VPN Client on Asus RT-AC86R with Merlin 380.65 not functioning

[raylock]

I have an RT-AC68R behind a Verizon G1100 router and am attempting to use the VPN client. The status shows "connecting" but it never does. The Asus has a LAN connection to the Verizon router. I notice that if I go "to the diagnostics panel and attempt to ping any address, i.e. Google, I get a "Bad Address" message. I also see * Reminder: The system time has not been synchronized with an NTP server" and "* Reminder: The System time zone is different from your locale setting" even though the router has been set to the local time zone. The Asus passes DNS requests from further down stream without a problem but it seems unable to pass data generating from the router itself (VPN, ping, NTP requests)

If anybody has any idea what is going on here, or has suggestions I would greatly appreciate your input. Thanks.

 

[pitboss]

What operation mode is this?
AFAIK you cannot do VPN if you are not in routing mode.

 

[bbunge]

You either need to bridge the Verizon modem or set port forwarding to the Asus. DMZ in the Verizon might work.

 

[raylock]

What operation mode is this?
AFAIK you cannot do VPN if you are not in routing mode.

The Asus is in wireless router mode. DHCP dissabled

 

[raylock]

You either need to bridge the Verizon modem or set port forwarding to the Asus. DMZ in the Verizon might work.

Thanks. I need to educate myself on port forwarding

 

[raylock]

You either need to bridge the Verizon modem or set port forwarding to the Asus. DMZ in the Verizon might work.

Thanks for the ideas. Unfortunately the DMZ did not solve the problem and PIA says only that they don't support port forwarding. I think I have hit a brick wall

 

[Zirescu]

I have an RT-AC68R behind a Verizon G1100 router and am attempting to use the VPN client. The status shows "connecting" but it never does. The Asus has a LAN connection to the Verizon router. I notice that if I go "to the diagnostics panel and attempt to ping any address, i.e. Google, I get a "Bad Address" message. I also see * Reminder: The system time has not been synchronized with an NTP server" and "* Reminder: The System time zone is different from your locale setting" even though the router has been set to the local time zone. The Asus passes DNS requests from further down stream without a problem but it seems unable to pass data generating from the router itself (VPN, ping, NTP requests)

If anybody has any idea what is going on here, or has suggestions I would greatly appreciate your input. Thanks.

You'll need to get the system clock set correctly or the authentication won't succeed.

 

[raylock]

You'll need to get the system clock set correctly or the authentication won't succeed.

OK, thanks for that. I telnet'ed the new time and date. Hopefully it will now update itself. However, I can not ping an outside address from the router. I can ping the upstream router 192.168.1.1 ok, but when I try to ping outside I get a message that address is unreachable. I have tried putting the router in a DMZ but that didn't help. I suspect that whatever is keeping me from being able to ping outside is also keeping the clock from updating and the VPN from working. That is a wild guess. I really am only learning about this process.

 

[Zirescu]

Verify that the gateway is also pointed to 192.168.1.1, if you're not getting the DNS to the 68R that'll trip up the automatic NTP client from updating, so you will either need to enter in the DNS servers manually or you could replace the ntp server name with the IP address.

 

[pitboss]

How are you connected to the G1100 router? LAN only? You said DHCP is disabled, so are you using DHCP from G1100?
If this is my network, what I will do is to setup my asus in a router mode and hook a cable from G1100 into the WAN port, not LAN port. The WAN port will be configured as a static connection with G1100 as my asus gateway. I will enable my asus DHCP and all my other devices will connect to my asus WiFi or wired ports. This way the VPN clients will work as long as there is a WAN port active to initialise.

 

[raylock]

If this is my network, what I will do is to setup my asus in a router mode and hook a cable from G1100 into the WAN port, not LAN port. The WAN port will be configured as a static connection with G1100 as my asus gateway. I will enable my asus DHCP and all my other devices will connect to my asus WiFi or wired ports. This way the VPN clients will work as long as there is a WAN port active to initialise.

