Tutorial How to Setup a VPN client including Policy Rules for PIA and other VPN providers 384.5 07.10.18

[GazD]

Hi, I don't understand what you are saying.
What windows client?
You can pull pretty much full line speed 45-50???

Please do the following if you want any help

use this site http://www.speedtest.net/ and do a speedtest without VPN and one speedtest with VPN
make sure you are connected to the router via a network cable and not wireless.

Find out what your speed is from your local ISP example 70 mbps
and then turn on the VPN and do the same.

if your ISP is 50 mbps you should be doing the same for VPN.
you will never get faster then 50 or 60mbps using VPN
please let us know exactly what you are talking about when you are saying the speeds are slow.

Overclocking the cpu wont get you faster speeds it will only burn out your router. There have been people who have overclocked their cpu to get faster speeds for VPN but that never helped.

Also you don't need a microsoft VPN client to connect to PIA VPN when using the router. its really slow and you are not using it correctly.

When using a client use the PIA client on your laptop if you are not at your house or office where your router is. It is super fast in comparison to MS client or PPTP or L2TP

Thanks for the reply. Sorry if I wasn't explaining myself properly. When using the PIA Windows Client on my Laptop connected to my my router (with no VPN enabled on my router) I get my full line speed pretty much (~ 47Mpbs), When I use just the VPN client from my router my speeds drop to 10-15Mbps, which makes me think the router is holding the connection back. When I get in tonight from work I will run the tests that you have asked and I will try the VPN client from my router with all encryption methods and post my results here.

Thanks

 

[GazD]

Ok here are my results.

No VPN enabled



VPN Enabled - AES-128-CBC Encryption - Port 1196



VPN Enabled - No Encryption - Port 1195



So not too far off my line speed with no encryption.

Any ideas with this? Want me to try any more encryption methods?

Thanks in Advance

 

[yorgi]

Ok here are my results.

No VPN enabled



VPN Enabled - AES-128-CBC Encryption - Port 1196



VPN Enabled - No Encryption - Port 1195



So not too far off my line speed with no encryption.

Any ideas with this? Want me to try any more encryption methods?

Thanks in Advance

Did you try other servers besides London?
Are you routing all traffic to VPN or are you using policy rules?
can you post your settings in the VPN client.
You should be getting 40+ mbps

 

[yorgi]

The new Firmware version 380.59 works fine with VPN but one has to Disable QOS because they don't like each other.
It slowed down my VPN speed by half when I enabled QOS bandwidth monitor. I didn't even enable QOS
I don't even want to know what will happen if I do that.
I strongly urge People who are using 380.59 that have an 87U and higher not to use QOS or QOS bandwidth Monitor

 

[yorgi]

Did you try other servers besides London?
Are you routing all traffic to VPN or are you using policy rules?
can you post your settings in the VPN client.
You should be getting 40+ mbps

Are you using 380.58 or 380.59 firmware?
if you are using .59 disable QOS, or maybe go back to .58 and try it again.
If You followed my guide you shouldn't have problems unless you enabled QOS
but I would try 380.58 to be sure

 

[strange_guy]

Dear yorgi,

I have pretty much the same problem. My unfiltered ISP speed is 50/5 and I have an ASUS RT-AC68U. I would like to route traffic over a PIA tunnel with the Netherlands as the endpoint. If I do a speedtest for a server in Amsterdam without VPN I have nearly my full ISP speed: [URL=http://www.speedtest.net/my-result/5328022492][/URL]

If I have VPN enabled with no encryption - Port 1195 the speed is almost the same:

If I have VPN enabled with AES-128-CBC encryption - Port 1196 the speed drops to these values:


Is there a way for me to boost these values further or is this already the maximum speed I can expect over VPN?

Thank you in advance for your help and all the best from Austria.

 

[yorgi]

Dear yorgi,

I have pretty much the same problem. My unfiltered ISP speed is 50/5 and I have an ASUS RT-AC68U. I would like to route traffic over a PIA tunnel with the Netherlands as the endpoint. If I do a speedtest for a server in Amsterdam without VPN I have nearly my full ISP speed:

If I have VPN enabled with no encryption - Port 1195 the speed is almost the same:

If I have VPN enabled with AES-128-CBC encryption - Port 1196 the speed drops to these values:


Is there a way for me to boost these values further or is this already the maximum speed I can expect over VPN?

Thank you in advance for your help and all the best from Austria.

