Need help getting ExpressVPN to work on an Asus router.

[mac_angel]

Use the Merlin-specific settings on the ExpressVPN site. It's that simple. If you need a more detailed explanation of the DNS options in step 7 they can be found in Merlin's Policy based routing wiki.

sorry, I missed that earlier.
I must be missing something still though, because I've gone over it about a dozen times now, following those steps exactly each time, making sure I read it carefully, but when I click it to ON, I get the message Error - check configuration! I've tried both Toronto .opvn files.

EDIT: I just found this in the system log:


56:21 rc_service: httpd 1333:notify_rc start_vpnclient1
Nov 23 21:56:21 ovpn-client1[8462]: WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Nov 23 21:56:21 ovpn-client1[8462]: Options error: You must define CA file (--ca) or CA path (--capath)
Nov 23 21:56:21 ovpn-client1[8462]: Use --help for more information.
Nov 23 21:56:21 openvpn: Starting OpenVPN client 1 failed!

 

[ColinTaylor]

Another user had this problem because his jffs partition (the internal storage) needed to be formatted after the initial install of Merlin. Go to Administration > System and choose the option to Format JFFS partition at next boot. Apply that and then reboot. After the router comes back up do another (normal) reboot.

Now setup your VPN client again. Click the Default button and the bottom of the page and then follow the instructions as before.

 

[mac_angel]

Another user had this problem because his jffs partition (the internal storage) needed to be formatted after the initial install of Merlin. Go to Administration > System and choose the option to Format JFFS partition at next boot. Apply that and then reboot. After the router comes back up do another (normal) reboot.

Now setup your VPN client again. Click the Default button and the bottom of the page and then follow the instructions as before.

cool, ty. I'll give that a try and pop on tomorrow for a follow up. My son's back at school, and I'll get my fiance to tether to her work cell phone if I need more time to mess around with the router.
Out of curiosity, where are you located? Are you trying Canadian servers?

 

[ColinTaylor]

Out of curiosity, where are you located? Are you trying Canadian servers?

I'm in the UK.

 

[mac_angel]

Another user had this problem because his jffs partition (the internal storage) needed to be formatted after the initial install of Merlin. Go to Administration > System and choose the option to Format JFFS partition at next boot. Apply that and then reboot. After the router comes back up do another (normal) reboot.

Now setup your VPN client again. Click the Default button and the bottom of the page and then follow the instructions as before.

Just about to try it and I noticed something. Should I check the bullet for " Enable JFFS custom scripts and configs "?

 

[ColinTaylor]

Just about to try it and I noticed something. Should I check the bullet for " Enable JFFS custom scripts and configs "?

That's unrelated, so should not make any difference.

 

[mac_angel]

That's unrelated, so should not make any difference.

okay. I wasn't sure if it might have something to do with the custom configuration box at the bottom of the VPN page where you add a bunch of stuff.
Loading up the VPN stuff now.
fyi, ExpressVPN says they've done "extensive testing in the US and the UK, but have not tested much for the Canadian segment and this is where we fall short on providing you with resolution and for that we apologize."

 

[mac_angel]

okay, little update. Reformatting as you suggested did get it to work and connect. The first Toronto server I tried was slow AF. The second Toronto server was much better. However, I am still getting DNS leaks. Accept DNS Configuration is set to Strict. Under Advanced Settings, Force Internet traffic through tunnel is set to No (not sure if that matters, but thought I'd add it. As I said, I'm new to the VPN stuff)

 

[ColinTaylor]

Try setting Accept DNS Configuration to Exclusive and see if that makes a difference.

EDIT: and set Force Internet traffic through tunnel to Yes.

 

[mac_angel]

Try setting Accept DNS Configuration to Exclusive and see if that makes a difference.

ah. That looks like it made a difference.
ExpressVPN DNS leak page seems to be down. For the past hour it just keeps saying incomplete. I've been using DNSleaktest.com
Speeds still seem okay. ~900Mb/sec normally, and ~650Mb/sec through the VPN. I'm assuming that's about what I should expect? I'm curious if overclocking makes a difference (ExpressVPN says it uses the router's CPU for encryption). There's no overclocking feature as of yet, but I did notice the router CPU is running at about ~70+*C. I could take it apart and put on better thermal paste (I have a lot of computers and laptops and I've been building systems and networks for many years. I used to be an IT tech at IBM about 16 years ago before my health kinda forced me into retirement).
More on topic, next step will be to get Amazon Prime Video to work. If it can't work through the VPN, then I'll just have to look at getting those devices to bypass the VPN on the router.

 

[ColinTaylor]

You won't get any more throughput than that. The ExpressVPN statement about CPU is not quite correct because your particular model of router has hardware crypto which takes the load off the CPU. Overclocking your router is not (and will not) be possible. The temperatures are normal.

