What's new

Tutorial How to Setup a VPN client including Policy Rules for PIA and other VPN providers 384.5 07.10.18

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Just set my tv box up on PIA today using OP settings, all good :) Getting 57mb/s down on AES-128-CBC, which is only 18mb/s short of my full speed, not bad, I'll take that thank you.
 
Thanks for everyone’s collaboration on this. I’ve finally been able to get over 50 mbps and at some point peaked 70 for a couple of seconds on my AC3100. My ISP speeds are 100/35.
 
I think what yorgi is trying to say that you just need to set the VPN settings to default to reset them. You do NOT have to reset the entire router to factory defaults. So, the only settings to reenter are the VPN settings.

How should I go about resetting just my vpn settings to defaults without resetting the entire router? Thanks in advance.
 
How should I go about resetting just my vpn settings to defaults without resetting the entire router? Thanks in advance.

On the VPN client page, at the bottom, is a "default" button. This button resets the VPN settings of the client.


Verzonden vanaf mijn iPhone met Tapatalk
 
On the VPN client page, at the bottom, is a "default" button. This button resets the VPN settings of the client.


Verzonden vanaf mijn iPhone met Tapatalk

That is strange as I don't see a "default" button at the bottom of the client vpn page. I only see a "apply" button. I am running 380.68_4. Not sure if that makes a difference.
 
That is strange as I don't see a "default" button at the bottom of the client vpn page. I only see a "apply" button. I am running 380.68_4. Not sure if that makes a difference.

Same firmware for me on my RT-AC3200 with "default" button.
416e9b16a2666b5df8fe549dd5ed581e.jpg



Verzonden vanaf mijn iPhone met Tapatalk
 
Darn it. Seems like I may have to reset my router after all. Anyway to accomplish resetting the vpn client via the CLI? Thanks for quick reply.
 
Darn it. Seems like I may have to reset my router after all. Thanks for quick reply.

No problem,

Good luck.


Verzonden vanaf mijn iPhone met Tapatalk
 
Thanks for the great tutorial. I have been abroad for a few months (without internet), I came back and moved to a new appartement with cable internet and router. I have them on different subnets. Internet does work. Unfortunately I am still having problems starting my VPN. For some reason it does not route through it when I try ipleak.net.

I have no idea what I did wrong. I am trying for 4 hours now with different settings :x I added the pictures of my settings and the log when starting up (I cleared it before).

Thanks in advance :)!

Additional: can it be that ipleak does not work because my (first) cable modem/router is without vpn? Or actually it should not be a problem because when I use the client on my computer it does work.
 

Attachments

  • Schermafdruk 2017-11-25 21.17.15.png
    Schermafdruk 2017-11-25 21.17.15.png
    152.6 KB · Views: 705
  • Schermafdruk 2017-11-25 21.22.56.png
    Schermafdruk 2017-11-25 21.22.56.png
    334 KB · Views: 663
  • Schermafdruk 2017-11-25 21.23.28.png
    Schermafdruk 2017-11-25 21.23.28.png
    367.2 KB · Views: 471
  • Schermafdruk 2017-11-25 21.36.53.png
    Schermafdruk 2017-11-25 21.36.53.png
    225 KB · Views: 455
Last edited:
As a reply on my own inquiry:
After a long search of different methods I found out that my provider works with IPv6 protocol. I was not able to turn on DMZ either. So I called them, they turned IPv4 on and I was able to activate DMZ for my second router (Asus RT-AC68U).
Speed is very slow but VPN works.

Now I am trying to figure out how to speed up the network, but that is a different discussion all together.
 
Last edited:
Thanks @yorgi for this tutorial!
I am migrating from ASUS stock firmware to Merlin's magic and I found this tutorial to be a great help to get my PIA VPN tunnel up and running.

I have one question left.
In the opening post you say:
When you select "All" if VPN goes down you are protected as it has an automatic feature with the firewall which stops traffic until VPN is re established.
Is this still correct?
A lot of other tutorials and topics on the web focus on policy rules to activate the kill switch.
When I understand the quote correct (and if the quote is still true) this would be the easiest way to route all of my network traffic through the tunnel and have a kill switch at the same time.
I don't know how to test this, if I knew I would not have asked.....
 
