Setting Up NordVPN on Asus RT-AC68U

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

smallnet

Occasional Visitor
I am trying to follow the instructions here:

Based on step 7, I import the .opvn file, and it prepopulates some fields, as expected. Then, as I get to step 9 of the instructions, it tells me to:

Code:
9. In the Custom Configuration field, enter this text:

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0

#log /tmp/vpn.log
But there is already code in the Custom Configuration field, specifically, it was inserted there by the import of the .opvn file.

How do you handle this, do you remove what's prepopulated and put the code form step 9?
Do you merge these entries (add to whatever is already there)?

EDIT: I am asking here in case someone knows, but have an outstanding question sent to NordVPN and if they respond, I'll post here.

EDIT2:
Just to close this out, NordVPN got back to me saying:

"In step 9 of the AsusWRT Merlin tutorial, you have to change everything that is in that Custom Configuration field to the given text so that it looks the same as in the provided picture."
 
Last edited:

ColinTaylor

Part of the Furniture
Just ignore that step. All of those entries are already in the ovpn file you download from their website (you can compare them yourself just to make sure).
 

cooloutac

Very Senior Member
I am trying to follow the instructions here:

Based on step 7, I import the .opvn file, and it prepopulates some fields, as expected. Then, as I get to step 9 of the instructions, it tells me to:

Code:
9. In the Custom Configuration field, enter this text:

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0

#log /tmp/vpn.log
But there is already code in the Custom Configuration field, specifically, it was inserted there by the import of the .opvn file.

How do you handle this, do you remove what's prepopulated and put the code form step 9?
Do you merge these entries (add to whatever is already there)?

EDIT: I am asking here in case someone knows, but have an outstanding question sent to NordVPN and if they respond, I'll post here.
yes just paste over it. might be the same thing though double check. If I recall a few entries were different when I last did it. make sure you using the latest instructions though these vpn websites archive them alot.
 

Jack Yaz

Part of the Furniture
I'm going to shamelessly plug my script https://github.com/jackyaz/vpnmgr

Which makes setting up NordVPN easy and automated. It integrates with the recommended server API so you can set it up to automatically use the latest recommended server on a schedule, amongst other things
 

rugglebear

Occasional Visitor
I'm curious about something.

The NordVPN Article for configuring Merlin says to use these two DNS Servers:

103.86.96.100
103.86.99.100


The source article is here, Step #10:

1607090901135.png


What confuses me is that those DNS servers (103.86.96.100 & 103.86.99.100) seem to point to this
ISP:
Datacamp Limited

Country:
Singapore

When I opened a Support Ticket with NordVPN they claimed those are not NordVPN DNS Servers...

@smallnet do you also return that ISP when running www.dnsleaktest.com ?

@Jack Yaz Does your script update those DNS IP Addresses automatically too?

Thanks!
 
Last edited:

ColinTaylor

Part of the Furniture
The NordVPN Article for configuring Merlin says to use these two DNS Servers:

103.86.96.100
103.86.99.100


The source article is here, Step #10:

View attachment 28199

What confuses me is that those DNS servers seem to point to this
ISP:
Datacamp Limited

Country:
Singapore
NordVPN appear to be incapable of producing accurate and consistent documentation. Apart from the previously discussed redundant Step 7 the DNS information is also misleading.

The 103.86.96.100 and 103.86.99.100 addresses appear to geolocate. So for me they look to be located in France (because I'm in the UK). Those address do at least appear to be publicly accessible unlike the two addresses shown in their screen shot, 103.86.96.96 and 103.86.99.99. These later addresses should not be entered as WAN DNS servers. :rolleyes:

Personally I don't trust the availability of any of NordVPN's DNS servers so I don't use them for the router's WAN DNS.

 

rugglebear

Occasional Visitor
NordVPN appear to be incapable of producing accurate and consistent documentation. Apart from the previously discussed redundant Step 7 the DNS information is also misleading.

The 103.86.96.100 and 103.86.99.100 addresses appear to geolocate. So for me they look to be located in France (because I'm in the UK). Those address do at least appear to be publicly accessible unlike the two addresses shown in their screen shot, 103.86.96.96 and 103.86.99.99. These later addresses should not be entered as WAN DNS servers. :rolleyes:

Personally I don't trust the availability of any of NordVPN's DNS servers so I don't use them for the router's WAN DNS.

Thanks, I'm glad to know I'm not going crazy. I definitely overlooked the screenshot DNS's were different.

So then two things:

1) To be clear, which of these are you saying should not be entered?

103.86.96.100 & 103.86.99.100

Or

103.86.99.99 & 103.86.96.96


2) Which DNS Servers do you recommend to use for the WAN DNS combined with NordVPN?

Thanks again!
 