 

[mac_angel]

You won't get any more throughput than that. The ExpressVPN statement about CPU is not quite correct because your particular model of router has hardware crypto which takes the load off the CPU. Overclocking your router is not (and will not) be possible. The temperatures are normal.

Cool. I kinda figured so, about the hardware encryption. But being new to the VPN thing, I didn't want to argue a point that I am sure about.
I also didn't think overclocking it would do much, though I have seen others post overclocking numbers. In general I do know heat does affect electronics over time. I have a couple of LSI/IBM Enterprise RAID cards that were passively cooled, and even kept in the cold room of our basement, they overheated until I put fans on them.
Thank you again for all your help. I really wasn't getting much from ExpressVPN, but admittedly, this was more router specific and not anything they were specifically responsible for. I did give them an update about all of this, as well as linked them to this forum, so hopefully they can pick up on these extra things to try if other customers have problems too.

 

[ColinTaylor]

Most Asus routers (like the one I have) use the CPU for crypto. Therefore throughput scales almost linearly with CPU speed. Without hardware crypto throughput varies from about 50Mbps to 200Mbps depending on the model. So on those routers overclocking would see some benefit. However that is academic now as the ability to overclock was disabled some time ago by Asus.

 

[cooloutac]

Still no Merlin for my router RT-AX86U

oh I see. well it might not of even fixed your issue. no matter what I can't get expressvpn, pia or nord to work with hulu in my area. no matter what protocol or how I connect it. Same goes for Macy's.com lol I had to give it up.

 

[cooloutac]

okay, little update. Reformatting as you suggested did get it to work and connect. The first Toronto server I tried was slow AF. The second Toronto server was much better. However, I am still getting DNS leaks. Accept DNS Configuration is set to Strict. Under Advanced Settings, Force Internet traffic through tunnel is set to No (not sure if that matters, but thought I'd add it. As I said, I'm new to the VPN stuff)

You have to make it accept dns exclusive to avoid the leaks. and I do policy routing to strict.

 

[royarcher]

I have an Asus RT-AX86U and yesterday I ordered ExpressVPN. I was able to set it up easily enough, downloading the .ovpn file from ExpressVPN. When I do an IP look up, my IP address shows the city of the server I have been selecting. I live in Canada, and I have been selecting Canadian servers, and trying to use Canadian services - Netflix and Amazon Prime Video. After a bit I was able to get Netflix to work, but Prime Video keeps telling me that I am using a VPN or DNS server and I must turn it off to be able to watch Prime Video. Doing a full test I've found that I do have a DNS leak and lists a bunch of local IP addresses. Running individual clients isn't an option, I need something on my router. So far their tech support is telling me that I must have set it up wrong, which is pretty much 'passing the buck'. Literally the only settings on the router are putting in my user name, password, and turning it on after I upload their file. I am pretty knowledgeable when it comes to computers, but I have very little experience when it comes to VPN. But to me, if they are saying it's something in the configuration, if my IP address is showing, say Vancouver and I live in Ontario, but there's a DNS leak, it sounds like that would be something in their end, not the router.
But, as I said, I'm kinda new. Any suggestions or advice?
btw, I'm using the latest firmware from Asus, and using the OpenVPN Cllient option within the router.

You can try LA 3 it works for me sometimes but I use their smart DNS server now it always work but it's not a VPN obviously

 

[mac_angel]

You can try LA 3 it works for me sometimes but I use their smart DNS server now it always work but it's not a VPN obviously

Too far from me. Plus, I am in Canada, and right now want to keep with Canadian Netflix and Prime Video. Just like there is region specific content available in the US and not other countries, there is region specific content in Canada not available in the US.

 

[mac_angel]

You have to make it accept dns exclusive to avoid the leaks. and I do policy routing to strict.

I'm not sure what you mean by that. I don't have any more DNS leaks, but I have ran into a couple of web sites that say the site can't be reached when I'm using the VPN. Kinda surprised by that since they aren't region specific, and even if they were, I'm using the same region server as where I live.
I'm still trying to find info on how to set devices within my network to be able to bypass the VPN. I think that's probably my problem with not knowing how to search for it properly (wording).

 

[ColinTaylor]

I'm still trying to find info on how to set devices within my network to be able to bypass the VPN. I think that's probably my problem with not knowing how to search for it properly (wording).

Use the Policy Based Routing wiki I linked to earlier:

https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-routing

 

[royarcher]

Too far from me. Plus, I am in Canada, and right now want to keep with Canadian Netflix and Prime Video. Just like there is region specific content available in the US and not other countries, there is region specific content in Canada not available in the US.

yes sorry I hadn't read your post properly. One thing I have noticed though about a year ago prime has made it harder to watch via a vpn . I think they are more active in blocking people using a Vpn