1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Help Request - Merlin 384.12, RT-AC68U, and PIA VPN

Discussion in 'Asuswrt-Merlin' started by pvanryn, Jul 15, 2019.

  1. pvanryn

    pvanryn New Around Here

    May 13, 2018
    I recently purchased a subscription to PIA VPN and enabled it on my AC68U using this guide for Merlin firmware. I could not get it to connect, authorization kept failing. The instructions in part are:

    • Cipher Negotiation: Enable (with fallback)
    • Negotiable ciphers: AES-256-GCM, AES-128-GCM
    • Legacy/fallback cipher: Default
    • TLS control channel security (tls-auth/tls-crypt); Disabled
    • Auth Digest: Default

    I changed negotiable ciphers to AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC, and legacy/fallback cipher from default to AES-128-CBC and everything works as expected. I *assume* that this means means my data is indeed falling back to AES-128-CBC. My question is; Is this an acceptable level of encryption? Is there something else I should change to authenticate at a higher standard?
  2. CaptainSTX

    CaptainSTX Part of the Furniture

    May 2, 2012
    The VPN provider determines what type of encryption is used on each of their servers/ports.

    In the case of PIA their default encryption is AES-128-CBC on port 1198. If you want to use AES-256-CBC then you need to use a configuration for Port 1197.

    The simplest way to connect to PIA is to go to their configurator:


    ***Not all configurations offered are supported on ASUS routers.

    Select the location of the server you want and the type of encryption you want to use. Then download the OVPN file it generates to your computer, select this file on your router, upload the file, add your user name and password (which is not the same as your PIA account credintials) click apply and it should be running.

    If you want you can add a few things to your custom configuration:

    sndbuf 524288
    rcvbuf 524288

    However I'm not sure they make any difference in through put.

    Also on my AC86 there doesn't seem to be much of a difference speed wise in running AES-256 vs AES-128.
    Kingp1n and QuikSilver like this.
  3. pvanryn

    pvanryn New Around Here

    May 13, 2018
    That did the trick Captain - thank you!