Help Request - Merlin 384.12, RT-AC68U, and PIA VPN

[pvanryn]

I recently purchased a subscription to PIA VPN and enabled it on my AC68U using this guide for Merlin firmware. I could not get it to connect, authorization kept failing. The instructions in part are:

• Cipher Negotiation: Enable (with fallback)
• Negotiable ciphers: AES-256-GCM, AES-128-GCM
• Legacy/fallback cipher: Default
• TLS control channel security (tls-auth/tls-crypt); Disabled
• Auth Digest: Default

I changed negotiable ciphers to AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC, and legacy/fallback cipher from default to AES-128-CBC and everything works as expected. I *assume* that this means means my data is indeed falling back to AES-128-CBC. My question is; Is this an acceptable level of encryption? Is there something else I should change to authenticate at a higher standard?

 

[CaptainSTX]

The VPN provider determines what type of encryption is used on each of their servers/ports.

In the case of PIA their default encryption is AES-128-CBC on port 1198. If you want to use AES-256-CBC then you need to use a configuration for Port 1197.

The simplest way to connect to PIA is to go to their configurator:

https://www.privateinternetaccess.com/pages/ovpn-config-generator

***Not all configurations offered are supported on ASUS routers.

Select the location of the server you want and the type of encryption you want to use. Then download the OVPN file it generates to your computer, select this file on your router, upload the file, add your user name and password (which is not the same as your PIA account credintials) click apply and it should be running.

If you want you can add a few things to your custom configuration:

sndbuf 524288
rcvbuf 524288
fast-io

However I'm not sure they make any difference in through put.

Also on my AC86 there doesn't seem to be much of a difference speed wise in running AES-256 vs AES-128.

 

[pvanryn]

That did the trick Captain - thank you!