1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

openvpn tutorial on asus rt-ac88u using merlin f/w 384.9

Discussion in 'Asuswrt-Merlin' started by eltell69, Feb 19, 2019.

  1. eltell69

    eltell69 Occasional Visitor

    Joined:
    Apr 3, 2018
    Messages:
    26
    Hi Guys I posted a request earlier about my asus rt-ac88u as main wifi router and rt-ac86u as the access point and I've installed the merlin f/w on both routers. Well I'm now trying to install the nordvpn on the main router but unable to see protected on the nordvpn web site.
    It was a lot easier when using the asus default f/w to set up. Is there a step by step set up guide for doing this vpn when using merlin f/w as I've looked on this site and elsewhere and am unable to source at the mo.
    Would appreciate your help with this. Thanks.
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,751
    Location:
    UK
    I just used these instructions. It was pretty straight forward.

    P.S. I don't know what you mean by "unable to see protected on the nordvpn web site".
     
    Last edited: Feb 20, 2019
  3. eltell69

    eltell69 Occasional Visitor

    Joined:
    Apr 3, 2018
    Messages:
    26
    Hi Colin yes the instructions for the vpn install using the default asuswrt firmware is pretty straight forward but what I'm looking for is a download version say .pdf of a step by step guide for installing a nordvpn with the merlin firmware.

    When opening the nordvpn web page it tells you at the top of the page your ip address and if your not using a vpn then it says your 'unprotected', if you have a running vpn then your ip address will be different and your be 'protected'

    I have seen the setup guide via google but unable to download it.

    Many thanks for your reply much appreciated
     
  4. eltell69

    eltell69 Occasional Visitor

    Joined:
    Apr 3, 2018
    Messages:
    26
    Well I've put everything back to default as the 384.9 f/w doesn't seem to like my rt-ac88u. I can't use the asus default f/w as I'm unable to find any settings for allowing my fetch tv streaming which would be wired to the rt-ac86u which is in access point mode. Maybe there's someone who can assist me with this as I can't spend loads of time trying to figure out how to use the merlin f/w. Another strange thing was the rt-ac88u slowed right down when the merlin was installed, maybe it was the way I installed it I don't know. No probs at all when it's all aimesh which is very good but I would like the vpn which the asus has and is easy to set up but as I said no streaming. Anyone.
     
  5. Marin

    Marin Senior Member

    Joined:
    Sep 15, 2015
    Messages:
    439

    Did you follow their tutorial on how yo do this?

    https://nordvpn.com/tutorials/asustwrt-merlin/openvpn/

    There is also a link in between these instructions to download all of their servers. This will be a zip file. Save this file in a folder so you can use it later when looking for different server files to download. The list of servers is updated from time to time so it may be a good idea to frequently check this site and re-download the zip file if needed.

    Would start with a server that is close to your location and go from there. There is a link on the site (which I can’t find now for some reason) that shows the location of each server. Otherwise, you can contact NordVPN and they can email this list to you.




    Sent from my iPhone using Tapatalk
     
  6. Marin

    Marin Senior Member

    Joined:
    Sep 15, 2015
    Messages:
    439
    [QUOTE P.S. I don't know what you mean by "unable to see protected on the nordvpn web site".[/QUOTE]

    Some VPN providers (ExpressVPN, NordVPN) include on their main homepage a link (at the very top usually) that states: Protected or Unprotected depending on whether you are using a VPN or not. However, this is only if you use their servers and not others. For example, if you use ExpressVPN then the NordVPN site will show you as “Unprotected”. The same goes if you have NordVPN installed and are checking out ExpressVPN’s homepage.



    Sent from my iPhone using Tapatalk
     
  7. eltell69

    eltell69 Occasional Visitor

    Joined:
    Apr 3, 2018
    Messages:
    26
    Hi Marin I did try to use the tutorial but wasn't successful. I also downloaded their recommended server config files in the .ovpn format, the one with the single file not the zip file.
    Was wondering if I could download a version of the tutorial in maybe .pdf format as I don't know how to copy the web based version including the router pictures maybe you can advise me on this.
    Just out of curiosity would the rt-ac86u be the better router for the main one as I use the rt-ac88u for the main one because of the 8 Ethernet ports.
    Also do I require the merlin f/w on both routers or just the main one as the rt-ac86u is in access point mode.
     
