Tutorial How to Setup a VPN client including Policy Rules for PIA and other VPN providers 384.5 07.10.18

[Rickyrsx]

You should use policy rules and make the device that has netflix go to WAN.
If you have all traffic to VPN then that's why your netflix is not working.
Merlin is a way better alternative firmware but you need to do a little more configuring then ASUS firmware.
ASUS firmware doesn't offer any DNS leak protection therefore useless for VPN

Thanks @yorgi for your tips. Looks like I'll be playing around with the router some more.

 

[yorgi]

Thanks @yorgi for your tips. Looks like I'll be playing around with the router some more.

If you have any problems let us know

 

[xtropodx]

*** I suggest that every time you update to a new firmware do a Default on OpenVPN client then reboot the router and enter the data again. Otherwise you may get into issues where connection drops or other weird things may happen.

Given this is still mentioned, I presume it's still the case.
Just confirming Save/Restore settings isn't an option either, due to other weird things? ie Is it just the "default" that's required, or is restore ok or manual entry reeeally necessary.

Ask as just realised week & half of uptime that VPN has dropped out, failed to connect (Auth failed) however internet still going through.
Steps (ASUS RT-AC3200 on v380.68_2);
-Saved settings.
-Updated firmware.
-Restore settings.
-Reboot in among all this somewhere.
-Made sure VPN connected & works. But now, it's not.

What a PIA this is, having to update all this every time firmware gets updated . It was a fluke I got it working properly the first time lol

On side note: any plans to allow addition of more VPN clients? 2 isn't really enough especially if want to change regions regularly, unless there's a better way?

Thanks

 

[doczenith1]

I think what yorgi is trying to say that you just need to set the VPN settings to default to reset them. You do NOT have to reset the entire router to factory defaults. So, the only settings to reenter are the VPN settings.

 

[yorgi]

Given this is still mentioned, I presume it's still the case.
Just confirming Save/Restore settings isn't an option either, due to other weird things? ie Is it just the "default" that's required, or is restore ok or manual entry reeeally necessary.

Ask as just realised week & half of uptime that VPN has dropped out, failed to connect (Auth failed) however internet still going through.
Steps (ASUS RT-AC3200 on v380.68_2);
-Saved settings.
-Updated firmware.
-Restore settings.
-Reboot in among all this somewhere.
-Made sure VPN connected & works. But now, it's not.

What a PIA this is, having to update all this every time firmware gets updated . It was a fluke I got it working properly the first time lol

On side note: any plans to allow addition of more VPN clients? 2 isn't really enough especially if want to change regions regularly, unless there's a better way?

Thanks

you have 5 VPN clients with Merlin firmware

 

[Patje]

you have 5 VPN clients with Merlin firmware

In the latest firmware versions, Merlin reduced the clients to two on the AC-3200. I thought it's for saving some nvram.


Verzonden vanaf mijn iPhone met Tapatalk

 

[yorgi]

In the latest firmware versions, Merlin reduced the clients to two on the AC-3200. I thought it's for saving some RAM.


Verzonden vanaf mijn iPhone met Tapatalk

i have the 87U with latest firmware and I have 5 clients.
are you sure about this? interesting. Maybe the 3200 is older and can't handle the new code.
you should ask him and see.

 

[Patje]

i have the 87U with latest firmware and I have 5 clients.
are you sure about this? interesting. Maybe the 3200 is older and can't handle the new code.
you should ask him and see.

Yorgi,

Yes I'm sure. It's also written in his changelog: 380.67 (16-July-2017).


Verzonden vanaf mijn iPhone met Tapatalk

 

[RMerlin]

i have the 87U with latest firmware and I have 5 clients.
are you sure about this? interesting. Maybe the 3200 is older and can't handle the new code.
you should ask him and see.

It was in the changelog. The RT-AC3200 doesn't have enough nvram (64 KB) to handle three radios AND 5 OpenVPN clients. A basic RT-AC3200 setup is already using over 60 KB out of 64 KB.

Each OpenVPN instance eats up close to 1 KB of nvram with just the default settings.

Asus is planning a CFE update that will upgrade the RT-AC3200 to 128 KB.

 

[Dugg.dr]

Hello, brand new here, but I've been reading for some time.