ColinTaylor

Part of the Furniture
1) To be clear, which of these are you saying should not be entered?
Do not enter these: 103.86.99.99 & 103.86.96.96

2) Which DNS Servers do you recommend to use for the WAN DNS combined with NordVPN?
I don't really have a recommendation as my use case is probably different than most people's. I don't have the VPN enabled most of the time so I use my ISP's DNS servers as they are the quickest. Also, even when I do enable the VPN I'm not interested ensuring that DNS leaks never happen in any circumstance. So it all comes down to what the individual is trying to achieve.
 

Jack Yaz

Part of the Furniture

Jack Yaz

Part of the Furniture
I'm curious about something.

The NordVPN Article for configuring Merlin says to use these two DNS Servers:

103.86.96.100
103.86.99.100


The source article is here, Step #10:

View attachment 28199

What confuses me is that those DNS servers (103.86.96.100 & 103.86.99.100) seem to point to this
ISP:
Datacamp Limited

Country:
Singapore

When I opened a Support Ticket with NordVPN they claimed those are not NordVPN DNS Servers...

@smallnet do you also return that ISP when running www.dnsleaktest.com ?

@Jack Yaz Does your script update those DNS IP Addresses automatically too?

Thanks!
i wouldn't recommend setting WAN DNS to VPN servers. You should be able to set Accept DNS to Exclusive then anything going through the VPN tunnel will use Nord's DNS.
 

cooloutac

Very Senior Member
i wouldn't recommend setting WAN DNS to VPN servers. You should be able to set Accept DNS to Exclusive then anything going through the VPN tunnel will use Nord's DNS.
this is what I do.

but also make sure your wan dns isn't set to automatic. On stock for example it will tell you your internet is disconnected on my network. It causes sketchy problems. and I recommend against using isp's dns servers regardless because they are a huge security risk. Just put any public dns there like cloudflare or google or opendns etc...

And Ya I agree with Colin don't use the vpn servers from the nord picture. Thats a real oversight from Nord, probably using pictures from a previous tutorial that is now outdated. The customer service is abysmal, but expressvpn and pia are pretty much on par with them. You can't expect much help from these vpn companies is what i've come to learn.
 

RMerlin

Asuswrt-Merlin dev
You are overthinking it...

1) Download OpenVPN config file from NordVPN server page
2) Upload it to your router
3) Enter username and password
4) Set DNS mode to "Exclusive"
5) Start your VPN client
 

smallnet

Occasional Visitor
Just to close this out, NordVPN got back to me saying:

"In step 9 of the AsusWRT Merlin tutorial, you have to change everything that is in that Custom Configuration field to the given text so that it looks the same as in the provided picture."
 

cooloutac

Very Senior Member
Just to close this out, NordVPN got back to me saying:

"In step 9 of the AsusWRT Merlin tutorial, you have to change everything that is in that Custom Configuration field to the given text so that it looks the same as in the provided picture."

ignore the picture, just paste over everything that it tells you to put from the tutorial text. I doubt They mean the actual text from the picture, just the spot and how its pasted there in the same format.

I personally had problems using Nord on an ac66u_b1 and ax58u. Constant timeouts and the occasional auth fail. Their customer support either told me something was wrong with the firmware or that my password was compromised lol. People on these forums were blaming my ISP. I gave up on them and switched to PIA which has no issues. With them you don't even have to change anything from the default in that custom config field. Only thing I have ever added there for PIA is the dns server address for my pi-hole, or the PIA dns addresses (which they recommend you put in the .ovpn file) PIA openvpn and wireguard was just as fast as Nord in my area and not blocked by networks any more or less.
 

takalti

Occasional Visitor
I have Nord setup on our AC-86U, working fine. I set DNS to "Disabled" and use OpenDNS in the WAN config. Additionally I do have some DNS filtering setup; a couple of devices that are set up to go through Nord's Smart DNS (specifically the smart tvs). Note that in DNS filtering I have the default set to "Router" (I had accidentally set this to OpenDNS Home and had no end of issues connecting devices!).
Finally I have a TCP/UDP drop on port 53 setup so that devices cannot bypass OpenDNS by picking their own dns. I am pretty sure though that if a device is using a VPN client (including the Nord one) that they will bypass the router DNS handling; though I havent done any testing to confirm that is the case.

For setup, I just uploaded the config file, left pretty much everything else default, copied and pasted in the text as shown in the Nord Merlin setup page.
I also added a WAN entry for the router's IP at 192.168.1.1, and VPN entry for the whole network at 192.168.1.0/24
I do have a couple of gaming devices set to "WAN" to allow them to bypass the VPN to reduce ping when gaming.

So far so good.

I highly recommend having a read of this page Policy based routing · RMerl/asuswrt-merlin.ng Wiki · GitHub as it helps get some of the info straight. I also did come across a DNS line that can be added to the copy/paste config for the VPN in the router:
push "dhcp-option DNS 192.168.39.9"

more info on that in this thread: (2) AsusWRT / Merlin 380.66_4 OpenVPN DNS server setting | SmallNetBuilder Forums (snbforums.com)
Note that I didnt end up using that config as I wanted the router to handle the DNS anyway.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top