1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

How to Setup a VPN client including Policy Rules for PIA and other VPN providers 384.5 07.10.18

Discussion in 'VPN' started by yorgi, Mar 5, 2016.

  1. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,892
    Location:
    The Land of Smiles
    Best to point you to the guide so you can see the context of how the settings work with the up down scripts:

    https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
     
    Marin likes this.
  2. pusb87

    pusb87 Regular Contributor

    Joined:
    Dec 15, 2016
    Messages:
    70
    AFAIK if those commands are included in the PIA ovpn config file ( which they are in their latest ovpn files), and you import that file then they are not needed in custom config

    I certainly don't have them in my custom config file and my PIA connection is just fine at at full speed on AC86U router

    PS I use their 128 GCM files via their configurator >> https://www.privateinternetaccess.com/pages/ovpn-config-generator
     
    Last edited: May 6, 2019
  3. frooty

    frooty Regular Contributor

    Joined:
    Nov 23, 2015
    Messages:
    81
    Thanks for all the responses guys. I've tried my connections both with & without those two commands & I've not noticed any difference tbh, which was why I asked about them. I did check the openvpn wiki but it's all a bit above my paygrade....lol So I'm still none the wiser. It's always been stable using the aes-256-cbc/sha256 combo & it's still running fine with the extra commands so I'll just leave it be in case I break something.
    Thanks again.
     
  4. TonyK132

    TonyK132 Senior Member

    Joined:
    Jul 24, 2017
    Messages:
    204
    Is there anything you have to do to implement a Kill Switch in the PIA configuration?
     
  5. doczenith1

    doczenith1 Very Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    688
    Location:
    MI
    Select "Yes"
    upload_2019-5-16_18-29-16.png

    Just realized that you need to use policy rules to get this option.
     
  6. TonyK132

    TonyK132 Senior Member

    Joined:
    Jul 24, 2017
    Messages:
    204
    Thanks. It was there for me but I did not realize that's what it was.
     
  7. Wafflestyx

    Wafflestyx New Around Here

    Joined:
    Dec 11, 2017
    Messages:
    7
    Currently PIA is haveing a DNS issue with Amazon and some other sites.
    Is there a command for the custom configuration field that would let me changed the DNS to w/e I want cloudflare, google?

    Some googling I came across ( push "dhcp-option DNS 8.8.8.8" ) for a config file but putting that in the field didn't seem to help.

    Edit: Looks like you just put
    dhcp-option DNS 1.1.1.1
    dhcp-option DNS 1.0.0.1
     
    Last edited: Sep 23, 2019
  8. Diamond67

    Diamond67 Senior Member

    Joined:
    Jul 23, 2015
    Messages:
    247
    Did you choose "OpenVPN 2.4 or newer" and Linux?

    I have never configured OpenVPN of my router before (I have used PIA client apps with Android, Ubuntu and Windows 10) and now when I tried to get some info when it comes to tweaking with router OpenVPN settings it seems that during this year several links regarding PIA and Asuswrt-Merlin OpenVPN setup settings have disappeared from PIA website and (maybe because of the similarities) they have focused on Asuswrt OpenVPN, and there is even this rather recently updated link with instructions available:

    https://www.privateinternetaccess.c...ware-openvpn-setup-2#step-1-advanced-settings

    I contacted PIA tech support and they recommended using manual config (= instructions from that site) instead of using Config Generator.

    Do you think that those settings from that website are quite OK? There may be some settings missing or a bit different compared with Merlin 384.13.
     
    Last edited: Oct 23, 2019
  9. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,544
    I use PIA and while I previously tweaked the settings in the custom configuration I found it never seemed to make an improvement in performance and more recently it seemed to result in instability and the clients would fail.

    Instead I would just go to PIA's configurator and download a file for the server you want to use along with the security settings you want. I currently use AES-128-CBC on Port 1198 and for the second client AES-256-CBC on Port 1197. Add your user name and password and then start the clients up. NOTE: If you plan to use multiple VPN clients from any vendor only a single VPN (client or server ) can be running on a particular port. PIA offers at least eleven configuration options but some of the options are not compatible with Merlin's firmware. I have used configurations using Ports 443, 1198 and 1197 and maybe ports 502 and 501. Start with the basic AES-128-CBC on Port 1198.

