Tutorial How to Setup a VPN client including Policy Rules for PIA and other VPN providers 384.5 07.10.18

[Diamond67]

Hi,

FYI. Just noticed that there is a rather fresh article available regarding how to setup Private Internet Access on Merlin fw:
https://helpdesk.privateinternetacc...ing-up-an-Asus-Router-running-Merlin-Firmware

I haven't configured the VPN settings of my router yet, and haven't even read thru this thread or instructions by @yorgi. But what do you think of the article?

 

[pusb87]

Hi,

FYI. Just noticed that there is a rather fresh article available regarding how to setup Private Internet Access on Merlin fw:
https://helpdesk.privateinternetacc...ing-up-an-Asus-Router-running-Merlin-Firmware

I haven't configured the VPN settings of my router yet, and haven't even read thru this thread or instructions by @yorgi. But what do you think of the article?

i also saw that post but i followed @yorgi settings and it works fine with PIA

 

[RMerlin]

Just importing an .ovpn file would be so much simpler...

 

[deslauriermc]

while were at it and discussing PIA's VPN and ASUS Merlin configuration, can someone explain why is it that some webpages while on PIA's VPN , are blocked, as the merlin asus page https://asuswrt.lostrealm.ca/ ?? I know the problem is from PIA's side because as soon as I disconnect their VPN ( and I've tried using different servers, different protocoles, same thing happens) I can access these pages again... this is annoying

 

[Diamond67]

can someone explain why is it that some webpages while on PIA's VPN , are blocked, as the merlin asus page https://asuswrt.lostrealm.ca/ ?? I know the problem is from PIA's side

Sorry, cannot tell you why that happens. But you are right. With PIA activated you cannot even Ping or TraceRoute the official Asuswrt-Merlin website.

 

[ToonTonic]

Just pondering, with Merlin firmware installed do I need to setup a different client for each device I want on a VPN?

For instance I have x2 Nvidia Shields I want to be on a VPN (IPVANISH) but don't want anything else running via a VPN on my network.

Can I just put both shields IP's into "Rules for routing client traffic through the tunnel (max limit: 100)"?

Then in the option: "Redirect internet traffic" set to: Policy Rules?

Would there be a conflict if both devices in use at the same time?

I did originally set up as two different clients but kept getting "Error Routing" appear in client 2 which was setup to use a different IPVANISH VPN server.

Further to that, when doing an IP check, it was then showing up my true IP address.

Apologies, very very new to this.

Toon

 

[RMerlin]

Just pondering, with Merlin firmware installed do I need to setup a different client for each device I want on a VPN?

No. This is only for people who need to connect to different VPN servers.

 

[Patje]

In the 380.65 beta versions my openvpn connection with PIA stops every day a few times. All seems okay to me but I can't connect to the Internet. When I restart the client, everything is fine for a few hours. Reverted back to 380.64_2 and everything is fine now.


Verzonden vanaf mijn iPhone met Tapatalk

 

[RMerlin]

In the 380.65 beta versions my openvpn connection with PIA stops every day a few times. All seems okay to me but I can't connect to the Internet. When I restart the client, everything is fine for a few hours. Reverted back to 380.64_2 and everything is fine now.


Verzonden vanaf mijn iPhone met Tapatalk

You will have to ask your provider to see if there's any special configuration required for OpenVPN 2.4.0.

 

[MacG32]

@yorgi You may be interested in these, as they pertain to this guide, new settings, and @RMerlin new firmware. This is how I set it up to work properly. Enjoy.

http://oi68.tinypic.com/2nb8xu1.jpg

http://oi65.tinypic.com/oia9hk.jpg

 

[yorgi]

@yorgi You may be interested in these, as they pertain to this guide, new settings, and @RMerlin new firmware. This is how I set it up to work properly. Enjoy.

http://oi68.tinypic.com/2nb8xu1.jpg

http://oi65.tinypic.com/oia9hk.jpg

All the fields are the same in my guide as you posted.
If you are with Pia you have way to many things on your custom configuration panel.

As far as I am concerned I didn't update to the latest firmware because I am not sure where it was going.
But from what I saw there where no new fields just newer versions of openvpn and I just don't have the time lately to update the firmware and start the router all over again.

 

[RMerlin]

there where no new fields

New settings were added to enable/disable NCP, and to select which ciphers to offer through NCP.

 

[yorgi]

New settings were added to enable/disable NCP, and to select which ciphers to offer through NCP.

Ok I will update the guide. I was not into updating to new firmware due to all the issues that where happening with Asus and the future of Merlin Firwamre. Do you think its a good idea to update? I was a bit afraid of not being able to revert if there where problems.
As it stands now I never have to reboot my router because it works flawless and its the 87U
thanks for the reply Eric

 

[Patje]

For me openvpn2.4.0 is a disaster. Connection is lost once or twice a day. I asked PIA for help but they cannot or will not help me. Reverted back to 380.64_2 and everything is fine now.


Verzonden vanaf mijn iPhone met Tapatalk

 

[RMerlin]

Do you think its a good idea to update?

The main issues that were reported were resolved by reverting the GPL 4180 merge that caused them. What's left is some people will need to adjust their OpenVPN configuration if they are using configuration settings that are now considered obsolete or work differently with OpenVPN 2.4.0. Otherwise, 380.65 does resolve a number of issues related to OpenVPN, @john9527 having identified and resolved a number of timing issues relative to starting/stopping OpenVPN.

The RT-AC87U might (again, sigh) be a particular case. I had one report of wifi-related issues with the RT-AC87U webui, but I haven't had the time yet to investigate.

 

[HardCat]

@yorgi, RT-AC87 here running 380.65 for several days connecting just fine with PIA. I made no changes to my configs that have been in use for months. Of course, this means I am not taking advantage of any of the newer options in OpenVPN 2.4.

 

[ToonTonic]

Been running pretty well for afew days. Have noticed my VPN (IPVANISH) drops out more often than it used too causing me to lose connection until VPN has been restarted on the 88U. Though I'm unsure if this is my VPN provider, ISP (Virgin Media) trying to block or the Firmware.

Have noticed it happens most often around midnight, but not always.

Toon

 

[Xentrk]

I got really close to having 380.65 work with Torguard but ran out of time to work on it since I had to prepare for vacation. See post here.

https://www.snbforums.com/threads/r...-65-is-now-available.37295/page-6#post-306601

I will pick it back up when I return Feb 26 and post my findings here.

 

[Chinatown]

Hi, I have a question I am relocated in china... (the Great Firewall) I bought asus rt-ac68u (stock firmware) which i use as my pppoe dailer to the internet, now I have linux in Hong Kong which i installed openvpn server on it
the problem is when i add openvpn client on my asus it all goes well it connects and everything BUT all the computer in my home get no internet (the idea of course is to have vpn internet to bypass the Great Chinese Firewall)
my question is what can cause such a problem? i am trying to look for solutions online but all i come up with is configuration for vpn providers (since i have my own VPN server i dont really need those)
If anyone can help me it will greatly improve my life here in china.
as for configuration here is the important server configuration part:
port 56283
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 210.220.163.82"
keepalive 10 60
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
ping-timer-rem
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

and this is my client.ovpn (omitting personal information of course)
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote XXX.XXX.XXX.XXX 56283
resolv-retry infinite
nobind
ping-timer-rem
keepalive 10 60
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>
..... etc...

Please can someone explain me what i am doing wrong?
Best regards,
Chinatown

 

[jhonlampart]

Great article, it is applicable for all types of VPN