Help for a VPN semi-noob

TheLyppardMan

Very Senior Member
I am about to try out NordVPN for my Amazon Fire TV stick, but it can also be used on various other devices and also, according to their detailed instructions, be installed on ASUS routers running Merlin firmware. What I'm very unclear about is this: if I install it on my RT-AX88U and it happens to work, how would that interact with say, a Windows laptop which also had the same or another brand of VPN on it? Would there be a conflict that would require the VPN on the computer to be disabled when on my local network for instance? Also, I did manage to get OpenVPN working on my router as a server, so that if I need to access it or files on my network when away from home, I could connect using the VPN (I think that was some advice I picked up on this forum a while back). Would adding NordVPN affect the setup I have got at the moment (I'm assuming not as the one I have now is for incoming connections, whereas the NordVPN would be for outgoing connections (wouldn't it?).
 

Wallace_n_Gromit

Senior Member
I am about to try out NordVPN for my Amazon Fire TV stick, but it can also be used on various other devices and also, according to their detailed instructions, be installed on ASUS routers running Merlin firmware. What I'm very unclear about is this: if I install it on my RT-AX88U and it happens to work, how would that interact with say, a Windows laptop which also had the same or another brand of VPN on it? Would there be a conflict that would require the VPN on the computer to be disabled when on my local network for instance?
When I first purchased NordVPN service, I was trying to figure out how to best configure it on my home network/smart phones. I did find that I could use 1 of my 6 allowed connections on my Merlin Asus router as a NordVPN client and still have my wife's Smart phone as the 2nd client to NordVPN go through the router. A VPN tunnel within a VPN tunnel. Don't see why, logically, this would not work with another VPN service.

Using my router as a VPN client was a problem though. YoutubeTV will not work within a VPN tunnel. And sometimes Amazon Prime Videos will not work using some of the NordVPN servers. If you run NordVPN within the Amazon Fire TV stick, be aware that some streaming services may not work. Also some websites (i.e. Financial firms) will not allow access from known VPN servers.

Also, I did manage to get OpenVPN working on my router as a server, so that if I need to access it or files on my network when away from home, I could connect using the VPN (I think that was some advice I picked up on this forum a while back). Would adding NordVPN affect the setup I have got at the moment (I'm assuming not as the one I have now is for incoming connections, whereas the NordVPN would be for outgoing connections (wouldn't it?).
I vaguely remember (I'm old, that's how I remember nowadays ;) ) that there were discussions about the capability/or lack thereof to run a server and client at the same time on your asus router. If it is possible (seem to remember it was very problematic for the poster), the default port (i.e. 1194) would have to be modified on the server or the router. Best to do a search.

Edit: One option would be to use a second device (Raspberry Pi) as a VPN server and have the router port forward(ing) to it as the router takes on the duties as a VPN client.
 
Last edited:

eibgrad

Part of the Furniture
Any LAN-based OpenVPN client (e.g., Windows) will always supercede any OpenVPN client on the router. However, that LAN-based OpenVPN client will likely be routed through the OpenVPN client on the router unless the router has enabled PBR (policy based routing) and that device has been excluded as a result. Up to you whether that matters (minimally it will likely degrade performance if NOT excluded).

As far as the OpenVPN server and client on the same router, they normally won't interfere w/ each other, AS LONG AS the router is configured w/ PBR on the OpenVPN client. That's because in order for remote OpenVPN clients to reach your router's OpenVPN server, the router itself has to be OFF the router's OpenVPN client, which is a side-effect of implementing PBR.

P.S. One possible gotcha (although rare) is having the OpenVPN server and OpenVPN client on the router using the same tunnel IP network (e.g., 10.8.0.0/24). They *must* be different, and should they be the same, you'll have to change the OpenVPN server (e.g., 10.9.0.0/24) to accommodate the OpenVPN client. That's something to keep an eye out for.
 
Last edited:

TheLyppardMan

Very Senior Member
Thanks for the detailed answers folks. I think I'll avoid the router option for now as it seems rather complicated.
 

