Just can not get a VPN to work properly with Merlin from 386.5.2 onwards

royarcher

Very Senior Member
I had to go back to stock firmware from Merlin today and just wanted to say thank you.
I have enjoyed playing with my router and firmwares and thank all you guys that have helped me over the past few years but try as I may I just can't get it to work with a VPN anymore . I realise that it's me and not you but it just doesn't work properly with streaming services VIA a Roku device anymore
It's probably an issue with Roku and Merlin firmware as I don't have a problem with reaching sites on the laptop or my phones but try as I may I just can't get it to work properly
It either detects that I am using a VPN after I have logged in to a service like Hulu or Netflix ( it will give me access to the service but when I try to stream a movie or show I get a message,,we have detected that you may be using a VPN disconnect it and try again,, with Amazon prime it simply will not log in at all with the error message,, please check your internet connection and try again,,
I thought I would just try and see what happens with stock firmware and everything works the way it used to on the earlier builds of Merlin firmware.
I just wanted to let you know In case I am not alone in my streaming problem
 
Last edited:

eibgrad

Part of the Furniture
I've been casually monitoring your trials and tribulations in this regard. Sorry to hear it didn't work out w/ Merlin.

TBH, this particular problem tends to be less technical and more administrative. It's difficult to know precisely what the content providers are doing at any given time to detect the use of a VPN, and well, that's sort of the point; to keep everyone guessing. For all I know, you might be leaking IPv6, or perhaps something else in your stream.

Frankly, I don't ever recall you detailing your DNS configuration on the router (perhaps I just missed it). As I explain w/ my DNS monitoring utility, DNS configuration is complex and very easy to misconfigure. That's why I created the utility in the first place. Even when things are working today, it doesn't mean it won't change tomorrow, esp. w/ a firmware upgrade.

Case and point. Starting w/ (iirc) 386.4, ASUS decided to statically bind the WAN's DNS server(s) to the WAN. That seemingly innocent change did have consequences for some VPN users. Some VPN providers advise configuring the WAN w/ their DNS servers. When the VPN is active, those DNS servers are then accessed over the VPN (let's assume they are NOT using the VPN Director, but just routing ALL clients over the VPN). But that *assumes* there are no static routes that permanently bind those servers to the WAN! So even if those clients are configured to use the VPN exclusively, their DNS still leaks over the WAN! To prevent it, you need to *explicitly* rebind those DNS servers back to the VPN in the custom config field.

It's a safe bet there are at least a few users who have encountered this situation. They're leaking DNS and none the wiser. NOT unless they're savvy enough to retest for DNS leaks after moving to 386.4 or later.

I'm NOT saying this is your problem. I'm just trying to make the point that things do change, and you have to be eternally vigilant in retesting after an upgrade. Once again, the DNS monitoring utility comes in handy for these purposes.

Anyway, as I said, I'm sorry things didn't work out. This is just one of those problems that's difficult to diagnose given you're trying to read the minds of the content providers to determine their various and ever-changing algorithms to prevent unauthorized access. It's a very hit-n-miss process. Things can work one day, then suddenly stop. These kinds of cat and mouse games w/ the content providers are just NOT the kind of problems that lend themselves to resolution in these forums.
 

royarcher

Very Senior Member
I've been casually monitoring your trials and tribulations in this regard. Sorry to hear it didn't work out w/ Merlin.

TBH, this particular problem tends to be less technical and more administrative. It's difficult to know precisely what the content providers are doing at any given time to detect the use of a VPN, and well, that's sort of the point; to keep everyone guessing. For all I know, you might be leaking IPv6, or perhaps something else in your stream.

Frankly, I don't ever recall you detailing your DNS configuration on the router (perhaps I just missed it). As I explain w/ my DNS monitoring utility, DNS configuration is complex and very easy to misconfigure. That's why I created the utility in the first place. Even when things are working today, it doesn't mean it won't change tomorrow, esp. w/ a firmware upgrade.

Case and point. Starting w/ (iirc) 386.4, ASUS decided to statically bind the WAN's DNS server(s) to the WAN. That seemingly innocent change did have consequences for some VPN users. Some VPN providers advise configuring the WAN w/ their DNS servers. When the VPN is active, those DNS servers are then accessed over the VPN (let's assume they are NOT using the VPN Director, but just routing ALL clients over the VPN). But that *assumes* there are no static routes that permanently bind those servers to the WAN! So even if those clients are configured to use the VPN exclusively, their DNS still leaks over the WAN! To prevent it, you need to *explicitly* rebind those DNS servers back to the VPN in the custom config field.

It's a safe bet there are at least a few users who have encountered this situation. They're leaking DNS and none the wiser. NOT unless they're savvy enough to retest for DNS leaks after moving to 386.4 or later.

I'm NOT saying this is your problem. I'm just trying to make the point that things do change, and you have to be eternally vigilant in retesting after an upgrade. Once again, the DNS monitoring utility comes in handy for these purposes.

Anyway, as I said, I'm sorry things didn't work out. This is just one of those problems that's difficult to diagnose given you're trying to read the minds of the content providers to determine their various and ever-changing algorithms to prevent unauthorized access. It's a very hit-n-miss process. Things can work one day, then suddenly stop. These kinds of cat and mouse games w/ the content providers are just NOT the kind of problems that lend themselves to resolution in these forums.
Thank you for your response and fix. Turned IPv6 off and problem solved ( so far)
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top