What's new

Does the VPN kill switch work with Merlin?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

fitnesspmm

Regular Contributor
I signed up to ExpressVPN this week where their knowledge with Merlin is limited. Apart from this enquiry, their live support is fantastic with no waiting times.

I found information about setting up a VPN with a kill switch here.
https://www.vpnunlimitedapp.com/help/manuals/asuswrt-merlin

When I spoke to ExpressVPN support twice, they said it's best to use their VPN application on my PC if I wish to use a kill switch. My question is this, does the Merlin VPN kill switch works? Is it reliable? I don't see any means to test this. Are these settings correct to assign a kill switch below?

Force Internet traffic through tunnel = Policy Rules (strict)
Block routed clients if tunnel goes down = assign PC

I also want to know the difference between Policy Rules & Policy Rules (strict)?
 
I noticed when I reboot both routers, my ASUS connections again in 2 minutes while my NBN takes 5-10 minutes. When the NBN connection again, my VPN on the ASUS router won't auto-connect (kill switch) how do I get it to connect again without manually doing so?
 
I noticed when I reboot both routers, my ASUS connections again in 2 minutes while my NBN takes 5-10 minutes. When the NBN connection again, my VPN on the ASUS router won't auto-connect (kill switch) how do I get it to connect again without manually doing so?
Is "Automatic start at boot time" set to yes in your vpn-client?
 
Is "Automatic start at boot time" set to yes in your vpn-client?

yes it's on! My NBN router that it connects to my ASUS (2-3 minutes) usually takes nearly 10 minutes to connect to the internet. I waited 20 minutes after resetting both routers but after 20 minutes if I look into the VPN settings, it says stopped.
 
I think it's bugged now. When I try to turn on 'Service state' it says connected but when I check my IP on 2 different browsers, it says my ISP IP?

The VPN status page says 'connected' too...
 
I did a factory default (Initialize) and it fixed it.

Some new problems or maybe it's the same one?

If I restart the ASUS router while my PC (LAN) is already on, the router will connect to the VPN server but my PC (shows ISP ip) will not connect to the VPN server unless I drop the LAN connects to the router and connect again (shows VPN ip). Same with Wifi, if it was already connected.

Running about 10 tests where I turn on and off the VPN on the Router, it does it more than half the time.
 
Last edited:
Have a look here
https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-routing

Do you have one or more clients running?

I don't really under the Policy Rules (strict) so I changed it to Yes and it seem to have fixed it now. Thanks :)

New problem: I've found that I'm getting half the download speed when running the VPN through router my router (50Mbps) compare to using ExpressVPN application on (90Mbps) my PC. Without VPN I get 102Mbps.

The ExpressVPN support guy said it has to do with the router not having enough processing power where when I do a speed test and look at my router system status page, both CPUs on my RT-AC5300 are in 60-100% mark :\ Anyway to fix this?
 
Last edited:
Anyway to fix this?

Buy a router that's chip set supports AES-NI otherwise your router is doing what it can. Even a router with the fastest processor but no AES-NI is likely to top out at 50 - 60 Mbps.
 
I only really need a couple of devices running at max speed. The other 10 devices in my home, 50Mbps download is more than enough. I worked out a backdoor to get maximum VPN speed without buying a new router.

Go to LAN, Enable Manual Assignment
Below that, choose the device (1) below which you want to run at maximum VPN and put in an IP address.

Go to VPN, Client
Force Internet traffic through tunnel = Policy Rules (strict)

Source IP = 192.168.1.1/24 <------ put in your ip range with /24 on the end. This will make sure all devices from .1 to .254 go through the VPN
Destination IP = 0.0.0.0
Iface = VPN
Click +

Now select the device (1) in Source IP
Destination IP = 0.0.0.0
Iface = WAN
Click +
Click Apply

Go to device (1), install your VPN application and connect. If you have done it all right, device (1) will bypass the router and connect directly to your VPN server hence you will get maximum VPN speed.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top