setting up OpenVPN client connection

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Chenks

Regular Contributor
i've just installed merlin on AX88U, and the VPN client settings have changed so much that i'm now not sure how to set up an OpenVPN client connection to surfshark.
on stock firmware it was, add profile > name, username, password, upload file (as per https://support.surfshark.com/hc/en-us/articles/360003106093).

however now it's totally different with no place to enter a username/password.
so do you configure this now?
 

RMerlin

Asuswrt-Merlin dev
1595364712441.png
 

royarcher

Very Senior Member
I'm not sure if surfshack is the same as express VPN but if it is you need to enter the VPN locations in first then you will see below it the spots for your username and password will open . You need to do this for each of the 5 location points before you can enter the username and password . You only need to export the open VPN file once though
 

Chenks

Regular Contributor
dunno, but before i installed merlin you added surshark by entering user/pass and uploading the file. that's all that was required.
 

royarcher

Very Senior Member
Have you tried chatting with surfshack support? They will be familiar with Merlin firmware. So with surfshack do you need to upload a different file for each location? Ps after looking at merlins post it looks like you need to check the box for username, password authentication. That may only apply to surfshack , I don't remember having to check that box with express VPN
 

Chenks

Regular Contributor
merlins seems to require more configuration than what surfshark want to tell you (see the link i posted at the start showing their asus instructions).
i attempted to create the client connection.

added my user/pass, uploaded the file, clicked apply and enable.
it then immediately stopped and in the log it says

Jul 22 14:18:24 ovpn-client1[30562]: Options error: You must define CA file (--ca) or CA path (--capath)
Jul 22 14:18:24 ovpn-client1[30562]: Use --help for more information.
 

royarcher

Very Senior Member
Some VPN provider's will actually set it up for you. They send you a link and once opened and activated it enables them to access your router and literally set it up for you. Once that is done you disable the access again and from there they can no longer access your router
. Obviously you need to be comfortable with giving them access. I know torguard offers that service but not sure about surfshack
 

Chenks

Regular Contributor
Surfshark provide instructions for the official firmware, but not Merlin.

Merlin appears to have added numerous settings for the openvpn client config
 

royarcher

Very Senior Member
Surfshark provide instructions for the official firmware, but not Merlin.

Merlin appears to have added numerous settings for the openvpn client config
Maybe you need to find a different VPN provider . I know surfshack are very inexpensive but like the old saying goes,, you get what you pay for,,
 

Chenks

Regular Contributor
Hmmm change VPN just because Merlin seems to have added extra complexity into the settings?

Strange conclusion to make.

Add I said, it worked fine on stock, so not sure what Merlin has done to break it
 

royarcher

Very Senior Member
W
Hmmm change VPN just because Merlin seems to have added extra complexity into the settings?

Strange conclusion to make.

Add I said, it worked fine on stock, so not sure what Merlin has done to break it
Well I suppose I figured it's either the VPN provider or Merlin's firmware that needs to change and I would pick the VPN provider . But seriously now that comment was a bit tongue in cheek. I don't know what is blocking your attempts for it to work. I know that there are a lot of people who use both Merlin and surfshack so hopefully one of those guys will reach out to you
 

royarcher

Very Senior Member
WWell I suppose I figured it's either the VPN provider or Merlin's firmware that needs to change and I would pick the VPN provider . But seriously now that comment was a bit tongue in cheek. I don't know what is blocking your attempts for it to work. I know that there are a lot of people who use both Merlin and surfshack so hopefully one of those guys will reach out to you
Personally though I am a bit lazy I use express VPN because it's so easy to set up and change locations
 

RMerlin

Asuswrt-Merlin dev
Surfshark provide instructions for the official firmware, but not Merlin.

Merlin appears to have added numerous settings for the openvpn client config

This has nothing to do with the settings I added - these are automatically configured by uploading an ovpn file. Your problem is your provider's CA is not embedded in their ovpn file, therefore you must manually enter it.
 

Chenks

Regular Contributor
This has nothing to do with the settings I added - these are automatically configured by uploading an ovpn file. Your problem is your provider's CA is not embedded in their ovpn file, therefore you must manually enter it.

seems strange as the ovpn file works fine on the stock firmware.
it's only when moving to merlin that the problem occured.

looking at the file in notepad++, the CA info is in the file.
 

RMerlin

Asuswrt-Merlin dev
seems strange as the ovpn file works fine on the stock firmware.
it's only when moving to merlin that the problem occured.

looking at the file in notepad++, the CA info is in the file.

Is it in-line, or a reference to an external file? It has to be inline.

The error message says it's missing.

Jul 22 14:18:24 ovpn-client1[30562]: Options error: You must define CA file (--ca) or CA path (--capath)
 

Intrepid2007

Regular Contributor
You can use Surfshark with Merlin firmware, I have it working here.

Surfshark embeds the CA info in their OVPN files...

Regarding the username/password you need: it's not the same username/password account from your Surfshark account!

To get your username/password for the VPN connection, you'll need to log on your user account at the Surfshark website (it works like ExpressVPN).

Keys and certificates should look like this:
1595526809223.png
 
Last edited:

Chenks

Regular Contributor
It's inline.

Section called <ca> and ending with </CA>

And yes I know what user/pass to use. I did say it worked fine with stock firmware
 

Chenks

Regular Contributor
after applying it for a third time (all three attemps being identical), it finally accepted the config and connected.
obsure bug maybe? who knows, it's works now.
 

royarcher

Very Senior Member
It's inline.

Section called <ca> and ending with </CA>

And yes I know what user/pass to use. I did say it worked fine with stock firmware
after applying it for a third time (all three attemps being identical), it finally accepted the config and connected.
obsure bug maybe? who knows, it's works now.
So it was surfshack after all you really do get what you pay for then?
 

Chenks

Regular Contributor
How to do you come to that conclusion?
It was the router not importing the ovpn file correctly, and on the third attempt it did.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top