the way it was taken, they my regrets. Clarification of the variables would be helpful, but we do what we can to lend a hand from one day to the next. End of line.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!