  8. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,751
    Location:
    UK
    I found those instructions to be years out of date and contain some questionable customisation options that might conflict/replace those already supplied by NordVPN. They were written for firmware version 380.59.

    The generic Asus intructions I linked to are much more up to date and worked for me. The only change I would suggest is that you don't do step 10 (change WAN DNS settings) as it not necessary and can cause problems in certain circumstances.

    You don't need to download a PDF (I don't think there are any anyway), just work off the web page. If you really must have an offline copy then either print or save the web page. In Chrome (and probably other browsers) you can even select the "Print" option and change the destination to "Save as PDF".
     
    Last edited: Feb 20, 2019
  9. Marin

    Marin Senior Member

    Joined:
    Sep 15, 2015
    Messages:
    439
    From what I see the link you provided is for Asus routers using stock firmware. I thought OP had Merlin installed but maybe I missed that detail.

    Yes the info on the NordVPN’s site is quite dated but it is a start. A lot of us have ended up changing some of the settings overtime as new knowledge comes out.




    Sent from my iPhone using Tapatalk
     
  10. Marin

    Marin Senior Member

    Joined:
    Sep 15, 2015
    Messages:
    439
    @eltell69, once you are able to download and set your VPN client please post snips of your configuration here (remove personal info) so everyone can view its settings and offer suggestions on how to tweak them to make it work.


    Sent from my iPhone using Tapatalk
     
  11. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,751
    Location:
    UK
    Yes, but that was my point. The "Merlin instructions" are so out of date that the "stock" instructions are more appropriate for Merlin's current firmware now.
     
  12. eltell69

    eltell69 Occasional Visitor

    Joined:
    Apr 3, 2018
    Messages:
    26
    Well Marin, Colin what I've done now is re-installed the stock asus f/w to get aimesh back again as it was perfect for what I wanted regarding the other static ip's and streaming from the fetchbox. I then reinstalled the merlin f/w and got a work around to enable the aimesh to work with it and it does so all's good.
    Now the next thing I tried was to install the nordvpn .ovpn file but the main rt-ac88u router won't install it as after browsing and uploading it it completes then just drops it, tried reloading it but it drops it every time after it loads it. Wonder if this has anything to do with the aimesh workaround that was installed. What do you reckon guys.
    Trying to avoid putting everything back to 'merlin normal' as I'll loose aimesh and not sure the best mode to put the rt-ac86u into whether access point or something else.
    What do you guys think as I'm going round in circles.
     
    Last edited: Mar 1, 2019
  13. Marin

    Marin Senior Member

    Joined:
    Sep 15, 2015
    Messages:
    439
    I don’t use aimesh so I can’t make any recommendations - although I don’t know how you were able to get that working since Merlin’s firmware does not support it.

    Would recommend that you include some pics of your VPN configuration screens so others can review and advise. Please remove any personal info from these before posting.


    Sent from my iPhone using Tapatalk
     
  14. eltell69

    eltell69 Occasional Visitor

    Joined:
    Apr 3, 2018
    Messages:
    26
    Hi Marin I included the home shot just to verify the aimesh with Merlin's f/w. The other screen shot is of the vpn settings, as explained earlier when I browse and load the .ovpn file it loads momentarily then seems to revert to the prior state just before loading and reloading doesn't make any difference, hope this is what your asking for.
     

    Attached Files:

  15. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    7,751
    Location:
    UK
    Your VPN screenshot doesn't show any entries in the username or password fields. Have you just removed them for privacy reason, or have you forgotten to type them in?

    You have blacked out some of the other options regarding IP address and crypto so I can't check those. That is publicly available information so there's no need to hide it.

    You should also have some "Custom Configuration" entries in the box at the bottom of the page. If you cut and paste that into your post I can check it against what I've got.
     