TheLyppardMan

Very Senior Member
I did have another go at this yesterday and to my surprise, I managed to get Surfshark VPN working on my ASUS RT-AX88U relatively easily. However, I was sort of blindly trying out options from that point forward, not really knowing what effects the changes I was making would have on the connectivity of the devices on my network. I tried the Policy/Policy (Strict) options, as well as leaving the setting on not forcing clients to use the VPN and also forcing clients to use the VPN. I did get some odds results, particularly on the Fire TV sticks, but I wasn't sure whether that was because I still had the Surfshark apps installed on the Fire TV sticks (I had them set to "disconnected" and was just using them to show the connected IP addresses). I think the best option, if it's possible to do it, would be to use the Surfshark apps where I could, but have the option to force some or all of the other devices on the network to either use or not use the VPN as appropriate. Would that be possible and if so, what settings would I need to apply?
 

New2This

Senior Member
I have NordVPN along with the fire stick wired,on the network and if I have the fire-stick running through the VPN prime won’t work, it detects the VPN. All other apps will work through the VPN

I also have the Policy set to strict and dns set to disable as I have a pihole/unbound running on the network
 

New2This

Senior Member
All you need to get is set the source IP and the Iface to WAN for the devices that you want to route through the ISP
 

TheLyppardMan

Very Senior Member
I set up Surfshark VPN on my RT-AX88U as per the uploaded screenshots, but although the policy rule worked for my laptop, my Fire TV kept to using my WAN connection. I tried rebooting it, but no change. Have I missed something?
 

Attachments

  • VPN Config 1.jpg
    VPN Config 1.jpg
    36.3 KB · Views: 49
  • VPN Config 2.jpg
    VPN Config 2.jpg
    34.9 KB · Views: 56
  • VPN Config 3.jpg
    VPN Config 3.jpg
    45 KB · Views: 56

ColinTaylor

Part of the Furniture
Looks like it should be working. How have you determined that it's still using the WAN connection?
 
Last edited:

New2This

Senior Member
Unless your fire stick has changed IP...might have to go into the fire stick and manually and set up a static IP

You have rebooted both (router and fire stick)?
 

GSpock

Senior Member
as mentioned above, after having checked the IP address is correct, make sure you set the parameter "block routed clients if tunnel goes down" to No .... then you are sure it will never connect via WAN
 

TheLyppardMan

Very Senior Member
Thanks Folks. FYI, I had already set up my Fire TV Stick to a static IP address (as most of my regular network devices already are) and rebooted both devices. To check that it was still connected to the WAN, I used the Firefox app to navigate to whatismyipaddressdotcom and this confirmed the static IP address associated with my WAN connection. I may try your suggestion GSpock, but if I do, is there a way to not have that apply to some other devices on the network?
 

GSpock

Senior Member
Thanks Folks. FYI, I had already set up my Fire TV Stick to a static IP address (as most of my regular network devices already are) and rebooted both devices. To check that it was still connected to the WAN, I used the Firefox app to navigate to whatismyipaddressdotcom and this confirmed the static IP address associated with my WAN connection. I may try your suggestion GSpock, but if I do, is there a way to not have that apply to some other devices on the network?
the parameter applies only to the routed clients, i.e. all those IP that you will define in the client section "rules for routing client traffic ..." with VPN as iface.
 
Last edited:

TheLyppardMan

Very Senior Member
the parameter applies only to the routed clients, i.e. all those IP that you will define in the client section "rules for routing client traffic ..." with VPN as iface.
Thanks for the clarification. I'll give it another go within the next day or so.
 

TheLyppardMan

Very Senior Member
I did set this up again a couple of days ago, but I had another problem with the Fire TV Sticks - when trying to determine my IP address using an Internet browser app, I received an error message about security (sorry, but I cannot remember the actual message). So what I have done now is to start setting up the router so that everything except the Fire TV Sticks, the router itself and devices likely to be taken out of the home use the VPN via the router and the other devices to use the local Surfshark app. I also have the option to set up my local network as "trusted" on the mobile apps, so that the app only applies the VPN when those devices are taken away from home, but I may not need to use that feature.
 

Attachments

  • Screenshot - 15_05_2021 , 10_03_20.png
    Screenshot - 15_05_2021 , 10_03_20.png
    35 KB · Views: 33

TheLyppardMan

Very Senior Member
After further problems* later this morning, I have decided to abandon the idea of putting the VPN on the router.

*I couldn't access my e-mail accounts (using The Bat!) from my other laptop and then Roboform threw up a no access message of some sort (on the laptop that I thought was working OK) and then finally, I couldn't access the router's GUI, so I had to reboot the router from the power switch, uninstall the VPN, dismount the USB drives (just in case) and then reboot the router a second time. I'll just stick with the Surfshark apps on devices where I can use it and not worry about anything else; it's all too much hassle.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top