NEED HELP Setting up RT-AC68U A2 PIA Openvpn CLIENT

[Julesatlanta]

All I am trying to do is setup my 68U A2 router with STOCK firmware so ALL MY DEVICES run thru PIA. (I dont even know what merlin is other than a wizard). Yes thats how much of a newbie I am.

Does anyone have the screen shots with the correct setting for this router? Wan, Lan etc. I don't know what customization code I need to add so things aren't leaking and caches arent keeping passwords but I really need some help!
I'm the only person using this router but I use laptops, android phones, tablets and android tv box and I just want it all directed thru PIA. Can someone please help me out? I've been sent to different threads but they all use the wizard(merlin) and have different screens then the screens on the router. They also have a lot of different fields.

 

[hrmn_vpn]

It seems you are in the same boat I was in two weeks ago.....
Like you I want to stick with the stock firmware, where most references, tutorials and discussions are about custom firmware.

I found a tutorial at another site that worked for me.
When you follow this tutorial don't forget to set the DNS addresses under the WAN tab, some guys (including yours truly) missed that step initially.
https://www.vpnuniversity.com/tutorial/how-to-setup-openvpn-asus-routers-asuswrt

Hope this helps,

 

[Julesatlanta]

Thank you so much for this link. I am still doing something wrong because I'm not getting the blue checkmark, I get an X. I put a message with the sys log containing the errors. I'm ready to melt this thing...lol

 

[hrmn_vpn]

I don't see the log.....

Never mind, I would have troubles interpreting things anyway, but perhaps some more experienced guy could read the log better than I can.

Concerning the X, I would say it means that the router can not connect to PIA / establish the VPN tunnel.
Probable causes: the imported files are not correct / not complete (did you import the proper certificate?) or that your credentials are incorrect.

The log file will probably show what is wrong.
Please attach it?

 

[hrmn_vpn]

One more thing.....

I don't know the status of your router, what switches and settings you have changed.

It may be a good idea to start from scratch if you are prepared to live some minutes without internet access.
Give it a factory reset, just use the set-up wizard (or whatever its is called), establish the internet connection with your ISP and only then follow the PIA tutorial in message #2 of this topic.

Hope this helps......

 

[Julesatlanta]

I got it to activate !!! I sent the log to PIA and apparently I mistyped my password. So excited. Now I have to fix the passwords being left in memory and figure out how to set the switch to stop internet access if the VPN goes down and I'm all set!

Thank you so much. I have been trying to get help for weeks from both PIA and ASUS with no luck.

 

[Julesatlanta]

I knew it was to good to be true..darn it. Now I'm getting a wan/ip is not external ip. Has to do with AI setup

 

[hrmn_vpn]

Now I have to fix the passwords being left in memory and figure out how to set the switch to stop internet access if the VPN goes down and I'm all set!

I am happy for you that you have got it to work this far!
When you find out how to kill internet when the tunnel goes down please share it.
As far as I know it can not be done using stock firmware, it is one of the improvements Merlin brings.
But maybe there is some way to do it that I am not aware of....

I don't know if you should be worried about the password warning. Apparently they reside in memory of the router, but if someone gains access to your router memory this might be the least of your problems.

Enjoy!

 

[hrmn_vpn]

I knew it was to good to be true..darn it. Now I'm getting a wan/ip is not external ip. Has to do with AI setup

Sorry, I can't help you with this one, apart from my previous suggestion to start from scratch and see what happens with all settings to their default values.

Enjoy!

 

[FatherLandDescendant]

Sorry, I can't help you with this one, apart from my previous suggestion to start from scratch and see what happens with all settings to their default values.

Enjoy!

Which will also wipe the memory and the previously mentioned passwords will be purged.

 

[hrmn_vpn]

Which will also wipe the memory and the previously mentioned passwords will be purged.

It certainly will, until you configure the VPN again.
When you want to get rid of this warning use the auth-nocache verb in the configuration file, so that it reads:

[...]
tls-client
remote-cert-tls server
auth-user-pass
auth-nocache
comp-lzo
verb 1
[...]