Great right up, up and running on my AC68U with Merlin. I have a few questions.

Redirect Internet traffic - Policy Rules (strict)
Block routed clients if tunnel goes down - Yes
Rule: Source IP 192.168.1.0/24 Destination IP 0.0.0.0 lface VPN

Is this supposed to be like a kill switch?

I ask because I noticed when I would make changes to settings, the VPN would say Connecting...
If I would go to ipleak.net while it was doing this I would see my ISP. (not the VPN)

Is it possible set to so there is no connection unless the VPN is up?
 
I've found by setting "Redirect Internet traffic" to "All", as per:

If you do not want to use Policy rules and want all your traffic to go to the VPN then simply use "ALL" in the Redirect Internet traffic option. When you select "All" if VPN goes down you are protected as it has an automatic feature with the firewall which stops traffic until VPN is re established. Redirect Internet Traffic option is covered in the second part of the guide.

Has still allowed traffic through even if VPN fails, least on the last several firmware updates I've done. So not sure if it's because of some issue/corruption with router, or if instructions are wrong, but I've now changed it to "No". Now done full update, full factory reset & manually updated everything & will see how it goes.

What I want to know is, is there some way to configure router to email you if/when VPN fails?
 
I need some assistance please. I purchased PIA us-west.privateinternetaccess.com 1198 to listen to Pandora. Following PIA page https://helpdesk.privateinternetacc...ing-up-an-Asus-Router-running-Merlin-Firmware I had no success so following first post on this thread I adjusted my Cipher Negotiation to Disabled and updated Custom Configuration to same as screenshot on first post.

I was able to get to https://www.pandora.com and start playing a song but the Internet light on my RT-AC88U turns red after a couple of minutes. The Network Map page says WAN is connected and VPN page says I'm connected. After approx. 5 minutes the Internet light turns white but the VPN Service state has turned off.

I want to listen to Pandora on my SONOS Sound Bar eventually.

I'm running Merlin 382.1_2 on RT-AC88U

Any advice would be appreciated.

PS I have Dual WAN running with 4G USB modem for failover if that's problematic?

EDIT: I changed all settings to same as screenshot on first post and VPN appears to be staying up now. I can get a song to start playing on SONOS Sound Bar then it stops with an error about not insufficient network connection speed. Running a speed check ping is 399ms, download 0.50, upload 6.79. When VPN is off I get ping 9ms, download 96, upload 38.

I currently have Redirect Internet Traffic set to All, but once I get this working would like to have SONOS running on VPN and all other traffic bypassing it.
 
Last edited:
That article is dated. I have been successful using the opvn files from this zip file:
https://www.privateinternetaccess.com/openvpn/openvpn.zip

Edit: I just looked in the zip file and the ovpn files are dated 12/26/2017. I've been using a file from 2/2017. I wonder what they updated???
I took a look at the chicago ovpn file and it doesn't appear to have any changes from the file I imported from 2/2017.
 
Last edited:
I'm running 382.1_2 on my 86U. Your 88U should do around 70-80 Mbps on PIA based on what my 3100 did when I tested it a year ago. Try adding the following custom config variables for a small bump in speed:
rcvbuf 524288
push "rcvbuf 524288"
fast-io
 
I know PIA is in the process of "officializing" their Asuswrt-Merlin support, so I wouldn't be surprised if they were making tweaks to the .ovpn files. I know they have something under development related to this.

Personally I'm using the .ovpn file from a few months ago for my tests, with just the addition of

Code:
pull-filter ignore "auth-token"

to resolve the failures to re-authenticate on session expiration. Unsure if that'd still be necessary today however.
 
I'm running 382.1_2 on my 86U. Your 88U should do around 70-80 Mbps on PIA based on what my 3100 did when I tested it a year ago. Try adding the following custom config variables for a small bump in speed:
rcvbuf 524288
push "rcvbuf 524288"
fast-io
I added those commands in and it near doubled the download speed and increased upload by 2Mbps. Ping is still really high?

Speed Test Ping 237 ms, Download 32.32 Mbps, Upload 8.06 Mbps
 
Large buffers can negatively impact latency, that's why I'm not a fan of them. For Internet traffic, latency can be more important than squeezing a few extra mbits of performance IMHO.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top