GT-AX11000, VPN Fusion and the Exception List

[Maya]

Hey All,

I just got an Asus GT-AX11000 (firmware v. 3.0.0.4.384_7979). I’m trying to figure out how to set up my VPN (using OpenVPN), and in particular how best to use the ‘Exception List’ to route some devices through the VPN and others not.

First up, apologies if this is a stupid or obvious question… I’m new to Asus, never used VPN Fusion and, well, I’ve not done a lot of networking either. I can usually google my way through, but I can’t find a clear answer on this and there seems to be lots of confusion (and some stuff that’s just over my head).

So, this is what I want…

• the VPN set up on the router rather than on individual devices; and
• 8 devices to go through the VPN and for those I need a kill switch - it’s the VPN or nothing and I need to be certain that’s going to happen; and
• the remaining ~45 devices to go through the normal internet, as they either don’t play well with the VPN or don’t strictly need to go through it all the time (I can manually change them if needed).

What I’ve done so far is successfully added my VPN to the Server List. I set it as the Default to see how it works and realised that I had to enter some WAN DNS Settings to get things to run smoothly - for that, I’m using some that I got from my VPN and it seems to have done the trick (although they did give me two sets...the ones I didn't use were 1.1.1.1 and 1.0.0.1). Right now everything is going through the VPN, as you’d expect...but I haven't had my VPN drop out so I don't know what would happen then.

The thing that I don’t understand is what the Exception List actually achieves - does it mean whatever’s specified in there has to happen? Or is more like a preference and could a device still revert to the default if the specified connection method isn’t available? I'm also wondering whether these DNS settings are going to add an extra layer of complication...

These are the options I'm considering:

1. Put the default back to the normal ‘Internet’, delete off the WAN DNS Settings I've just put in and then put the 8 devices I want to go through the VPN in the Exception List, having manually defined their IPs in LAN settings; or
2. Keep the default as the VPN and put the other ~45 in the Exception List; or
3. Keep the default as the VPN and put every device in the Exception List to make sure everything does exactly what I want it to do (which seems to be suggested in some threads); or
4. Do something else entirely because I don’t understand what I’m doing.

And for any one of those options, when I define the IPs (in LAN Settings) of whatever I want to put in the Exception List, would I need to add a different DNS server too?

Any advice on how to be certain that those 8 devices are going to stay on the VPN would be appreciated.

Thanks, all!

 

[Gouldin]

For the DNS question, depends what dns server your router is using, if using the default ISP dns, then yes, it will need changing.
If using googles 8.8.8.8 or cloudflare 1.0.0.1 for example, then all clients should be fine using the defaults.

 

[Maya]

For the DNS question, depends what dns server your router is using, if using the default ISP dns, then yes, it will need changing.
If using googles 8.8.8.8 or cloudflare 1.0.0.1 for example, then all clients should be fine using the defaults.

That makes perfect sense. Thank you!

 

[Maya]

Got everything working as intended.

After playing around a bit and testing all the other ideas, I essentially went with the first option using Cloudflare's DNS. It's not only the simplest but the only thing that actually worked properly for me.

So, I'm using Cloudflare DNS in WAN DNS Settings (Server 1 = 1.1.1.1; Server 2 = 1.0.0.1).
I manually defined the IPs for those devices I wanted to go through the VPN.
In the VPN settings, I've got the default set to the normal Internet and just put those 8 devices that I wanted routed through the VPN in the Exception List, with the VPN activated just for those 8. Everything else, I've left alone.

It's working as I wanted. Those 8 are going through the VPN and everything else isn't. Surprisingly easy.


My only remaining question is what happens if the VPN goes down... Can those 8 slip back to the default internet, or does their inclusion in the Exception List prevent that? I'm hoping it's the latter but any advice would be appreciated.

 

[Gouldin]

Fairly certain, by default it will fail over to the default internet connection when the vpn goes down.

 

[Maya]

Fairly certain, by default it will fail over to the default internet connection when the vpn goes down.

That's what I was afraid of...

Know of any fix? I've searched various forums but all I can find is people having problems and no solutions...

Even if there was a way of being able to give a device a few options to try before going to the default (like 3 different VPN server locations), that would be beneficial.

I found it impossible to make it work if I set a VPN server as the default. I tried manually specifying the IP for every connected device and then used the Exception List to set each device preference, but it didn't work... I think everything went through the VPN nonetheless. It's also pretty twitchy... After a restart, I sometimes have to deactivate the VPN settings and reapply them - no reason why.

Still, it's been working flawlessly since I set it up and the router is stable so I haven't had to restart it for any reason. Pretty impressed

 

[chinaa108]

Hi I've just got this router and im not too sure how to set this up. Ive tried to set up the vpn, its connected but I can't browse. I haven't set up the exception list as I have no clue about what im doing here. Please help

 

[bluestrike7302202]

Hello All, Does anyone knows what happens if the VPN goes down? Devices that were using that VPN will fail over to the default internet connection or they can be configured to fail over to another VPN. Please advice. Thank you.