VPN traffic redirect and kill switch problem

[GK59]

st3v3n, you know I do like the idea of the conversion and would be up for it but I've also been buying inexpensive routers for years now and willing to go upwards but again that TM-AC1900 does sound interesting for sure. I'll surely look at both that and the RTAC-66_B1 but the 1.8Ghz cpu on the RT-AC86U is so tempting for me, though it is at my predetermined budget, decisions decisions. Worth noting tho, we do a lot of streaming here, our area is about 1500 sq ft coverage so the memory would be a key issue and cpu and is why I also like your RT-AC3200 since our complex has many units with boatload of wireless clients, do you find that that 3rd band helps or is just good insurance? This will aid in my decision which is boiling down now to your AC3200 and the AC86U.

Edit: After some thought I may give that RTAC-66_B1 a shot before I move to a higher model to see how it goes with our current configuration, does this one have dual core as well as the TM-AC1900?. The one thing that's really bothering me atm is I use ExpressVPN, and I use their VPN configuration at the router level in the VPN Client tab. Here's the thing with that, my download speeds are complete crap, around 5 or so Mbps on speedtest.net. If I turn off the router level, i.e. "service state" off, they go back to normal (no VPN), they also are about normal with just ExpressVPN's web app(Windows app) on so I'm not sure what to make of this, perhaps my settings in the VPN client? They appear to be normal as is explained in the setup, hope you might help shed some light on this and I'm certainly more than curious as to how the new router may help with this, if any.

Edit2: I just got out of a chat with ExpressVPN and from the sound of what the rep was describing, it may be the limitations of an N-based router hardware and the processing on a single cpu core, which sounds like it could be but as much as 60 Mbps?? but again I'll try a new router and see what happens.

 

[st3v3n]

Thw 3200's 3rd band has been great for us; it's still selling well, the price has rarely dipped, but as with all models, you either really want to learn how to handle the intricacies, or else you'll hate it; each router has it's share of fans and detractors.

We don't ordinarily have any use for the 2.4 band except when someone drops by and has to connect their old device;, and we don't use the old devices any more.. We get full use and speed using concurrent/dual band 5Ghz AC wifi with the iPads. If you have 2.4 legacy devices, it handles as much as you need. Like all the higher end units, you have to bone up on it and stay current. They don't configure themselves and sometimes tweaking can make a difference.

What works for each is the best policy. Buying from amzn is always good if you're a prime customer; you have 30 days to work with it, and if you really don't like it (whatever 'it' is), as long as it's packed ans returned back to amzn the way you received it, you aren't charged. The 61_B is much loved; it's what I'd buy instead of getting more refurbs. Many people aren't paying enough attention after converting; it's basically a 'hack' to make the router believe it's really an Asus official router, and if you don't allow it to auto update, it works very well. If it auto updates, Asus has disabled Aimesh; neither TM or Asus will have anything to do with it.

Have heard much about express VPN, but use Torguard; it's never failed us. We also have a smaller US based VPN that is more economical hasn't been running for as many years, but is quite good if you don't need constant tech support.

Without looking hands on at your setup, a guess would be that there's something in the openvpn config that's off. If you have no traffic being dumped to WAN/ISP, you should get at least 2/3rds of your provisioned speed from your ISP., even with the 66, you should get 40-60% of your provisioned speed even without the benefit of a new router or CPU encryption. If you try plugging a non-critical laptop or other device (with a software firewall of course) into your router, run a speed test; that should tell you what you're really getting from the ISP. If that shows a problem, your ISP should check it for you. This rings a bell, but it's been so long since we've run the 66, it's not much help.

I'm sure Express is eager to push the blame on the poor ole router, but there are a tone of people still getting good use and speed out of their 66s, many use John's fork since it has stuck with the older official build, yet he backports the necessary fixes that Merlin has. Merlin isn't supporting the 66 anymore or soon won't be. It's annoying when VPN techs babble about what they don't know anything about. If you try using a different level of config, if you can load an L2TP config to test, in place of an OpenVPN tunnel, that should give you a good idea if the CPU isn't able to handle what you need. Depending on the load, the 66 is still plugging away for very many people. It does make a difference if you're doing the downloads wirelessly; if you have scads of large files to download, it' can help to take advantage of a good Ethernet connection, or just keep your streaming devices as close to the router as physically possible. With video boxes, they all can use AC wifi, but we've always gone with CAT 6 or 7; makes a difference and don't feed video to others who don't need it. Hope this helps, Cheers

 

[GK59]

st3v3n, my settings are exactly what is shown in post #16 of this thread, not sure what might be off in there but when I run this my speeds go to s**t.

I like the idea more and more of a tri-band router e.g. AC3200 but still looking at the AC86U with that fast cpu and extra ram.

I'm not certain I'll stay with ExpressVPN but I do like the idea if having a VPN at the router level but not at the costs of my internet service.

Edit: Today I ordered the RT-AC86U, proudly off the forum provided link and will have it on Mon.

 

[st3v3n]

GK59, Hope the 86 is everything you need and your speed is all you hope for. At least you have a spare router that works, just in case. Good luck and Cheers

 

[GK59]

GK59, Hope the 86 is everything you need and your speed is all you hope for. At least you have a spare router that works, just in case. Good luck and Cheers

Thanks st3v3n, up and running 5x5!

 

[Marin]

Leaving the WAN DNS fields empty means the router will use those provided by your ISP.

Leaving the LAN DNS field empty means the DHCP server will push the router's own IP to your clients - this is usually what you want, to ensure that the router handles all name resolutions, both LAN and WAN.

The second one should only be changed if you run an actual nameserver within your LAN and you wish all clients to use it. This is usually the case for people with a Windows Server on their LAN (tho normally they should also leave DHCP duties on the server).

Merlin, could you please clarify the scenarios below? So, in general, if I want to:

1) Use my own VPN DNS servers, I SHOULD: Leave the "Connect DNS automatically" to "Yes" (under WAN DNS settings) AND change the "Accept DNS Configuration" to STRICT (under VPN Client settings) ?

OR,

2) Use other Open DNS servers (Google, Cloudflaire, etc), I SHOULD: Change the "Connect DNS automatically" setting to "No" (under WAN DNS settings). Then enter DNS 1 and 2 info in each box. Then, change the "Accept DNS Configuration" setting to EXCLUSIVE (under VPN Client settings)?

Feel free to correct, please. Thank you very much!

 

[GK59]

Merlin, could you please clarify the scenarios below? So, in general, if I want to:

1) Use my own VPN DNS servers, I SHOULD: Leave the "Connect DNS automatically" to "Yes" (under WAN DNS settings) AND change the "Accept DNS Configuration" to STRICT (under VPN Client settings) ?

OR,

2) Use other Open DNS servers (Google, Cloudflaire, etc), I SHOULD: Change the "Connect DNS automatically" setting to "No" (under WAN DNS settings). Then enter DNS 1 and 2 info in each box. Then, change the "Accept DNS Configuration" setting to EXCLUSIVE (under VPN Client settings)?

Feel free to correct, please. Thank you very much!

#2, see this thread here

 

[Marin]

Thank you very much! Will do!

 

[IdleWild]

I'm on ax88u and experienced a real public IP leak upon a router reboot too. Does this firewall rule trick still work on new Merlin firmwares?