help with expressVPN and Merlin fw.

[unclebuk]

Hello,

I updated an AC88U to Merlin FW today and now I'm hoping to find a configuration guide detailing expressVPN's (no support from expressVPN website) openVPN client installation on the router with Merlin 380-64_2. Although I am able to connect now, there are numerous settings I am unsure about.

So, if anyone knows of such a detailed procedure for fine tuning expressVPN's openVPN Clients on Merlin, please point me in the right direction, it would be much appreciated.

Thanks in advance,
unclebuk

 

[octopus]

Can this help: https://www.expressvpn.com/support/vpn-setup/

 

[CaptainSTX]

Have you tried the simple solution of just clicking on the upload button and just uploading the ovpn file from your VPN provider? It worked using a file from Astrill and it was up and running in less than a minute.

 

[unclebuk]

Can this help: https://www.expressvpn.com/support/vpn-setup/

no merlin support guides, so not much help.

 

[unclebuk]

Have you tried the simple solution of just clicking on the upload button and just uploading the ovpn file from your VPN provider? It worked using a file from Astrill and it was up and running in less than a minute.

yeah, i have installed an ovpn file, got it to connect after messin with all the settings I know nothing about. But to me, I see a big difference from stock FW, especially so many more configurable features. I have questions too, like "can I disable encryption for an ovpn configured VPN Client"?? Many other "unknowns" as well. I want to get ahead of them and have full knowledge and control of the vpn clients.

Thank you.

 

[tomsk]

no merlin support guides, so not much help.

I just imported the .ovpn file into the client 1 and it worked fine out of the box. Express VPN ovpn files are one of those providers that put the keys and certs into the file so you dont have to copy/paste.

 

[unclebuk]

I just imported the .opvn file into the client 1 and it worked fine out of the box. Express VPn open files are one of those providers that put the keys and certs into the file so you dont have to copy/paste.

acknowledged, thanks dude.

PS; whats your thoughts on expressVPN's performance?

 

[tomsk]

yeah, i have installed an ovpn file, got it to connect after messin with all the settings I know nothing about. But to me, I see a big difference from stock FW, especially so many more configurable features. I have questions too, like "can I disable encryption for an ovpn configured VPN Client"?? Many other "unknowns" as well. I want to get ahead of them and have full knowledge and control of the vpn clients.

You may want to go and have a fish around in the SNB VPN forum
https://www.snbforums.com/forums/vpn.12/
lots of juicy info and guides in there which might get help get you started....... You are running an AC88 so you should have plenty of horsepower for the strong encryption that ExpressVPN uses by default (AES 256 if i remember correctly)

 

[unclebuk]

You may want to go and have a fish around in the SNB VPN forum
https://www.snbforums.com/forums/vpn.12/
lots of juicy info and guides in there which might get help get you started....... You are running an AC88 so you should have plenty of horsepower for the strong encryption that ExpressVPN uses by default (AES 256 if i remember correctly)

okay, I'm on it. Thank you.

 

[octopus]

no merlin support guides, so not much help.

https://www.expressvpn.com/support/vpn-setup/manual-config-for-asus-router-with-openvpn/

 

[unclebuk]

https://www.expressvpn.com/support/vpn-setup/manual-config-for-asus-router-with-openvpn/

yes, I did study this guide, too vague, no detail.

Thank you,
unclebuk

 

[Seth Harman]

I know this is an old thread but I thought I'd provide some guidance specifically for ExpressVPN setup under the Merlin firmware. If you look at the image I've provided you'll see several settings circled in red, these are the settings that I've changed from default that you'll want to pay attention to after uploading the .ovpn file of your choice from ExpressVPN.

The first setting is "Accept DNS Configuration". By changing this to "Exclusive" you'll prevent DNS leaks for clients going out over the VPN tunnel, you can test for leaks by using the following URL: https://www.expressvpn.com/dns-leak-test. If you've ever gotten a proxy warning from an online video streaming provider because you're trying to change your region, this solves that problem.

The next two settings are "Redirect Internet Traffic" and "Block Routed clients if tunnel goes down", and these relate to the list of IP addresses you see directly underneath those settings. These two settings and the list of associated IP addresses only matter if you want to only have certain devices on your network using the VPN tunnel and everything else using your regular connection, otherwise leave these settings at their default. To make this work the devices you want to restrict need to have fixed IP addresses within your local network. Set "Redirect Internet traffic" to "Policy Rules (strict)". and "Block routed client if tunnel goes down" to "Yes", and then add whatever clients you want to use the VPN tunnel. These settings specify that the clients in the list below can only reach the outside world through the VPN tunnel, and if the VPN tunnel goes down they do not failover to the regular connection. I do it this way because when those clients stop being able to reach the Internet I know the VPN tunnel has gone down and I can reset it. Note that you'll have to fill in the list of clients separately for each individual VPN connection you setup on the router as each VPN connection has independent settings and they don't simply copy over.

Every other settings is the default after uploading an OpenVPN file and inputting my username and password for the VPN.