ExpressVPN and Stock Asus OpenVPN

[Chinquapin]

Having wrapped myself in knots seeing if I could make StrongVPN run on stock Asus firmware (no, AFAIK), I learn that StrongVPN may no longer be the best vendor for me. ExpressVPN is currently getting decent reviews, and it claims to work with stock Asus firmware's OpenVPN client. Configuration seems amazingly simple.

Anyone here using ExpressVPN with the stock Asus firmware? I'd appreciate hearing from you. AND, I'd also appreciate hearing from any who have found the stock firmware limiting, and why, with regard to OpenVPN. All I really want to do is assign a separate SSID for the VPN, to which I'll only connect when I need to without having to do any further fiddling such as changing VPN servers, etc. If that can be done with stock firmware, it would be nice, but I suspect that trick is going to require Asuswrt-Merlin. Many thanks.

 

[RMerlin]

The biggest differences between Asus's OpenVPN and mine are:

- Asus removed the page where you can customize the OpenVPN clients advanced settings
- I compile both OpenSSL and OpenVPN with additional compiler optimization options

Quite often the Asus stock firmware will work just fine as long you have an ovpn config file which you can import with all the necessary options in it.

 

[Rango]

Chinquapin, What speeds do you get on AES128 on Express VPN. I was going to give them a try but they're on expensive side. Thanks

 

[Chinquapin]

Haven't subscribed yet, so don't know what speeds I'll get.

 

[yorgi]

One very important thing to consider is Merlin Firmware drops connection if the VPN tunnel goes down where as Stock firmware doesn't do that. This feature is very important because why would one want a VPN if it does a hiccup and your IP goes public
You also have way more features with Merlin that Stock firmware just doesn't offer.
Obviously Merlin is being very modest

 

[yorgi]

Chinquapin, What speeds do you get on AES128 on Express VPN. I was going to give them a try but they're on expensive side. Thanks

LOL you still going at it

 

[yorgi]

Haven't subscribed yet, so don't know what speeds I'll get.

When you do subscribe please let us know what speeds you get

 

[Rango]

LOL you still going at it

Ha ha....It's funny i went from some old linksys G router to R-66u, then discovered it's underpowered then ac-87u and now i'm still hungry for more cpu. Waiting for my intel card to get here.

Yorgi i'm pretty sure pia doesn't throttle. If i will be able to get my pfsense up (i'm still not convinced comcast doesn't block pfsense platform) i will be pulling 80-85Mpbs, but was curious what he has on Express vpn. And now im pretty sure it's just marketing scheme for them although they may have best ISP providers so maybe they're better.

and yes if you subscribe yes please let us know, although Yorgi it won't really matter as none of the routers can haul full isp speed yet. 88u overclocked to 1600Mhz can probably pull 70Mbps. Maybe when asus releases 2.0Ghz with ability to overclock to 2.4Ghz then we will. I think we need about 2Ghz dual core to hit 85Mbps on vpn. And that may be on low end with 128aes. If i decide to get physical box it will be 3Ghz i3 box but let's hope i can virtualize this and that's if i can get pfsense up with comcast in first place.

 

[Chinquapin]

I'll post when I get around to trying ExpressVPN. Right now, I'm just gathering info, as I'm in the middle of preparing for a relocation, and the VPN bit is just a useful distraction from the chaos of the move. Once I've settled, I'll get a subscription and see what it's like and will post. AFAIK, ExpressVPN will run w/o problems on the Asus stock firmware, but it won't be easy (or possible) to do the split-tunnel bit w/o Asuswrt-Merlin. Unless someone knows better...

 

[Rango]

I'll post when I get around to trying ExpressVPN. Right now, I'm just gathering info, as I'm in the middle of preparing for a relocation, and the VPN bit is just a useful distraction from the chaos of the move. Once I've settled, I'll get a subscription and see what it's like and will post. AFAIK, ExpressVPN will run w/o problems on the Asus stock firmware, but it won't be easy (or possible) to do the split-tunnel bit w/o Asuswrt-Merlin. Unless someone knows better...

If i were you i would not hesitate for second to migrate to Merlin code. Not only you're getting openvpn speed optimization and get 20% more speed on it but also get more configurable gui interface, temperature graphs etc. You also get faster bug updates and faster ports like openvpn updates, and i tried both. Asus should put him on their payroll. But that's just my opinion.

 

[Chinquapin]

Yeah...you're probably right. I'll waste more time trying to get what I want with the stock firmware that can be justified. So, I'll get the Merlin. You said 20% faster: do you mean on the VPN, or otherwise?

 

[Rango]

Yeah...you're probably right. I'll waste more time trying to get what I want with the stock firmware that can be justified. So, I'll get the Merlin. You said 20% faster: do you mean on the VPN, or otherwise?

On vpn. Try it. If you don't like it you can also flash back. Other thing you have in merlin's is settings back up which is huge help too. It's stable if that's your reservation. I mean it's like stock asus but just better features. Actually ppl find Merlin's more stable then asus stock. Asus stock meaning having bugs and stuff. Also if you notice asus is not out yet with 380 code. They're on 378 still so there you have it.

 

[yorgi]

Ha ha....It's funny i went from some old linksys G router to R-66u, then discovered it's underpowered then ac-87u and now i'm still hungry for more cpu. Waiting for my intel card to get here.

