What's new

RT-AC86U - VPN company have advised switching to Merlin - advice pls.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

stagger321

Occasional Visitor
HI there.

I have a RT-AC86U that I have been running stock ASUSWRT for a couple of weeks now.
But I've been having issues getting OpenVPN client to work - it says is connected, but I lose all internet.
After a number of email ping-pong with the VPN provider I have had the following response.

"Your logs indicate that OpenVPN is initializing normally, which means that the issues browsing are likely related to another issue with the firmware. I strongly suspect that your router isn't NATing LAN traffic properly for this to occur. ASUSWRT is quite locked-down by default, which makes troubleshooting difficult.
I'd recommend upgrading to Merlin"

So with that in mind, id like to give it a go. As I understand it you can reset back to stock if I choose to?
How easy is this?

I am not an IT newbie, but I don't really want to spend 1/2 my life digging into configs to tweak and massage the opensource build so I have it working reliably.
So how easy is Merlin to configure? I am happy to dip around to optimise settings later, and learn some stuff, but I want it working relatively easily and not be without a working router for a couple of weeks.

Cheers
 
HI there.

I have a RT-AC86U that I have been running stock ASUSWRT for a couple of weeks now.
But I've been having issues getting OpenVPN client to work - it says is connected, but I lose all internet.
After a number of email ping-pong with the VPN provider I have had the following response.

"Your logs indicate that OpenVPN is initializing normally, which means that the issues browsing are likely related to another issue with the firmware. I strongly suspect that your router isn't NATing LAN traffic properly for this to occur. ASUSWRT is quite locked-down by default, which makes troubleshooting difficult.
I'd recommend upgrading to Merlin"

So with that in mind, id like to give it a go. As I understand it you can reset back to stock if I choose to?
How easy is this?

I am not an IT newbie, but I don't really want to spend 1/2 my life digging into configs to tweak and massage the opensource build so I have it working reliably.
So how easy is Merlin to configure? I am happy to dip around to optimise settings later, and learn some stuff, but I want it working relatively easily and not be without a working router for a couple of weeks.

Cheers

Visually they are identical, Merlin is based on the same source code with a few extra features baked in. Switching between firmware's is the same as any other firmware update, except its best to factory restore after.
 
Well, I have Merlin 384.7 installed, and configured. As you all say - easy-peasy.

I wish setting up PIA VPN client was?
Anyone here using this for OpenVPN client connection??

Config for Merlin is far more complex that for ASUSWRT, but have had the same level of success - i.e none.
It says its connected - but no internet.
PIA support have suggested disabling Cipher Negotiation, but again - nothing. :(
 
PIA runs very well and is very stable using Merlin. Just follow the links above and it will give you the step by step.

Most of the settings are setup when you download an ovpn file from PIA then upload it into the software using the button. Add your user name and password and then a couple of adjustments as outlined above and you will be good to go.
 
Hi Guys,
I'd already tried the instructions in the first link. When that didn't work I opened the PIA support ticket, because whatever I set did not work. This included importing via a .ovpn file (and tweaking) or manually typing in.
The PIA admin I am in correspondence with has suggested a few things after taking a copy of my syslog, but still no joy.
The RT-AC86U says its connected, but no internet - even after reboot.
It's noticeable that the firmware must have changed since the instructions the 'SOLUTION' thread was written as the order of the setup is different in the current VPN Client panel, and items like "Firewall: Automatic" don't exist.

I should also point out (as per prev threads) I am using my old Talktalk Huawei modem router in bridge mode to provide the modem element. This couldn't be anything to do with it could it?
 
Last edited:
Set DNS mode to "Exclusive".
 
Did you specifically add clients to your configuration?

Hi RMerlin.
Tried that mate - no joy. :(
The VPN Status page is giving me a local and public IP, but I lose all internet on my clients.
 
Did you specifically add clients to your configuration?
Hi hifiwifi.
Not sure what you mean - Did I add VPN clients to the ASUS setup?? or local clients (phones, tablets etc) to my network??
The answer to both is yes.
I have been using PIA for about 3 years now, via Windows PC OpenVPN client install, and via a painful Raspberry Pi OpenVPN build, so I am not a newbie with it.
I purchased the RT-AC86U as it provided a single VPN Client option for my entire home network, rather than having to rely on lots of local installs, or a slow'ish Rasp-Pi option.
I'll post a pic showing my London PIA VPN client setup on the ASUS later.
This isn't a straight forward issue, otherwise by now the PIA admin would have been able to resolve it.
I was advised to load Merlin by that admin, as it should make things easier to debug apparently.
 
Hi mate,

I use PIA on my RT-AC86U using the setup below. Never had issues with it.



All i do then under Rules for routing client traffic through the tunnel i select which devices i want to route via the VPN tunnel (all my devices are given manually assigned static ip addresses so there LAN IP never changes) you can do that via LAN > DHCP Server > under Manually Assigned IP around the DHCP list.

One thing where it says Server Address and Port on VPN Client configuration page in pic it shows uk-southampton.privateinternetaccess.com for london just change to uk-london.privateinternetaccess.com. Mine is usually set to london server but it went down several days ago and not bothered changing it back since.
 
Last edited:
Thanks Netbug.

From what you've posted it looks very similar to my setup. There may be the odd subtle difference which I will clarify when I get back on the router this evening, but I do seem to get a valid connection i.e I get the "Connected (Local : XXXX, Public YYYY)" status, but no internet to any devices.

Later on I'll post snapshots of the VPN Client page, What I have in the certificates/keys panel, and the portion on my syslog after enabling the VPN.
Belt'n'Braces I'll also select the Southampton connection like you - currently using London. It shouldn't make any difference - but you never know.......

(BTW I already have a load of static IP's so I can setup exclusions for things like my sons Xbox, but until this is working I will Rule option disabled.)

Its almost as if it isn't NAT'ing properly when VPN is enabled. (Yes, Create NAT on Tunnel is enabled)
 
Hi all,

OK, its working. Many thanks to Netbug.
The setup that Netbug posted above has now worked for me with two UK based VPN server setups .
I've now verified this with specific clients on my network, and speed wise its pretty damn quick - so I am happy.
It seems there are subtleties in Netbugs setup that has got this working. I don't know which of these have solved it. All I know is its working - so will leave as is.
Using the Merlin configs listed on the PIA web site did not work, whether I used Policy rules or not.

One question - is there a way to export the working VPN client config so that I can import (via .opvn file) for the other 4 VPN client configs. I can obviously do it manually, but this export option or the ability to clone the config to the other client setups would reduce the manual work for users, and the chance of mistakes.

Thanks for all the advise btw - it is appreciated.
 
Good to here you got it working.

I believe off top of my head the config file can be found in /etc/openvpn/{clientX}

ClientX being ie. client1, client2 etc
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top