I finally got it working in LAN to WAN mode. It was a learning process with a lot false moves. VPN is pitifully slow. Without engaging VPN my speed is about 95/95 Mbps if I connect to the Verizon router, however, when I connect to the Asus behind it, my speed drops to 33/35. It may be a hardware problem in the Asus, I don't know. I need to connect them with a new cable to see if that makes a difference. If I engage the VPN on the router, it connects but the speed drops way into the Kbpm range (two separate VPN vendors, PIA and Nord).

 

[Zirescu]

Speed will be slower over VPN as it is CPU intensive. If you want faster access using the computer VPN client.

 

[raylock]

Yes, I understand that. I have two issues. First the Asus router seems to slow things down by half before activating any VPN. I don't understand that. Second, and it may be related, the VPN speed has dropped from 40 Mbts into Kbts and that is after the 50% drop caused by the router alone. I really think there is a problem . Hopefully, I can find a fix or I will have to get another router or just give up on my project.

 

[pitboss]

The 68R is listed as having a dual-core 800mhz cpu from broadcom. OpenVPN is a single-threaded application and as such will only use a single core for processing. At 800mhz, it will not be able to do more than 15mbits on a full-blown highly secure openvpn servers (Encrypted data-channel is enabled). I get about 10mbits only on a AC66U which has a single core 600Mhz.
If you do not have a 1.2Ghz and above, it is not recommended to use a slower CPU as a VPN gateway/client if you want to achieve a 30Mbit and above traffic.

You can test your CPU response by connecting to your VPN providers and download a large file or p2p and while its downloading, look at the cpu usage in asus web-gui.

Other than that, use your devices as the vpn client as the latest cpu in most desktop/laptop/mobile performs extremely well and you may only lose a small percentage of your ISP rated speed.

 

[raylock]

Forgetting VPN for the moment, I still don't get the drop in speed through the AC68. It's a gigabit router so 90Mbps into the router should result in about 90 Mbps out of the router. That is my biggest quandary at the moment. I will be happy to get 10 to 20mbps from the router after the VPN is activated. At the moment it is less than 1 mbps. My intent was to use the router and VPN as a source for streaming to an Amazon Fire TV. Nothing else will be hooked up to it. I could put a vpn client on the Amazon TV but that is awkward since the latest firmware can't yet be rooted. As you can tell, this is hobby related but I would like to figure out what is wrong with the router. Could be a hardware issue or the way I set it up. The search goes on

 

[pitboss]

Appreciate if you can update your current situation now.
1. Have you change to the cat6 cable?
2. Is there any error from the system log?
3. What kind of additional settings have you done?
4. How did you do the speedtest?

Before doing the following, do this first (only for 68U/R)
1. Login to Asus>LAN>Switch Control> Select Disable Nat Acceleration instead of Auto.
2. Apply and reboot and run the speedtest again.

And if that doesnt work, do the following:

Preferably do a complete reset, erase all settings and then just do the minimum settings of WAN static connection to your G1100. I had some issues with 500mbit ISP too before. I can only get 50mbit but went to the max after changing the cable. You can also do a data transfer between 2 computers using the lan ports in 68R. This will show if the router lan ports is working correctly.

 

[raylock]

Appreciate if you can update your current situation now.
.

Something has changed. The problem seems to have gone away
Speed (no VPN) was: G1100 88/95 and Asus 68R 72/95 (See note below about VPN speed)
1)I changed to another Cat5e cable (Need to go out and get a Cat6 today)
2)Lots of stuff in the log that I didn't understand but I noted it was trying to do something with Client 3 and I didn't have Client 3 engaged (or so I thought) It looks like I checked "start with WAN" in each of the three openVPN clients I set up.
3)Pretty vanilla just to get LAN to WAN set up.
4) Speed tests done at DSL Reports.com
I disabled Nat Acceleration. I am not sure what that does. Actually, never looked at that page before.
The speed test at PIA is now 42/42 and at Nord is 37/37. I am pretty happy if those are correct. As you pointed out that seems too high for this router. Anyway, off to the mother-in-laws for Sunday Pasta