What's new

Tutorial How to Setup a VPN client including Policy Rules for PIA and other VPN providers 384.5 07.10.18

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I have experimented with Kodi and Terrarium on the Fire TV and Raspberry Pi. I had buffering and freezing isssues. I suspected it was due to the CPU in these devices as I know others who use Terrerium on Android boxes and have no problems. So, I recently purchased the Nvidia to find out for myself. With the Nvidia, have no problems with buffering , which confirms my suspicions it was the device CPU architecture rather than any issues with the VPN. What device are you using?

Be aware that geo location spoofing on Android boxes may be more difficult though. See
https://www.snbforums.com/threads/google-knows-the-geolocation-of-your-wifi-router.46162/


I have the Shield too. Just wanted to let you all know I changed the PIA Server and made some custom configuration and now the freezing is gone.
 
Anyone here using this solution and Terrarium TV? I'm getting good speed while on VPN but once I use terrarium tv I get a lot of freezing. Once I take it off the VPN then is fine.
I am using Terrarium TV through a vpn installed on a router....
Initially I had no buffering but after a month or so I started to have issues of buffering.... I got a Real Debrid account....6 months for $25 US. .I have absolutely no freezing, buffering now because of the streams that are coming from Read Debrid.
 
I am using Terrarium TV through a vpn installed on a router....
Initially I had no buffering but after a month or so I started to have issues of buffering.... I got a Real Debrid account....6 months for $25 US. .I have absolutely no freezing, buffering now because of the streams that are coming from Read Debrid.

I have the same setup and it was working fine. Looks like it was the server I was connecting to. Once I changed that now is much better.

FYI you can get Real Debrid account for way less than that ;)
 
I will be updating the article with the latest firmware soon. Nothing much has changed besides the certificates are in a new section.
 
Yorgi...I read somewhere that the custom config field or some other field was being removed in the new firmware so I didn't update because WE had entries in it...sorry to be so vague...little busy as always.
 
Yorgi...I read somewhere that the custom config field or some other field was being removed in the new firmware so I didn't update because WE had entries in it...sorry to be so vague...little busy as always.

The custom fields were NOT removed...

Code:
  - CHANGED: Revised OpenVPN server options:
              o Removed "TLS Reneg time" (rarely used, can manually
                be set as a custom option)
              o Removed "Server Poll" (which didn't work
                properly), and reimplemented watchdog service,
                hardcoded to 2 mins frequency.
              o Removed "Push LAN" and "Redirect Gateway",
                replaced with new Client Access setting
              o Removed Firewall setting (firewall rules are now
                always created, and the broken External mode
                was fixed and integrated into the new Client
                Access setting).  You can now use the postconf
                script to override it.
              o Removed option to respond to DNS queries - enabling
                the option to Push DNS will also handle it
              o Added new Client Access setting to select between
                three types of access: LAN only, WAN only (will
                block access to the LAN, including the router
                itself) and LAN + WAN.
              o Keys and certificates can now be up to 7999
                characters long.

   - CHANGED: Revised OpenVPN client options:
              o Reorganized settings into groups
              o Removed "Poll Interval" (which didn't work
                properly), and reimplemented watchdog service,
                with a hardcoded frequency of 2 mins.
              o Removed Firewall setting (firewall rules are now
                always created).  You can now use the postconf
                script to override it.
              o Modified behaviour of Connection Retry.  Instead
                of taking a value in seconds that only affected
                resolution failure, it now takes a number of
                attempts, and affects connection failures.
                Resolution failures will now retry for an infinite
                period of time (the default OpenVPN value).
              o Added "refresh" link which can be clicked to
                re-query the public IP endpoint of the tunnel
              o Keys and certificates can now be up to 7999
                characters long.
 
Using RT-AC86U - Firmware 384.5 - NordVPN OpenVPN - TCP protocol - block routed clients option.
After running very well during some 7 days, internetconnection was lost and was not automatically recovered.
Been trying to discover the reason but not knowledgable enough to read the OpenVPN entries in syslog.
Would someone be willing to help me reading the syslog and find a possible reason?

Please find attached the VPN Client settings and the syslog entries.
Thank you so much in advance,
Vince.
 

Attachments

  • VPN_Client_Settings_384.5.pdf
    262.7 KB · Views: 406
  • InternetLossTCP.pdf
    111.4 KB · Views: 426
Last edited:
No answer yet, everyone same problem or am I unique on this?
Well, setting "Redirect Internet Traffic" to No seems to result in a stable situation, though hate to lose this option
 
I recently updated to a 100 mb/s and I noticed a few problems that I didn't have before.
Prior to this 100 mb/s I had 30 mb/s and when I did speed tests I always had 30mb/s for the VPN
With 100 mb/s its not the same. I get reduced speeds more in the 25-27 mb/s or even lower depending on the server I am using but not any higher than that.
I have read in the past when we had major discussions about this and people that had 100 mb/s or higher where experiencing weird speed tests.
By disabling NAT it helps a bit but the reality of this speed test is that its not accurate at all.
Maybe its an accurate figure when you have no VPN connection but when you are connected to a VPN the results are very different.

I am happy to report that even though the speed test is not accurate when you take the tests to a real world situation such as downloading a torrent that has tons of seeds you will notice that your speeds will be more in the range of 60 mb/s or more depending on how fast your cpu is.
I have the 87U which is a dual core and these are my results. I am sure if you have a newer generation router you will be able to achieve even faster speeds.

So don't go freaking out because speedtest.net shows you are only getting 20mb/s when your modem is 200 mb/s
try it out with real world situations and you will see that the speed test is useless and you are getting way better speeds then speedtest.net shows!
 
