What's new

Trying to using PIA with a ASUS RT-AC86U cant get it to work.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dfrer

New Around Here
Hi i've set up my VPN with the proper config file but everytime i start the vpn anything connected to the router drops out immediately.

Thanks for any help.
 
Much more information needed.
 
Much more information needed.
Trying to use OpenVPN with private internet access on a Asus AC 86 U with the merlin firmware installed

I used the config file generated on PIA's website and whenever I start the VPN my computer cannot connect to any websites.

Jul 6 20:56:07 ntpd: Initial clock set
Jul 6 20:56:08 rc_service: ntpd_synced 1949:notify_rc restart_diskmon
Jul 6 20:56:08 disk_monitor: Finish
Jul 6 20:56:08 disk_monitor: be idle
Jul 6 20:56:08 miniupnpd[1973]: HTTP listening on port 34772
Jul 6 20:56:08 miniupnpd[1973]: Listening for NAT-PMP/PCP traffic on port 5351
Jul 6 20:56:08 rc_service: udhcpc 1887:notify_rc stop_samba
Jul 6 20:56:08 rc_service: udhcpc 1887:notify_rc start_samba
Jul 6 20:56:08 rc_service: waitting "stop_samba" via udhcpc ...
Jul 6 20:56:08 wsdd2[1728]: Terminated received.
Jul 6 20:56:08 Samba_Server: smb daemon is stopped
Jul 6 20:56:09 dhcp_client: bound 10.0.0.55/255.255.255.0 via 10.0.0.1 for 172800 seconds.
Jul 6 20:56:09 Samba_Server: daemon is started
Jul 6 20:56:10 WAN_Connection: WAN was restored.
Jul 6 20:56:11 roamast: ROAMING Start...
Jul 6 20:56:46 crond[1655]: time disparity of 1668891 minutes detected
Jul 6 20:58:27 rc_service: httpd 1658:notify_rc start_vpnclient1
Jul 6 20:58:27 ovpn-client1[2541]: DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning.
Jul 6 20:58:27 ovpn-client1[2541]: OpenVPN 2.5.2 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 6 2021
Jul 6 20:58:27 ovpn-client1[2541]: library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.08
Jul 6 20:58:27 ovpn-client1[2542]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 6 20:58:27 ovpn-client1[2542]: CRL: loaded 1 CRLs from file crl.pem
Jul 6 20:58:27 ovpn-client1[2542]: TCP/UDP: Preserving recently used remote address: [AF_INET]172.98.89.202:1198
Jul 6 20:58:27 ovpn-client1[2542]: UDP link local: (not bound)
Jul 6 20:58:27 ovpn-client1[2542]: UDP link remote: [AF_INET]172.98.89.202:1198
Jul 6 20:58:27 ovpn-client1[2542]: [vancouver409] Peer Connection Initiated with [AF_INET]172.98.89.202:1198
Jul 6 20:58:27 ovpn-client1[2542]: TUN/TAP device tun11 opened
Jul 6 20:58:27 ovpn-client1[2542]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jul 6 20:58:27 ovpn-client1[2542]: /usr/sbin/ip link set dev tun11 up
Jul 6 20:58:27 ovpn-client1[2542]: /usr/sbin/ip addr add dev tun11 10.8.112.177/24
Jul 6 20:58:27 ovpn-client1[2542]: ovpn-up 1 client tun11 1500 1553 10.8.112.177 255.255.255.0 init
Jul 6 20:58:30 ovpn-client1[2542]: WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun11, therefore the route installation may fail or may not work as expected.
Jul 6 20:58:30 ovpn-client1[2542]: add_route_ipv6(2000::/3 -> :: metric -1) dev tun11
Jul 6 20:58:30 ovpn-client1[2542]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 6 20:58:30 ovpn-client1[2542]: Initialization Sequence Completed

heres a log frm the router

Thanks again.
 
Which RMerlin firmware are you using?

When did you install it?

Have you ever performed a full reset to factory defaults after flashing the firmware you want to use?

Followed by a minimal and manual configuration of the router? And without importing a saved backup config file.
 
Which RMerlin firmware are you using?

When did you install it?

Have you ever performed a full reset to factory defaults after flashing the firmware you want to use?

Followed by a minimal and manual configuration of the router? And without importing a saved backup config file.
Merlin version - RT-AC86U_386.2_6

Installed earlier tonight.

Just tried full reset now - No luck.

I am quite new to networking so im not 100% sure what I would change within the config.
 
This is what a full (nuclear) reset looks like.

Fully Reset Router and Network

As long as you use the WPS method appropriate for your router, the router should be reset. But it has helped others get their routers back to a good/known state (or, indicated possible hardware issues).

That isn't the recommended method anymore. Not even by Asus

Here are the best practices to get the router configured to a default level.

Best Practice Update/Setup Router/AiMesh Node(s) 2021
Okay thanks a lot man ill try all of those out

Thank you very much for the help.
 
No need for a factory default reset...

Jul 6 20:58:30 ovpn-client1[2542]: add_route_ipv6(2000::/3 -> :: metric -1) dev tun11
Asuswrt's OpenVPN implementation does not support IPv6. Add these to your Custom settings:

Code:
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "router-ipv6"

Also make sure you set DNS Mode to "Exclusive", as some tunnels will block DNS traffic that doesn't use their own DNS servers.
 
No need for a factory default reset...


Asuswrt's OpenVPN implementation does not support IPv6. Add these to your Custom settings:

Code:
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "router-ipv6"

Also make sure you set DNS Mode to "Exclusive", as some tunnels will block DNS traffic that doesn't use their own DNS servers.
Hey Merlin thanks so much for responding.
I added your code to the the Custom Configuration, but still no luck. I also set DNS in the 'Accept DNS Configuration' to exclusive not 100% sure if thats the one you meant.
Also I am using the preconfigured config sent by PIA should I just clear it and do it myself?
Thanks a lot again for responding.
 
Hey Merlin thanks so much for responding.
I added your code to the the Custom Configuration, but still no luck. I also set DNS in the 'Accept DNS Configuration' to exclusive not 100% sure if thats the one you meant.
Also I am using the preconfigured config sent by PIA should I just clear it and do it myself?
Thanks a lot again for responding.
Another odd thing I just noticed is that while I cant use google or YouTube or any normal browsing sites like reddit - for some reason my phone can specifically use snapchat and nothing else?
 
Did you reboot the router (and possibly the client devices too)?
 
Also I am using the preconfigured config sent by PIA should I just clear it and do it myself?
Uploading their config file should be fine (and also entering your username/password, and selecting Exclusive DNS and Policy routing).
 
Also, ensure you have the certificates loaded under "Crypto Settings". Sometimes these did not get transferred from the opvn, at least for me.

Clik on the edit button and ensure you see them under "Certificate Authority" and "Certificate Revocation List". If they're missing copy and paste from the file you downloaded.
 
Uploading their config file should be fine (and also entering your username/password, and selecting Exclusive DNS and Policy routing).
Sorry for the late response.
Exclusive DNS is on, is the policy routing under Advanced settings? I could only find Policy Rules.
 
Also, ensure you have the certificates loaded under "Crypto Settings". Sometimes these did not get transferred from the opvn, at least for me.

Clik on the edit button and ensure you see them under "Certificate Authority" and "Certificate Revocation List". If they're missing copy and paste from the file you downloaded.
Checked it out seems like they are there.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top