1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

How to Setup a VPN client including Policy Rules for PIA and other VPN providers 384.5 07.10.18

Discussion in 'VPN' started by yorgi, Mar 5, 2016.

  1. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,517
    Location:
    The Land of Smiles
    Best to point you to the guide so you can see the context of how the settings work with the up down scripts:

    https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
     
    Marin likes this.
  2. pusb87

    pusb87 Regular Contributor

    Joined:
    Dec 15, 2016
    Messages:
    67
    AFAIK if those commands are included in the PIA ovpn config file ( which they are in their latest ovpn files), and you import that file then they are not needed in custom config

    I certainly don't have them in my custom config file and my PIA connection is just fine at at full speed on AC86U router

    PS I use their 128 GCM files via their configurator >> https://www.privateinternetaccess.com/pages/ovpn-config-generator
     
    Last edited: May 6, 2019
  3. frooty

    frooty Regular Contributor

    Joined:
    Nov 23, 2015
    Messages:
    52
    Thanks for all the responses guys. I've tried my connections both with & without those two commands & I've not noticed any difference tbh, which was why I asked about them. I did check the openvpn wiki but it's all a bit above my paygrade....lol So I'm still none the wiser. It's always been stable using the aes-256-cbc/sha256 combo & it's still running fine with the extra commands so I'll just leave it be in case I break something.
    Thanks again.
     
  4. TonyK132

    TonyK132 Regular Contributor

    Joined:
    Jul 24, 2017
    Messages:
    133
    Is there anything you have to do to implement a Kill Switch in the PIA configuration?
     
  5. doczenith1

    doczenith1 Very Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    571
    Location:
    MI
    Select "Yes"
    upload_2019-5-16_18-29-16.png

    Just realized that you need to use policy rules to get this option.
     
  6. TonyK132

    TonyK132 Regular Contributor

    Joined:
    Jul 24, 2017
    Messages:
    133
    Thanks. It was there for me but I did not realize that's what it was.
     
  7. Wafflestyx

    Wafflestyx New Around Here

    Joined:
    Dec 11, 2017
    Messages:
    7
    Currently PIA is haveing a DNS issue with Amazon and some other sites.
    Is there a command for the custom configuration field that would let me changed the DNS to w/e I want cloudflare, google?

    Some googling I came across ( push "dhcp-option DNS 8.8.8.8" ) for a config file but putting that in the field didn't seem to help.

    Edit: Looks like you just put
    dhcp-option DNS 1.1.1.1
    dhcp-option DNS 1.0.0.1
     
    Last edited: Sep 23, 2019
  8. Diamond67

    Diamond67 Regular Contributor

    Joined:
    Jul 23, 2015
    Messages:
    184
    Did you choose "OpenVPN 2.4 or newer" and Linux?

    I have never configured OpenVPN of my router before (I have used PIA client apps with Android, Ubuntu and Windows 10) and now when I tried to get some info when it comes to tweaking with router OpenVPN settings it seems that during this year several links regarding PIA and Asuswrt-Merlin OpenVPN setup settings have disappeared from PIA website and (maybe because of the similarities) they have focused on Asuswrt OpenVPN, and there is even this rather recently updated link with instructions available:

    https://www.privateinternetaccess.c...ware-openvpn-setup-2#step-1-advanced-settings

    I contacted PIA tech support and they recommended using manual config (= instructions from that site) instead of using Config Generator.

    Do you think that those settings from that website are quite OK? There may be some settings missing or a bit different compared with Merlin 384.13.
     
    Last edited: Oct 23, 2019
  9. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,106
    I use PIA and while I previously tweaked the settings in the custom configuration I found it never seemed to make an improvement in performance and more recently it seemed to result in instability and the clients would fail.

    Instead I would just go to PIA's configurator and download a file for the server you want to use along with the security settings you want. I currently use AES-128-CBC on Port 1198 and for the second client AES-256-CBC on Port 1197. Add your user name and password and then start the clients up. NOTE: If you plan to use multiple VPN clients from any vendor only a single VPN (client or server ) can be running on a particular port. PIA offers at least eleven configuration options but some of the options are not compatible with Merlin's firmware. I have used configurations using Ports 443, 1198 and 1197 and maybe ports 502 and 501. Start with the basic AES-128-CBC on Port 1198.

    I have run PIA on an N66, AC1900P and an AC86.

    Don't run multiple clients until you are comfortable with just a single client.

    PS. I haven't had any problems with Amazon. I am using the DNS policy = relaxed.
     
    Diamond67 likes this.
  10. pusb87

    pusb87 Regular Contributor

    Joined:
    Dec 15, 2016
    Messages:
    67
    Yes, but it doesnt matter as the linux and windows config files are the same as far as i can see
    these are my settings on 384.12

    for me this works fine with one exception that even though i have
    Block routed clients if tunnel goes down set to Yes
    if the vpn client goes down then it reconnects using my ISP's IP :( ---- this happens very rarely
     

    Attached Files:

    Diamond67 likes this.
  11. doczenith1

    doczenith1 Very Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    571
    Location:
    MI
    Auth digest can be set to none when using GCM ciphers.
     
    pusb87 likes this.
  12. frooty

    frooty Regular Contributor

    Joined:
    Nov 23, 2015
    Messages:
    52
    Just a heads up to all you PIA users out there (me included): PIA have been bought by the notorious malware/adware/data selling company Kape Technologies & as of yesterday can no longer be trusted with your info/privacy. Read more about it:

    https://news.ycombinator.com/item?id=21584958
    https://www.reddit.com/r/PrivateInt...erger_with_kape_technologies_addressing_your/

    I have cancelled my subscription & advise everyone else to do the same if you value your privacy.

    Edit: Wonder if this guide works for Mullvad?.....

    Edit2: A few more links:

     
    Last edited: Nov 23, 2019
    juniorsweet and Kingp1n like this.