What's new

How to set up VPN Client for ProtonVPN?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

XIII

Very Senior Member
After having successfully set up a VPN server (for quite some time) I would now like to try configuring a VPN client on the router. Since my paid provider does not support OpenVPN (I use it only on iOS, using IKEv2) I would like to experiment with the free variant of ProtonVPN.

I read the instructions for NordVPN which seem a good start: https://nordvpn.com/tutorials/asustwrt-merlin/openvpn/

From ProtonVPN I downloaded this OPVN configuration file:
Code:
client
dev tun
proto udp
remote nl-free-01.protonvpn.com 1194
remote-random
resolv-retry infinite
nobind
cipher AES-256-CBC
auth SHA512
comp-lzo
verb 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
remote-cert-tls server
auth-user-pass
pull
fast-io
block-outside-dns
<ca>REMOVED</ca>
key-direction 1
<tls-auth>REMOVED</tls-auth>

After importing that and entering my ProtonVPN credentials the OpenVPN client would not start due to an invalid configuration. Removing the block-outside-dns directive seemed to solve that.

The OpenVPN client does start now, but I can't access any site. I first thought that DNS did not work. However, accessing a site via its IP does not work either.

Any tips on how to investigate/solve this?

Note: I use unbound (via Entware) with DNSSEC for DNS over TLS and also run AB-Solution and SkyNet.
 
I was just wondering what DNS you were using. I tried using 10.8.8.1 from ProtonVPN, but it kept locking up my AC68U.
 
Try adding this line to custom configuration section to seeing helps

dhcp-option dns some.dns.ip.address

E.g. dhcp-option dns 9.9.9.9
 
That worked. Thank you very much. I was really bummed out about having to use googles dns.
 
That worked. Thank you very much. I was really bummed out about having to use googles dns.
If you route all traffic over the tunnel, set Accept DNS Configuration to Exclusive. That should force all vpn clients to use DNS of VPN provider.

If you use Policy Rules, DNS acts differently. I have to set Accept DNS Configuration to Strict and add the dhcp-option line in the Custom Config section. Otherwise I have routing issues. wget will not work for example and AB-Solution will not work over the VPN tunnel. Unfortunately, the downside is DNS will leak.
 
After having successfully set up a VPN server (for quite some time) I would now like to try configuring a VPN client on the router. Since my paid provider does not support OpenVPN (I use it only on iOS, using IKEv2) I would like to experiment with the free variant of ProtonVPN.

I read the instructions for NordVPN which seem a good start: https://nordvpn.com/tutorials/asustwrt-merlin/openvpn/

From ProtonVPN I downloaded this OPVN configuration file:
Code:
client
dev tun
proto udp
remote nl-free-01.protonvpn.com 1194
remote-random
resolv-retry infinite
nobind
cipher AES-256-CBC
auth SHA512
comp-lzo
verb 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
remote-cert-tls server
auth-user-pass
pull
fast-io
block-outside-dns
<ca>REMOVED</ca>
key-direction 1
<tls-auth>REMOVED</tls-auth>

After importing that and entering my ProtonVPN credentials the OpenVPN client would not start due to an invalid configuration. Removing the block-outside-dns directive seemed to solve that.

The OpenVPN client does start now, but I can't access any site. I first thought that DNS did not work. However, accessing a site via its IP does not work either.

Any tips on how to investigate/solve this?

Note: I use unbound (via Entware) with DNSSEC for DNS over TLS and also run AB-Solution and SkyNet.
It is still on my to do list to test unbound on AsusWRT Merlin.
 
If you route all traffic over the tunnel, set Accept DNS Configuration to Exclusive. That should force all vpn clients to use DNS of VPN provider.

If you use Policy Rules, DNS acts differently. I have to set Accept DNS Configuration to Strict and add the dhcp-option line in the Custom Config section. Otherwise I have routing issues. wget will not work for example and AB-Solution will not work over the VPN tunnel. Unfortunately, the downside is DNS will leak.
I used 10.8.8.1 and checked with dnsleak.com and no leaks. Try that DNS.
 
After importing that and entering my ProtonVPN credentials the OpenVPN client would not start due to an invalid configuration. Removing the block-outside-dns directive seemed to solve that.

The OpenVPN client does start now, but I can't access any site. I first thought that DNS did not work. However, accessing a site via its IP does not work either.

Any tips on how to investigate/solve this?
See also my post here: https://www.snbforums.com/threads/382-2-beta3-vpn-client-working.44171/#post-375106
Although I use ProtonVPN my config never had that block-outside-dns line.
I use 'Policy Rules (strict)' and have 'Accept DNS Configuration' set to Exclusive. Without a dhcp-option line.
My external DNS servers are configured only on the 'WAN - Internet Connection' page (i.e. not on the 'LAN - DHCP Server' page).
 
Last edited:
Try adding this line to custom configuration section to seeing helps

dhcp-option dns some.dns.ip.address

E.g. dhcp-option dns 9.9.9.9
You know, when I did it this way it worked good until I rebooted my router. And then no joy. The router started acting up again. Asuswrt Merlin just doesn't like ProtonVPN DNS 10.8.8.1.
 