Yorgi i'm pretty sure pia doesn't throttle. If i will be able to get my pfsense up (i'm still not convinced comcast doesn't block pfsense platform) i will be pulling 80-85Mpbs, but was curious what he has on Express vpn. And now im pretty sure it's just marketing scheme for them although they may have best ISP providers so maybe they're better.

and yes if you subscribe yes please let us know, although Yorgi it won't really matter as none of the routers can haul full isp speed yet. 88u overclocked to 1600Mhz can probably pull 70Mbps. Maybe when asus releases 2.0Ghz with ability to overclock to 2.4Ghz then we will. I think we need about 2Ghz dual core to hit 85Mbps on vpn. And that may be on low end with 128aes. If i decide to get physical box it will be 3Ghz i3 box but let's hope i can visualize this and that's if i can get pfsense up with comcast in first place.

I too am convinced that PIA doesn't throttle. I tried a ac66u with 30mbps speed and on vpn it couldn't go past 10mbps with AES 128... that really sucks. The cpu was at 90+%
So it seems that the routers are not capable of going further.
Router manufacturer's have to realize that VPN is a thing of the future and they have to put CPU that are more powerful. I read from this forum where a member said, the cpu's that come with routers are not very good, they call them dual core but they are in no way anything in comparison to what you get from an intel. but there are some crazy cpu's for phones and androids, what would be the big deal for them to put a octacore in one of these routers, then look out
In the meantime I think when you get your pfsence up and running you will be one happy man And what the heck you pay for 100 mbps then you should have that on a VPN as well because it doesn't seem that VPN companies throttle or ISP its the dam routers fault

 

[yorgi]

We could safely say that for this thread anyone buying a router with today's technology,
don't expect to get more then 50 mbps with your VPN in AES-128-CBC encryption via a router,
The routers are not there yet. but if you subscribe to a 50 mgbps instead with your ISP then you will never be bothered that your router can't push the speed it should!

or you can get into pfsence

 

[Chinquapin]

Well...that was a painless firmware swap! All of my existing settings were preserved intact, and that's a pleasant thing! Now to figure out how to assign my (eventual) VPN to its own SSID so that only devices connected through that SSID use the tunnel. I want to understand what I'm doing before I start my ExpressVPN or PIA trial, so I don't waste the trial period figuring out the split tunnel setup. That is new to me. I see that it's trivial to route through the VPN based on my device's assigned IP address. What I want it to be able to selectively connect my device to a specific SSID which is dedicated to VPN traffic. EDIT—ok. I'm looking at Merlin's guidance on this and will pick my way through it until stuck. And move this to another thread.

 

[yorgi]

Well...that was a painless firmware swap! All of my existing settings were preserved intact, and that's a pleasant thing! Now to figure out how to assign my (eventual) VPN to its own SSID so that only devices connected through that SSID use the tunnel. I want to understand what I'm doing before I start my ExpressVPN or PIA trial, so I don't waste the trial period figuring out the split tunnel setup. That is new to me. I see that it's trivial to route through the VPN based on my device's assigned IP address. What I want it to be able to selectively connect my device to a specific SSID which is dedicated to VPN traffic. EDIT—ok. I'm looking at Merlin's guidance on this and will pick my way through it until stuck. And move this to another thread.

Its easier then you think.
Put on Merlin and use this link to setup your VPN
http://www.snbforums.com/threads/ho...n-firmware-a-step-by-step-how-to-guide.30851/
you wont have any down time this how to shows selective routing as you want and its real easy
have fun and let us know how it went

 

[Chinquapin]

THANKS. Will report back when I finally get to this. I'm juggling too many things at the moment to start another project, no matter how small.

 

[psychopomp1]

OP, just be wary that if you're using the Asus AC87R/U you may not get high OpenVPN speeds. When i was using AC87 (stock fw or Merlin fw) I couldn't get speeds higher than 25mbps on my 80mbps VDSL2 service in UK, using the OpenVPN 128 bit protocol - this was on multiple VPN providers. Even running OpenVPN from my pc didn't give me speeds more than 25mbps. After I switched to a Linksys EA8500 router, my OpenVPN 128 bit speeds have shot to 70mbps running OpenVPN on my pc. I'm going to load DD-WRT fw on the EA8500 soon and then run OpenVPN on the router to get a better idea.

 

[Chinquapin]

I've got the RT-AC56U, so hopefully that has sufficient horsepower. I'll find out when I find time to play with this a bit.

 

[Rango]

OP, just be wary that if you're using the Asus AC87R/U you may not get high OpenVPN speeds. When i was using AC87 (stock fw or Merlin fw) I couldn't get speeds higher than 25mbps on my 80mbps VDSL2 service in UK, using the OpenVPN 128 bit protocol - this was on multiple VPN providers. Even running OpenVPN from my pc didn't give me speeds more than 25mbps. After I switched to a Linksys EA8500 router, my OpenVPN 128 bit speeds have shot to 70mbps running OpenVPN on my pc. I'm going to load DD-WRT fw on the EA8500 soon and then run OpenVPN on the router to get a better idea.

That's interesting. 87u can do up to 60Mbps with average 50-54Mbps on optimized channels if overclocked. You were running your vpn on non optimized channel but 70mbps is impressive. That linksys has 1400Mhz so it's higher then 87u stock 1000mhz. CPU is what does vpn so the better the cpu the faster speed will be.

Unfortunately most if not all routers are ARM cpu which suck balls. They etiher need to do quad core or somehow increase througput. That atom cpu would be killing it. It has up to 8 cores and runs up to 2.4Ghz per core while using 15-20W of power. Amazing.

For $250+ u might as well build atom pc 25w power usage and put pfsense on it as router, either buy some wifi cards as AP or use cheap router in AP mode. Pfsense don't support AC mode yet but then again who cares. Using cheap AP like 66u would be ideal. I got my 87u for $44 so i can't complain about pricing and what i get for it.