    I have run PIA on an N66, AC1900P and an AC86.

    Don't run multiple clients until you are comfortable with just a single client.

    PS. I haven't had any problems with Amazon. I am using the DNS policy = relaxed.
     
    Diamond67 likes this.
  10. pusb87

    pusb87 Regular Contributor

    Joined:
    Dec 15, 2016
    Messages:
    70
    Yes, but it doesnt matter as the linux and windows config files are the same as far as i can see
    these are my settings on 384.12

    for me this works fine with one exception that even though i have
    Block routed clients if tunnel goes down set to Yes
    if the vpn client goes down then it reconnects using my ISP's IP :( ---- this happens very rarely
     

    Attached Files:

    Diamond67 likes this.
  11. doczenith1

    doczenith1 Very Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    688
    Location:
    MI
    Auth digest can be set to none when using GCM ciphers.
     
    pusb87 likes this.
  12. frooty

    frooty Regular Contributor

    Joined:
    Nov 23, 2015
    Messages:
    81
    Just a heads up to all you PIA users out there (me included): PIA have been bought by the notorious malware/adware/data selling company Kape Technologies & as of yesterday can no longer be trusted with your info/privacy. Read more about it:

    https://news.ycombinator.com/item?id=21584958
    https://www.reddit.com/r/PrivateInt...erger_with_kape_technologies_addressing_your/

    I have cancelled my subscription & advise everyone else to do the same if you value your privacy.

    Edit: Wonder if this guide works for Mullvad?.....

    Edit2: A few more links:

     
    Last edited: Nov 23, 2019
    Waylo, juniorsweet and Kingp1n like this.
  13. Wired

    Wired New Around Here

    Joined:
    Jan 11, 2018
    Messages:
    4
    Greetings all! Longtime reader just don't post often because I typically find my answer(s) on here. Have a question though and would appreciate the feedback.

    Have the 86U, latest firmware. Also running Skynet. 300 connection from my ISP going through PIA. When I first configured the router, I was able to get 200+ when connecting to their Texas servers. Can't figure out what's changed, now I only see 50-125 from that server. I've used many combinations of referenced settings from this thread and some of the stickied threads. I've tried setting encryption at AES-128-CBC/GSM which doesn't seem to make a difference. Compression adaptive/none etc. I'll attach some screenshots when I get home this evening, but would appreciate any assistance.

    Thanks
     

    Attached Files:

    • vpn.png
      vpn.png
      File size:
      193.1 KB
      Views:
      63
    • vpn1.png
      vpn1.png
      File size:
      214.8 KB
      Views:
      62
  14. doczenith1

    doczenith1 Very Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    688
    Location:
    MI
    You're PIA settings are the same as mine. My custom config is:
    resolv-retry infinite
    tls-client
    remote-cert-tls server
    disable-occ
    persist-key
    persist-tun
    fast-io (last I heard this was in beta but may help a little with speeds)

    These are some recent speedtest results using the Chicago PIA server.

    upload_2020-3-9_21-3-7.png
     
  15. Wired

    Wired New Around Here

    Joined:
    Jan 11, 2018
    Messages:
    4
    Ok. Thanks. I’ll add the fast-io, see if there’s any noticeable difference. Closest server to me is Texas but have seem a little difference if I connect thru Denver. Nothing like you posted though.

    I’ve been using Speedtest (single connection) to get my results. Are using spdmerlin from the router?
     
    Last edited: Mar 9, 2020
  16. doczenith1

    doczenith1 Very Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    688
    Location:
    MI
    Yes. I get similar results with web based tests also. I would try the multi connection as I seem to remember getting better results.
     
  17. Wired

    Wired New Around Here

    Joined:
    Jan 11, 2018
    Messages:
    4
    Then something’s not right with my setup somewhere. Thanks for your replies. I’ll continue looking at my config.
     
  18. FatherLandDescendant

    FatherLandDescendant Regular Contributor

    Joined:
    Apr 7, 2017
    Messages:
    119
    Location:
    Kentucky
    It might be the server your connecting to. I don't always get the best results with the closest-to-me server.