I tried it and it works.
As I don't know if it has ramifications I removed it again and decided to just ignore the warning.

 

[Julesatlanta]

I'm doing the same. Now I'm trying to get rid of the "WAN IP is not the external IP. External IP based services will not work" error message from the router.

 

[hrmn_vpn]

I am in no way a networking guru, so I am afraid I won't be of much help here.
But let me try a long shot...... is your AC-68 connected directly to your modem or is there an other router between the two?
Can you describe the equipment between your internet access point (the telco wires) and this Asus router?

 

[Julesatlanta]

Absolutely.

My ISP modem is bridged and connect to my ASUS 68U by ethernet cable. I have no secondary routers. I do however have the OPENvpn server ON and a USB 3.0 drive for ftp and data transfer/backups.

 

[hrmn_vpn]

I do however have the OPENvpn server ON and a USB 3.0 drive for ftp and data transfer/backups.

Earlier today we were discussing a VPN client setup on your Asus. Are you now saying that you also have a VPN server running on the same box at the same time? Honestly I don't know if that can be done.

Anyway, what I would do to attempt to solve the WAN IP is not the external IP. External IP based services will not work message:
1. Check the connections: ISP box LAN 1 port connected to AC68U WAN port
2. Make sure the ISP box is in bridge mode
3. Reboot the ISP box
4. When the ISP box has rebooted press the Reset button on the AC68U and let QiS work it's magic
5. Configure the VPN client
6. (If you also want a VPN server) De-activate the VPN client and configure the VPN server

If that does not achieve what you want I am out of ideas, as I said I am not a network expert.

Hope this helps......

 

[Julesatlanta]

There is a way but I'mworking on the setup now. Some 1 fixed it by having the ISP change the internal IP to external. When I find out I'll let you know. The server let's you connect thru you system when away from home

 

[doczenith1]

I followed this:
https://helpdesk.privateinternetacc...ing-up-an-Asus-Router-running-Merlin-Firmware

And found that these configs worked best:
persist-key
persist-tun
tls-client
remote-cert-tls server
reneg-sec 0
disable-occ
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"

I would strongly recommend running Merlin's version of the Asus firmware if you are going to be using the openvpn client on your router. More info here:
https://www.snbforums.com/threads/asuswrt-merlin-custom-firmware-for-asus-routers.7846/

 

[hrmn_vpn]

I would strongly recommend running Merlin's version of the Asus firmware if you are going to be using the openvpn client on your router.

I am aware that a lot of people around here are using Merlin's customized firmware, for good reasons.
I am wondering though which of the problems discussed in this topic it would solve?

 

[Xentrk]

I am aware that a lot of people around here are using Merlin's customized firmware, for good reasons.
I am wondering though which of the problems discussed in this topic it would solve?

ASUS Merlin is a third party alternative firmware for Asus routers, with a special emphasis on tweaks and fixes rather than radical changes or collecting as many features as possible. http://asuswrt.lostrealm.ca/

Great support wiki here: https://github.com/RMerl/asuswrt-merlin/wiki

And of course, good support on this forum. Forum members have written great utilities such as AB Solution to block ads and other scripts to enhance security on the routers. I highly recommend it.

And yes, you can run an OpenVPN client and server at the same time. The OpenVPN Server allows me to have secure remote access to the router. Or, you can install it at a geo location, say a relatives house, to use as a VPN server connection to mask your geo location and get around any geo blocks and avoid subscribing to VPN service.

 

[Xentrk]

I am happy for you that you have got it to work this far!
When you find out how to kill internet when the tunnel goes down please share it.
As far as I know it can not be done using stock firmware, it is one of the improvements Merlin brings.
But maybe there is some way to do it that I am not aware of....

That feature is only enabled if you have Redirect Internet traffic set to Policy Rules AFAIK. I have one router set to All Traffic and the other has Policy Rules.

Even if you want all traffic to use the VPN tunnel, you could still select Policy Rules. You then have to list all of your clients in this section. You will also need to set up static DHCP leases for them in the LAN tab.