  16. Marin

    Marin Senior Member

    Joined:
    Sep 15, 2015
    Messages:
    439
    Under the VPN Client tab (VPN tab--> VPN Client tab):

    Service state: Slide to ON

    Automatic Start at boot time = Yes

    Accept DNS Configuration = Strict

    Username = Don't forget to enter this (usually the email address from NORDVPN account)

    Password: Don't forget to enter this (from NORDVPN account)

    Cipher negotiation - DISABLE

    Log verbosity = 3

    Compression = DISABLE

    TLS Renegotiation time = -1

    Connection Retry Attempts = -1

    Policy Rules = Strict

    Block Routed Clients.... = No

    Rules:

    Router 192.168.1.1 0.0.0.0 WAN
    All Devices 192.168.1.0/24 0.0.0.0 VPN

    Copy and Paste the following under the Custom configuration window:

    dhcp-option DNS 103.86.96.100
    dhcp-option DNS 103.86.99.100

    resolv-retry infinite
    remote-random
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    ping 15
    ping-restart 0
    ping-timer-rem
    explicit-exit-notify 3
    remote-cert-tls server
    pull
    fast-io

    Make sure to "Apply" after you make the above changes

    Then go to WAN tab of the GUI....

    Under WAN DNS Settings, enter the following:

    Connect to DNS server automatically = No

    then enter the following under each DNS server space (these are NordVPN servers but you can use other ones if you would like - if you do make sure that this info matches with the first 2 lines on Custom Configuration window - see info in green):

    DSN Server 1 = 103.86.96.100

    DNS Server 2 = 103.86.99.100

    Make sure to "Apply" when you are done entering this info


    Hopefully this helps.
     
    Last edited: Mar 2, 2019
  17. eltell69

    eltell69 Occasional Visitor

    Joined:
    Apr 3, 2018
    Messages:
    26
    Hi Colin as explained earlier the .ovpn file doesn't fully load and therefore auto config some of the settings, here is a shot of the page with the custom cofig setts but no nord login details
    as whats the point if nothing loads.

    Marin I did some of what you suggest but not sure if all. I notice I didn't include the 'explicit-exit-notify 3' in the custom setts but will go through it all again and retry.
    Thanks Colin and Marin will let you know the outcome.
     

    Attached Files:

  18. Marin

    Marin Senior Member

    Joined:
    Sep 15, 2015
    Messages:
    439
    After you Browse for your NordVPN .ovpn file make sure to click on Upload then enter all the rest of the info I mentioned on the previous post.

    You must enter the username and password as without it you will not be able to access NordVPN servers.

    After you enter all the info I mentioned (including on the WAN tab of the GUI) then go back to the VPN client tab and move the slider to ON. Then Apply.

    Try rebooting the router after all of this.


    Sent from my iPhone using Tapatalk
     
  19. eltell69

    eltell69 Occasional Visitor

    Joined:
    Apr 3, 2018
    Messages:
    26
    Well Marin did what you suggested regarding the custom config plus the server state slider to on and all is working good now and when on nordvpn site I'm in 'protected' mode.
    Strange thing though when changing the server state slider to 'on' initially and then the router auto applied the slider came back as 'off' but when changing slider to on after entering login details it stayed on then I was able to load the .ovpn file and the rest of the settings.
    Thank you for your assistance Marin great stuff.
    Just one more thing if you don't mind, I'm unable to stream using the fetchtv box which as the rest of my lan has it's own static ip. I realize because the router setting is at 'strict' as regards
    policy rules so how do I go about allowing a particular ip access to the web for streaming as in downloading movies.
     
  20. Marin

    Marin Senior Member

    Joined:
    Sep 15, 2015
    Messages:
    439
    It maybe that some of your streaming providers (Netflix, etc) are blocking content due to VPN. To circumvent these issue you have two options:

    Option 1:


    Go to the LAN tab of the GUI and under the DHCP server tab. There under the Manual Assignment, change Enable Manual assignment to Yes.

    Then on the section below it (Manually Assigned IP....) beginning from left box to the right, find your device and give it a static IP (make sure to use the + sign when you add)

    After you are done, Apply. This will ensure that your streaming device will always have the same IP address at all times.

    Then go to your VPN Client tab and under the “Rules for routing clients....” section (very bottom of the page), add you streaming device there and choose WAN as the iFace. This will ensure that your device will bypass VPN.

    Make sure to apply.

    Now turn off the streaming device and leave off. Reboot the router and after few minutes that it has been on, turn on your streaming device.


    Option 2:

    If Netflix is what you use the most then see the post regarding @Xentrk’s Netflix Selective Routing. After I used that one, I no longer needed to use Option 1. For that you must have your jffs custom scripts and configure enabled (under Administration—>System—> Persistent JFFS2 partition). Enable them there and leave “Format jffs....” to No.






    Sent from my iPhone using Tapatalk