I have setup nearly exactly as shown on page 1.
I use PIA openVPN on an Asus RT-AC87U AES-128-CBC, port 1198, us-east server
Acceot DNS config = Exclusive
Cipher Nego = Disabled
Legacy/fallback cipher = AES-128-CBC
Compression LZo Adaptive
TLS = 0
Concection Retry = -1
Redirect Internet traffic = All
tls-client
remote-cert-tls server
auth-nocache
mute-replay-warnings
disable-occ
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"

I get 20Mbps with oVPN on Client 1. With oVPN off I get 75Mbps.

Why could Client 1 be faster? Also, I expected to get nearly 70Mbps with this router and these settings. Am I incorrect or doing something wrong?

Thanks for all the help already! Really appreciate this page!

Edit: I added the following commands and DISABLED NAT acceleration. Speed increase to 35Mbps

fast-io
sndbuf 524288
rcvbuf 524288

Found these setting here: https://www.privateinternetaccess.c...throughput-on-pia-with-an-asus-rt-ac68#latest

 

[xtropodx]

It was in the changelog. The RT-AC3200 doesn't have enough nvram (64 KB) to handle three radios AND 5 OpenVPN clients. A basic RT-AC3200 setup is already using over 60 KB out of 64 KB.

Each OpenVPN instance eats up close to 1 KB of nvram with just the default settings.

Asus is planning a CFE update that will upgrade the RT-AC3200 to 128 KB.

That's odd. Could swear stock firmware allows you to just 'add' VPN's, don't know if it had limit though. But yeah, 3200 & only 2. Thanks for explanation though.

 

[RMerlin]

That's odd. Could swear stock firmware allows you to just 'add' VPN's, don't know if it had limit though.

Filling up nvram would lead to router crashes and potentially losing all your existing settings. That's why I decided to protect users against this happening by limiting the number of allowed OpenVPN clients.

 

[Rpony]

Hi Yorgi,
Just switched internet providers with 100/10-Cable. No VPN-105-7 down.
Updated router to newest firmware. Reset, then setup VPN exactly as show on your latest updated.
Even though it's a solid 20mb/s I cannot break 20 down with PIA. Any ideas or suggestions?
According to your article port 1198 with 128 encryption should get approx 50-60mb/s.
Thoughts?

 

[Rpony]

Does anyone here have any advice on my above post?? Anyone?

 

[RMerlin]

Does anyone here have any advice on my above post?? Anyone?

You didn't specify what router you have. Performance will depend on your router's CPU.

 

[Rpony]

Oops, my bad Merlin. It's the Asus RT-68U

 

[john9527]

Does anyone here have any advice on my above post?? Anyone?

I ran into the same thing recently....
I was getting 50Mb/s+ and suddenly got capped to 20Mb/s. Try making the following script (remember to make sure it's in linux format and set executable)

/jffs/scripts/init-start

#!/bin/sh

# Adjust core buffers (default 122880)
echo 1040384 > /proc/sys/net/core/rmem_max
echo 1040384 > /proc/sys/net/core/rmem_default
echo 1040384 > /proc/sys/net/core/wmem_max
echo 1040384 > /proc/sys/net/core/wmem_default

# Set TCP buffers (default 4096 87380 992000)
echo "4096 131072 992000" > /proc/sys/net/ipv4/tcp_rmem
echo "4096 131072 992000" > /proc/sys/net/ipv4/tcp_wmem

# Set UDP buffers (default 23250 31000 46500)
echo "122880 520192 992000" > /proc/sys/net/ipv4/udp_mem

# Increase max connections per port
echo 1024 > /proc/sys/net/core/somaxconn

# Increase NETDEV backlog
echo 2048 > /proc/sys/net/core/netdev_max_backlog

 

[Rpony]

Hey John
Thanks for the reply! It's Greatly appreciated. What does the script mean and do and how do I apply it? Never done scripts before? Any explanation on the cap? Why is it happening?
More help would be welcomed. So did your script resolve the speed issue?

 

[patrick sullivan]

Sorry if this has been covered...but, how do I open ports on a router set exclusively through a VPN? I have everything set up and working perfectly, but need a port opened. Running Merlin's latest FW with PIA VPN set to Yorgi's guide settings.....

 

[frooty]

pull-filter ignore "auth-token"

YES!! Thank you for this tip. I've been having to restart all my vpn clients every day for ages, but after adding this to my custom config yesterday they were all still connected this morning - hopefully I'll not have to go through the whole vpn restarts every morning any more. Great stuff!

Many thanks & great work RMerlin.