Will Asus RT-AX86U support VPN Tunneling for defined subnet?

joeschmuck

New Around Here
So I've been very confused in the way of VPN configuration as I have been reading these forums for a few days and pulling out the few hairs I have left. Round an around the conversations go. So I've determined that I'd just ask the questions and hope for simple answers. Yes and No are acceptable.

What I have:
I own an RT-AX86U router, standard ASUS firmware (version 3.0.0.3.386_46061). I have much better WiFi with this than my older Asus Router RT-AC68W.
I do not have a paid VPN service yet.
My router presently provides DHCP for addresses 192.168.0.100 to 199. I manually have some servers and stuff configured with static IPs.
My WAN IP changes every day, not a big deal to me as I do not access my network remotely.
I do have an older Asus RT-AC68W not presently in use.
I have 42 Clients, 30 of those are WiFi.
I use Norton Security currently for VPN protection but unfortunately I cannot just add a new NIC to my computer and share a protected subnet. I'm definitely not a networking guru. When I ran a BBS back in the old days before the internet, stuff was simple, but not today. Today I'm going to try to setup a Virtual Machine on ESXi of Win 11 with Norton Security and see if I can share a Virtual Ethernet port bridged to the VPN port. I have no idea if I can make it work but if I can, that may be a solution.

What I want to do:
I would like to establish a VPN connection for statically assigned IP's in the 192.168.1.x subnet. My original 192.168.0.x will remain off the VPN connection and fully operational. To be honest, I only want a hand full of statically assigned IP's to pass through the VPN, I could leave them on the same 192.168.0.x subnet, they will not be within the DHCP range.

My thoughts were to make a single router do all this work of tunneling and passing through the correct subnet, but I am willing to disable the radio in the RT-AC68W router and make it a VPN router for the 192.168.1.x subnet and connect it to my RT-AX86U. It's not ideal but it would get the job done.

My questions:
1) Can my RT-AX86U using the factory firmware allow such tunneling as I desire?
2) If the RT-AX86U cannot do this using factory firmware, which firmware if any would support this? I suspect something called Merlin but I'd love to stay with the firmware I'm using if reasonable.
3) Last Question: Keeping it very simple, a recommendation of the path forward assuming my hardware will support the goal I have. I do not want to get into really long complicated dialog until I understand what I need to do. I'm very willing to do the legwork, that is the only way someone learns.

Thank you for any help.
 

eibgrad

Part of the Furniture
1. If it supports VPN Fusion (the OEM solution), then it does have selective routing capabilities, but NOT nearly to the extent of using Merlin and the VPN Director.

2. Frankly, I don't see it being a big deal in migrating to Merlin for most ppl given it's based on the same OEM firmware, but w/ enhancements like the VPN Director. IOW, it's NOT a complete third-party replacement in the way other third-party firmware would be (DD-WRT, FreshTomato, etc.). So it will look and feel quite similar to the OEM firmware.

3) I assume Norton Security's VPN is NOT supported on the router. If NOT, and you don't intend or want to consider other options (NordVPN, ExpressVPN, Surfshark, etc.), then the whole discussion about the router is moot. You're going to have to consider making the device hosting the Norton VPN capable of routing your static IPs over the VPN, which might be more difficult in the long run than just using another VPN provider on the router.
 

joeschmuck

New Around Here
@eibgrad
Thanks for the feedback. You are correct, I see no option for Norton Security's VPN to work with the router. I was a NordVPN subscriber for 2 years then I let it drop in favor of Norton VPN (it was already paid for) and it was doing what I desired most of the time. Now I want just a little more VPN protection and I have no issue considering moving back to NordVPN or possibly ExpressVPN or others, I have not really examined those services much yet. I was just trying to find out more about using my current router and tunneling.

I will look into Merlin and where to grab a copy of it, I'm certain a quick Google search will show it. I will test it out on my backup router first as I do not want to have an upset wife if I kill the internet at home while she's watching some video on her phone or laptop. I'll play with it for a while and when I have a question, I will Google it. I don't think I'm asking to do anything very difficult, not like adding a second DHCP server. I did do that on DD-WRT but that was many moons ago.

I have used DD-WRT when the WRT54G routers were out (I still have a few in a box somewhere), I really enjoyed that firmware, although it seemed to change every week to every month.

One last question: Since I stream YouTube TV, Hulu, Netflix, and some others, in your opinion which VPN service is best for this kind of service? I don't game or do much else other than work on FreeNAS/TrueNAS forums and surf a little internet. I'd rather not purchase a VPN service that is crap if I can prevent it. Of course I would plan to bypass the VPN for video content but when yo are on a laptop or desktop computer, you are stuck with the configuration you got.

Again, I appreciate the feedback and I will give Merlin a look.
 