I've been using ProtonVPN Plus servers with much success. I use Cloudflare dns under my Wan dns. The problem I was having was that I didn't point my windows ethernet dns settings to my routers ip address. Once I did that all my problems went away. With ProtonVPN's plus servers I just load the default settings and it works fine. Also, I use policy rules. ProtonVPN Plus is a little pricey but I like it. Hope this helps.
 
Last edited:
This week a PIA VPN OpenVPN file worked out of the box, so I wanted to give ProtonVPN another chance.

Still fails... (hopefully I can learn something from the PIA setup?)
 
Hey, thanks for all the good advice in this thread, I got everything working in an OpenVPN client. I checked with ipleak.net and everything is good.

However, I have a line speed on 32Mbps and with ExpressVPN and AirVPN I get around 25(ish)Mbps using an OpenVPN client on mt RT-AC87U but with ProtonVPN I'm only getting 10Mbps.

Code:
remote-random
resolv-retry infinite
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
remote-cert-tls server
pull
fast-io
dhcp-option dns 10.8.8.1

I've got "Accept DNS Configuration" set to "Exclusive"
LAN>DHCP>DHCP SERVER>DNS 1 10.8.8.1>DNS 2 10.7.7.1
I use Policy Routing - I have to as some devices need WAN access

Do you guys know how I can tweak the settings to get faster speeds?

Edit: I set up a second client with a California server rather than the US .ovpn config file and didn't add the "dhcp-option dns 10.8.8.1" line and I', getting about 15Mbps (I have really crappy broadband speeds in general :-( )

Edit 2: I'm getting 27Mbps on the American .ovpn config now - thats much better.
 
Last edited:
Finally got OpenVPN to work on my router via this Reddit post and adding this to the Custom Configuration field:

Code:
script-security 2
dhcp-option DNS 9.9.9.9
dhcp-option DOMAIN example.lan

("example.lan" is not the real name I use; just an "obfuscated" example)

With these settings OpenVPN uses Quad9 directly.

Using 192.168.1.1 instead of 9.9.9.9 to also use AB-Solution and pixelserv-tls does not seem to work...
 
Using 192.168.1.1 instead of 9.9.9.9 to also use AB-Solution and pixelserv-tls does not seem to work...
Forgot I 'm using a non-standard port (65053) for unbound. This solves that:
Code:
dhcp-option DNS 192.168.1.1:65053
 
Hey, thanks for all the good advice in this thread, I got everything working in an OpenVPN client. I checked with ipleak.net and everything is good.

However, I have a line speed on 32Mbps and with ExpressVPN and AirVPN I get around 25(ish)Mbps using an OpenVPN client on mt RT-AC87U but with ProtonVPN I'm only getting 10Mbps.

Code:
remote-random
resolv-retry infinite
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
remote-cert-tls server
pull
fast-io
dhcp-option dns 10.8.8.1

I've got "Accept DNS Configuration" set to "Exclusive"
LAN>DHCP>DHCP SERVER>DNS 1 10.8.8.1>DNS 2 10.7.7.1
I use Policy Routing - I have to as some devices need WAN access

Do you guys know how I can tweak the settings to get faster speeds?

Edit: I set up a second client with a California server rather than the US .ovpn config file and didn't add the "dhcp-option dns 10.8.8.1" line and I', getting about 15Mbps (I have really crappy broadband speeds in general :-( )

Edit 2: I'm getting 27Mbps on the American .ovpn config now - thats much better.
the best tweak to increase vpn speed is to hook up an AC86U....world of difference over AC87U.
 
Hey, thanks for all the good advice in this thread, I got everything working in an OpenVPN client. I checked with ipleak.net and everything is good.

However, I have a line speed on 32Mbps and with ExpressVPN and AirVPN I get around 25(ish)Mbps using an OpenVPN client on mt RT-AC87U but with ProtonVPN I'm only getting 10Mbps.

Code:
remote-random
resolv-retry infinite
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
remote-cert-tls server
pull
fast-io
dhcp-option dns 10.8.8.1

I've got "Accept DNS Configuration" set to "Exclusive"
LAN>DHCP>DHCP SERVER>DNS 1 10.8.8.1>DNS 2 10.7.7.1
I use Policy Routing - I have to as some devices need WAN access

Do you guys know how I can tweak the settings to get faster speeds?

Edit: I set up a second client with a California server rather than the US .ovpn config file and didn't add the "dhcp-option dns 10.8.8.1" line and I', getting about 15Mbps (I have really crappy broadband speeds in general :-( )

Edit 2: I'm getting 27Mbps on the American .ovpn config now - thats much better.
Whenever I use the dhcp-option, I can't use router.asus.com. I can only use 192.168.x.x to log in. Is there a work around for this?
 
the best tweak to increase vpn speed is to hook up an AC86U....world of difference over AC87U.

That's actually my next buy ... or I was also looking at the 88, what do you think about the 88u in comparison to the 86u?


Sent from my iPad using Tapatalk Pro
 
Whenever I use the dhcp-option, I can't use router.asus.com. I can only use 192.168.x.x to log in. Is there a work around for this?

I wish I could tell you, unfortunately I do not know.


Sent from my iPad using Tapatalk Pro
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top