What's new

Asuswrt-Merlin and Nordvpn

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hoganwch

New Around Here
Trying to install the vpn UDP file in Asuswrt-Merlin ver. 386.4 for Asus RT-AC88U. (Having the same issue with RT-AC3100). When I upload the file it clears everything else. I've tried numerous combinations, but the router does NOT redirect. Using Nordvpn. Had great success with earlier versions. Nordvpn actually has a "how to" on their site which I've used several times as well. Wondering what ideas anyone has to resolve.
 
On the VPN client page first click on Default. Wait a few seconds for everything to reset and then browse to your ovpn file, select it and click Upload. After a few seconds the new settings should appear and you can scroll down to add your username and password.
 
Thanks for the response. You can see the result here. It doesn't redirect. I'm very familiar with this and have set up numerous routers. The file uploads and clears everything. It doesn't appears to stay resident. I populate everything and this is what I get. When I re-upload the udp file, I have to re-enter the user name and password. It appears to be an error in the file upload. I'm using a udp file from Nordvpn.
1642221507788.png


Any insight will be appreciated...
 
Beware, if the .ovpn file does NOT contain the following directive ...

Code:
redirect-gateway def1

... then it will leave the "Redirect internet traffic through tunnel" setting in the GUI as No (the default), rather than "Yes (all)". Since most providers push that directive from the server to the client, it wouldn't surprise me if many (most?) don't bother to include it in the client's config file. Prior to 386.3, having "Redirect internet traffic through tunnel" set to No would still allow the client to be redirected over the VPN provided the server pushed that directive. But with the introduction of 386.3 and beyond, that's no longer the case. When "Redirect internet traffic through tunnel" is set to No, it means NO!
 
Beware, if the .ovpn file does NOT contain the following directive ...

Code:
redirect-gateway def1

... then it will leave the "Redirect internet traffic through tunnel" setting in the GUI as No (the default), rather than "Yes (all)". Since most providers push that directive from the server to the client, it wouldn't surprise me if many (most?) don't bother to include it in the client's config file. Prior to 386.3, having "Redirect internet traffic through tunnel" set to No would still allow the client to be redirected over the VPN provided the server pushed that directive. But with the introduction of 386.3 and beyond, that's no longer the case. When "Redirect internet traffic through tunnel" is set to No, it means NO!
THAT fixed it. Thank you. I've used these instructions for 386.2 - https://support.nordvpn.com/Connectivity/Router/1047410642/AsusWRT-Merlin-setup-with-NordVPN.htm. I put the code you suggested in the Custom Configuration field. I them realized I could simply select redirect all internet traffic using the network settings, so eliminated the custom statement (for ease of use). It seems to be working fine. (I found that I could not specify the WAN DNS settings they suggest.) THANK YOU. I use this to setup multiple vpns for various language feeds.
 
THAT fixed it. Thank you. I've used these instructions for 386.2 - https://support.nordvpn.com/Connectivity/Router/1047410642/AsusWRT-Merlin-setup-with-NordVPN.htm. I put the code you suggested in the Custom Configuration field. I them realized I could simply select redirect all internet traffic using the network settings, so eliminated the custom statement (for ease of use). It seems to be working fine. (I found that I could not specify the WAN DNS settings they suggest.) THANK YOU. I use this to setup multiple vpns for various language feeds.
Glad you got that working. If you're interested, there's actually a much better custom config available than the one that NordVPN provides... this one has definitely helped boost my speed considerably.

Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
 
What rates do you gents see with NordVPN? I only have LTE so can't test it.
I have a 1GB Xfinity Cable connection... the results I get yield a little over 200Mbps to my closest server over NordVPN.

Screenshot 2022-01-15 19.11.28.png
 
Glad you got that working. If you're interested, there's actually a much better custom config available than the one that NordVPN provides... this one has definitely helped boost my speed considerably.

Code:
remote-random
resolv-retry infinite
remote-cert-tls server
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
wow thank for your custom code.. I've tried to setup Mullvad OpenVPN for more than a month using their config but always have error configuration.. After paste your code, VPN connection run succesfully..
 
wow thank for your custom code.. I've tried to setup Mullvad OpenVPN for more than a month using their config but always have error configuration.. After paste your code, VPN connection run succesfully..

You're very welcome! ;)
 
Should really try to find a way to use the NordLynx (wire guard) option if possible if you want to use your full bandwidth.


1643115468446.png


890/42 is not the max I can hit but, just a random speed test.
 
wow thank for your custom code.. I've tried to setup Mullvad OpenVPN for more than a month using their config but always have error configuration.. After paste your code, VPN connection run succesfully..

Beware of the following directive.

Code:
reneg-sec 0

This does improve performance ever so slightly (barely). And that's because it disables rotation (renegotiation) of the session key! By default, this directive is set to 3600 (secs), which means every hour the session key is changed for the purposes of perfect forward secrecy. And so by setting it to 0, you're compromising your security!

OpenVPN providers love to instruct their customers to use this directive because it definitely improves *their* performance much more than yours. If they don't have to rotate sessions keys every hour (or even sooner, you could set it lower) for 10's of thousands of users, that saves them substantially in terms of overhead. But as I said, at the price of your security.
 
Wireguard isn't going to give you anywhere near that either.
How can you state that when it's a fact?

The Asus being used might not be capable but, the technology is. I'm using a PC as a router and get consistent line speed bandwidth.
 
VPN client on the router, not on a PC
I'm using the PC as the ROUTER... Thus performance is proven to be higher than OVPN.

Cable Modem <> PC <> clients / AP

NOT

CM <> router <> PC

Now, if Asus can't handle WG which is lighter weight and more performant then it's time to get a different "router".
 
I'm using the PC as the ROUTER... Thus performance is proven to be higher than OVPN.

Cable Modem <> PC <> clients / AP

NOT

CM <> router <> PC

Now, if Asus can't handle WG which is lighter weight and more performant then it's time to get a different "router".
Again, this has nothing to do with the subject being discussed in this thread.
 
I'm using the PC as the ROUTER... Thus performance is proven to be higher than OVPN.

Cable Modem <> PC <> clients / AP

NOT

CM <> router <> PC

Now, if Asus can't handle WG which is lighter weight and more performant then it's time to get a different "router".

Now you're being disingenuous. Obviously @ColinTaylor meant the ASUS router. Not some PC acting as a router. Obviously that changes everything, and is not even relevant to this forum, other than for the purpose of comparing performance on the router vs. PC. Certainly the latter is more likely to outperform the former. But again, that's NOT the issue here as far the OP is concerned.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top