ColinTaylor

Part of the Furniture
I use Norton Security currently for VPN protection ...
I would take a step back and ask whether you really need to do this. Norton VPN is marketed as "protection" for mobile devices (which in itself is questionable). For static home devices all it offers is privacy from your ISP. So I'd say that if you're after "protection" it's a waste of time. If however, you're using it to hide illegal activity from your ISP, or circumvent geolocation blocks that's a different matter.
 

joeschmuck

New Around Here
I'm not doing anything illegal, not that I'm aware of. Not trying to hide my geographic location, although I would like those damn SPAM ads to stop popping up. I like the idea of data being encrypted from point to point. Ever since I had a data breach on my main computer, (my fault having an open port to remotely access my computer, closed now), I've been a bit paranoid. I do not save passwords on my computer either, it's on paper now. And my wife and daughter, well they get into trouble all the time and tell me, "I didn't do that, it wasn't me" or "how did that happen?" As much as I try, I can't protect them from everything. I was hoping the VPN thing would help out some. I think the firewall on the ASUS router is okay, I use to run Sophos firewall but it was too restrictive and I heard about it from anyone who was using the internet. I was fine myself. I may run up another VM of Sophos or other firewall product if I need to.

So truth be told, I also want a VPN becasue I'm retiring and getting bored. I want to learn something new. I've been writing scripts and helping folks with FreeNAS/TrueNAS for 10 years now, it's time for something else.
 

ColinTaylor

Part of the Furniture
There's nothing wrong in doing what you're proposing "just because you can". That's a perfectly valid reason. I just didn't want you to waste a lot of time and effort trying to create a solution to a problem that doesn't exist.

The VPN provider doesn't provide end to end encryption. To begin with all your important data is already encrypted when you use HTTPS. The only thing the VPN does is add another layer of encryption between you and the VPN provider. Once the traffic gets there that layer is removed and it's forwarded across the internet to its destination just the same as normal. The only difference now is that instead of your ISP being able to monitor your traffic the VPN provider is (who do you trust more?).

Probably more useful is using ad-blocking and anti-malware services/programs like Cloudflare 1.1.1.2, or Quad 9 and others.
 

joeschmuck

New Around Here
The only difference now is that instead of your ISP being able to monitor your traffic the VPN provider is (who do you trust more?).
LOL, I don't trust anyone these days and I'm also pretty sure that nothing is hack-proof.

Probably more useful is using ad-blocking and anti-malware services/programs like Cloudflare 1.1.1.2, or Quad 9 and others.
Thanks, I will look into these. As I mentioned previously, I was using Sophos UTM (free to home users) as my total protection and it was actually very good as a firewall and malware/anti-virus protection. I ran it as a VM and it ran for years, then I moved and changed ISP's, the computer running the VM never got plugged back in because I didn't have physical space for the computer where the network came into the house and the ISP firewall was doing a very good job too.

There's nothing wrong in doing what you're proposing "just because you can". That's a perfectly valid reason. I just didn't want you to waste a lot of time and effort trying to create a solution to a problem that doesn't exist.
I understand. I will still setup a VPN on my older Asus router and give Merlin a try as well. Maybe I will like the new enhanced features of Merlin, never know.

Thanks for being the voice of reason, I do appreciate your honesty. I'm going to check out those two pieces of software you mentioned in the morning.
 

joeschmuck

New Around Here
Probably more useful is using ad-blocking and anti-malware services/programs like Cloudflare 1.1.1.2, or Quad 9 and others.
LOVE IT! I don't know these existed. I'm going to configure my DNS to use Cloudflare 1.1.1.2, because everyone in the house is over 26 (I'm 60). I will also test out quad 9 as well. Thanks a lot for this, it will make things a little bit safer.
 

raven-au

Senior Member
@eibgrad
Thanks for the feedback. You are correct, I see no option for Norton Security's VPN to work with the router. I was a NordVPN subscriber for 2 years then I let it drop in favor of Norton VPN (it was already paid for) and it was doing what I desired most of the time. Now I want just a little more VPN protection and I have no issue considering moving back to NordVPN or possibly ExpressVPN or others, I have not really examined those services much yet. I was just trying to find out more about using my current router and tunneling.

The developer of a Merlin VPN add-on script recommends TorGuard.
A bit more expensive but mostly it works very well.
I tried several of the current VPN providers myself and ended up settling on TorGuard too.
Only problem I have had with it is that on Windows it seems to stop working properly after a couple of days or so.

I don't have an ax86u but I'm pretty sure it won't have the VPN fusion found on the ASUS ROG routers.
Only choice for that sort of functionality is Merlin I think.
By and large the Merlin firmware fits well into the ASUS eco system and is highly respected, ASUS even help the developer from time to time.
Even though I don't normally use it myself there isn't any real reason not too.
You can flash it directly over stock and stock over it.
The only thing to watch out for is the differing base firmware may have different and possibly conflicting underlying settings so a factory reset to defaults is recommend when changing one to the other at the first sign of trouble.
 

raven-au

Senior Member
LOVE IT! I don't know these existed. I'm going to configure my DNS to use Cloudflare 1.1.1.2, because everyone in the house is over 26 (I'm 60). I will also test out quad 9 as well. Thanks a lot for this, it will make things a little bit safer.
Hehe, don't forget to give CleanBrowsing.org at quick look.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top