Last edited:
Using RT-AC86U - Firmware 384.5 - NordVPN OpenVPN - TCP protocol - block routed clients option.
After running very well during some 7 days, internetconnection was lost and was not automatically recovered.
Been trying to discover the reason but not knowledgable enough to read the OpenVPN entries in syslog.
Would someone be willing to help me reading the syslog and find a possible reason?

Please find attached the VPN Client settings and the syslog entries.
Thank you so much in advance,
Vince.

Simply paste the following in your system configuration.
pull-filter ignore "auth-token"
 
I am happy to report that even though the speed test is not accurate when you take the tests to a real world situation such as downloading a torrent that has tons of seeds you will notice that your speeds will be more in the range of 60 mb/s or more depending on how fast your cpu is.
I have the 87U which is a dual core and these are my results. I am sure if you have a newer generation router you will be able to achieve even faster speeds.

So don't go freaking out because speedtest.net shows you are only getting 20mb/s when your modem is 200 mb/s
try it out with real world situations and you will see that the speed test is useless and you are getting way better speeds then speedtest.net shows!

Not sure why you feel a speed test will be not be adequately representing your real-world throughput?

1ORcgLZ.png

redirect-gateway def1 (all traffic is forced thru the OpenVPN tunnel) throughput between remote OpenVPN client connected to OpenVPN Gateway Server router TAP / UDP via port 1194 pictured above...

z3vpFiE.png

Typical (not passing thru OpenVPN tunnel) throughput from remote client pictured above...local OpenVPN Gateway Server router achieves this same throughput since it is also on the XMission Utopia active ethernet fiber network
 
Last edited:
Not sure why you feel a speed test will be not be adequately representing your real-world throughput?

1ORcgLZ.png

redirect-gateway def1 (all traffic is forced thru the OpenVPN tunnel) throughput between remote OpenVPN client connected to OpenVPN Gateway Server router TAP / UDP via port 1194 pictured above...

z3vpFiE.png

Typical (not passing thru OpenVPN tunnel) throughput from remote client pictured above...
First I would like to ask what router you are using?
Second, if you are downloading a really healthy torrent do you get more then 22 MB/s?
 
Not sure why you feel a speed test will be not be adequately representing your real-world throughput?

1ORcgLZ.png

redirect-gateway def1 (all traffic is forced thru the OpenVPN tunnel) throughput between remote OpenVPN client connected to OpenVPN Gateway Server router TAP / UDP via port 1194 pictured above...

z3vpFiE.png

Typical (not passing thru OpenVPN tunnel) throughput from remote client pictured above...local OpenVPN Gateway Server router achieves this same throughput since it is also on the XMission Utopia active ethernet fiber network
Also you are using TAP and 1194
Are you using PIA for your VPN provider?
My results where not like yours with the speetest but I do get 60 Mbps when I do torrents.
I will try the TAP and see how that goes :)
 
First I would like to ask what router you are using?
Second, if you are downloading a really healthy torrent do you get more then 22 MB/s?

188 Mbps = 23.5 MB/s Doing the conversion math, traffic forced thru the OpenVPN tunnel could possibly hit >22MB/s over my AC86U OpenVPN Gateway Server router according to my test across the XMission Utopia fiber network...
 
188 Mbps = 23.5 MB/s Doing the conversion math, traffic forced thru the OpenVPN tunnel could possibly hit >22MB/s over my AC86U OpenVPN Gateway Server router according to my test across the XMission Utopia fiber network...
sorry for the math I just rounded it off :)
What service provider are you using and what is the make and model of your router.
Please share this info with us, it might help others achieve these kinds of speeds.
I dont have a gigabit connection so i cannot do the same tests you did, but I assure you many people have had some major issues with bandwidth testing and they are never the same as real world usage.
I am really curious to what router you are using.
I have the ASUS 87U
 
What service provider are you using and what is the make and model of your router.
Please share this info with us, it might help others achieve these kinds of speeds.
I dont have a gigabit connection so i cannot do the same tests you did, but I assure you many people have had some major issues with bandwidth testing and they are never the same as real world usage.
I am really curious to what router you are using.

faVUOQm.jpg


https://www.dslreports.com/comment/2984/93871

Older review of XMission which is my ISP. AC86U is what functions as my OpenVPN Gateway Server router
They now offer 10 Gbps up/down for residential service over Utopia although the price is still way too steep for me!:D
 
faVUOQm.jpg


https://www.dslreports.com/comment/2984/93871

Older review of XMission which is my ISP. AC86U is what functions as my OpenVPN Gateway Server router
They now offer 10 Gbps up/down for residential service over Utopia although the price is still way too steep for me!:D
Thanks for sharing this info with us. Its obvious that the 86U will give better performance because its a beast and its what I thought when I saw your speed results.
 
Sorry if this has been answered before but I have been researching for some time now without finding an answer that I can understand :)

I have an Asus RT-AC68U set up behind an Asus DSL-AC68U to use for VPN and I have the latest (384.6) Merlin firmware installed on it.

When I configure an OpenVPN client and get to the bottom of the config there is an option "redirect Internet traffic" which most setup guides advise to set to "No"

I do not understand this setting at all as I would have thought that this is the whole point of a VPN???

Don't I want all my devices (phone, iPad, Desktop PC) connecting to the Router to connect to the internet through the VPN tunnel that is created?

Other options are "All" and "Policy Rules (Strict)"

I've been variously setting it to either "All" or "Policy Rules Strict" and then defining the whole network to go through it (10.4.4.0/27 in my case)

Why would the guides be saying to set it to "No" ???

Thank-you for any advice given.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top