Merlin VPN Recommendation & Configuration

[Sohaib Sarwar]

I have AC86U with latest version of Merlin. I am shopping for VPN and any recommendations would be awesome. Goal is to have all my network go through a VPN and why looking to use third party VPN. I am hoping there is way to add third party VPN on Merlin Openvpn option. Thanks in advance

 

[skeal]

I have AC86U with latest version of Merlin. I am shopping for VPN and any recommendations would be awesome. Goal is to have all my network go through a VPN and why looking to use third party VPN. I am hoping there is way to add third party VPN on Merlin Openvpn option. Thanks in advance

I use Torguard give me a minute and I'll find a blog post that walks you through Torguard setup on Asuswrt-Merlin.

 

[skeal]

Try looking at this the firmware version used in the pics is a little old but the changes to OVPN haven't changed that much. https://www.snbforums.com/threads/t...for-asus-merlin-380-65-380-65_2-part-i.38281/

 

[doczenith1]

I've had good luck with Private Internet Access. They have an ovpn file that you can import into your 86U. I see speeds in the mid 200 Mbps range when using the AES-128-GCM cipher. Make sure to add ncp-disable to the custom config so that the GCM cipher will work.
https://www.privateinternetaccess.com/helpdesk/guides/routers/merlin/merlin-firmware-openvpn-setup
https://www.privateinternetaccess.c.../what-s-the-difference-between-the-ovpn-files

 

[Marin]

Interesting....I use NordVPN and I have AES-256-GCM activated in my RT-AC86U (compression disabled) and my speeds are always close to those of ISP.

Was curious though, is ncp-disable something that could work with every VPN provider custom configuration? Obviously, PIA recommends this their setup. I have not tried it in mine but will do so tonight.




Sent from my iPhone using Tapatalk

 

[john9527]

Was curious though, is ncp-disable something that could work with every VPN provider custom configuration?

Same as setting 'Cipher negotiation' to Disabled in the gui....

The VPN provider has to enable the CGM ciphers.

 

[Marin]

Same as setting 'Cipher negotiation' to Disabled in the gui....

The VPN provider has to enable the CGM ciphers.

Good to know. Thank you @john9527!


Sent from my iPhone using Tapatalk

 

[Sohaib Sarwar]

I've had good luck with Private Internet Access. They have an ovpn file that you can import into your 86U. I see speeds in the mid 200 Mbps range when using the AES-128-GCM cipher. Make sure to add ncp-disable to the custom config so that the GCM cipher will work.
https://www.privateinternetaccess.com/helpdesk/guides/routers/merlin/merlin-firmware-openvpn-setup
https://www.privateinternetaccess.c.../what-s-the-difference-between-the-ovpn-files

I just got my subscription for PIA and plan to setup tonight. Will let you know know if I run into any issues. Thanks

 

[Sohaib Sarwar]

I've had good luck with Private Internet Access. They have an ovpn file that you can import into your 86U. I see speeds in the mid 200 Mbps range when using the AES-128-GCM cipher. Make sure to add ncp-disable to the custom config so that the GCM cipher will work.
https://www.privateinternetaccess.com/helpdesk/guides/routers/merlin/merlin-firmware-openvpn-setup
https://www.privateinternetaccess.c.../what-s-the-difference-between-the-ovpn-files

I followed the instructions and have lost half of my download speed with VPN enabled. I did not import ovpn file and just went with the configuration settings on PIA Merlin setup. Can you please take a look at my settings and provide any feedback to gain my performance back.

Thanks in advance

 

[doczenith1]

I followed the instructions and have lost half of my download speed with VPN enabled. I did not import ovpn file and just went with the configuration settings on PIA Merlin setup. Can you please take a look at my settings and provide any feedback to gain my performance back.

Thanks in advance

Your settings look good to me. Can you elaborate on "lost half of my download speed with VPN enabled". Are you saying that your download speeds without the vpn are double what they are with the vpn? That may be normal. What are your download speeds with and without the vpn? And if you are using PIA I would recommend using the newer, faster GCM ciphers.

 

[Sohaib Sarwar]

Your settings look good to me. Can you elaborate on "lost half of my download speed with VPN enabled". Are you saying that your download speeds without the vpn are double what they are with the vpn? That may be normal. What are your download speeds with and without the vpn? And if you are using PIA I would recommend using the newer, faster GCM ciphers.

Yes. My dowadown speed without PIA is 176 and with PIA 66. The only cipher that is working for me is AES 128 CBC. I tried GCM and it won't connect. Even in the instructions they have listed CBC. I noticed you listed that your speed double with GCM

 

[doczenith1]

My speed didn't double but did increase around 25%. Did you include "ncp-disable" in custom config? Below are my crypto settings.

Per @john9527 you can leave the ncp-disable out of custom config if you disable the Cipher negotiation like this:

Using this config with the chicago PIA server I'm getting the following:

I'm not sure what happened to PIA's upload speeds. It's been a while since I did a speed test but I used to get upper 200's on upload.

 

[RMerlin]

Do not put ncp-disable in the custom settings. This should be controlled by the Cipher Negotiation setting, otherwise you will have contradictory settings, with unpredictable end results.

 

[doczenith1]

That makes sense. Might want to tell the guys over at PIA as their screenshot shows the ncp-disable in custom settings

https://www.privateinternetaccess.c...celeration-is-here-for-routers-using-openvpn/

 

[Marin]

I see that TLS control channel security is Disabled. What does this setting really do as it is not disabled on default settings?


Sent from my iPhone using Tapatalk