What firmware version are you using? do you have QOS enabled?Are you using compression or do you have it set to none?
Which VPN client out of the 5 are you using? You should be in 2 or 4 this way you would us the second core just for VPN.
Please check these questions and get back to me

 

[yorgi]

Dear yorgi,

I have pretty much the same problem. My unfiltered ISP speed is 50/5 and I have an ASUS RT-AC68U. I would like to route traffic over a PIA tunnel with the Netherlands as the endpoint. If I do a speedtest for a server in Amsterdam without VPN I have nearly my full ISP speed:

If I have VPN enabled with no encryption - Port 1195 the speed is almost the same:

If I have VPN enabled with AES-128-CBC encryption - Port 1196 the speed drops to these values:


Is there a way for me to boost these values further or is this already the maximum speed I can expect over VPN?

Thank you in advance for your help and all the best from Austria.

30mbps is really not bad at all. It maybe PIA throttling. I have seen this issue a few times in the past.
A guy had a 68u and his bandwidth was 50mbps and he couldn't get faster then 20-30 mbps
but I have seen someone else with a 68u do 50 mbps on VPN without any issues.
the first guy with the 68u that didn't get full speeds on VPN had bought a refurbished router.
So if I where to make an educated guess it would be either PIA is throttling or you have a defective router. did you get this router new or refurbished?
One thing I would definitely try if you really want to get to the bottom of this is buy another router if you can return within 30 days and try using the VPN and see if the same results happen
Or could be the new firmware if you put 380.59
So things to try, go back to 380.57 and see if you get the same issues.
Could be a firmware issue or something else. answer a few questions and lets take it from there

 

[yorgi]

Dear yorgi,

I have pretty much the same problem. My unfiltered ISP speed is 50/5 and I have an ASUS RT-AC68U. I would like to route traffic over a PIA tunnel with the Netherlands as the endpoint. If I do a speedtest for a server in Amsterdam without VPN I have nearly my full ISP speed:

If I have VPN enabled with no encryption - Port 1195 the speed is almost the same:

If I have VPN enabled with AES-128-CBC encryption - Port 1196 the speed drops to these values:


Is there a way for me to boost these values further or is this already the maximum speed I can expect over VPN?

Thank you in advance for your help and all the best from Austria.

I answered a guy with similar problems. check my posts on this topic and get back to me.

 

[CiscoX]

Hi yorgi
Thank you very much for your guide. Keep up the good work

 

[Boosted]

I answered a guy with similar problems. check my posts on this topic and get back to me.

I am having a strange issue with my Asus 88U reporting wrong IP for one of my OpenVPN clients. Hoping you would have some idea why.

I have:

Asus 88U
Merlin 380.59
VPN service provider
using OpenVPN client to connect to VPN provider
2 seperate OpenVPN Clients on router

Client 1 is AppleTV4, TCP 443 (Canadian server), Accept DNS Config. [Exlcusive], Policy Rules with IP of AppleTV4.
Client 2 is PC, UDP 443 (Miami-US server), Accept DNS Config. [Exlusive], Policy Rules with IP of PC.

Problem: Both connections are working finewhen turned on and show as connected within the router with no Error. But, when I do a DNS leak test using doileak or ipleak site, the client that is turned on first will show the proper IP VPN address that it is connected to, as it should. When I do a DNS leak test of the other client the IP address that shows up is the same as the client I turned on first. There are no leaks for either, it just wrongly identifies the client that I turned on second with the first client's VPN address. Very odd.

So, basically whatever OpenVPN client is turned on first is the VPN IP that is passed on to the client turned on afterwards even though they each use a different .ovpn server file from different server and one is using TCP and the other is using UDP.

Both LAN and WAN DNS Server is set to 192.168.1.1. I have DNSFilter on with Custom DNS as an OpenNIC DNS IP for the PC client when the PC OpenVPN tunnel is turned off for the PC. NOTE: Turning on or off DNSFilter makes no impact on the above problem with OpenVPN.

Is this a bug with firmware or do I have something setup wrong?

Suggestions for fix are welcome.

Thanks.

 

[yorgi]

I am having a strange issue with my Asus 88U reporting wrong IP for one of my OpenVPN clients. Hoping you would have some idea why.

I have:

Asus 88U
Merlin 380.59
VPN service provider
using OpenVPN client to connect to VPN provider
2 seperate OpenVPN Clients on router

Client 1 is AppleTV4, TCP 443 (Canadian server), Accept DNS Config. [Exlcusive], Policy Rules with IP of AppleTV4.
Client 2 is PC, UDP 443 (Miami-US server), Accept DNS Config. [Exlusive], Policy Rules with IP of PC.

Problem: Both connections are working finewhen turned on and show as connected within the router with no Error. But, when I do a DNS leak test using doileak or ipleak site, the client that is turned on first will show the proper IP VPN address that it is connected to, as it should. When I do a DNS leak test of the other client the IP address that shows up is the same as the client I turned on first. There are no leaks for either, it just wrongly identifies the client that I turned on second with the first client's VPN address. Very odd.

So, basically whatever OpenVPN client is turned on first is the VPN IP that is passed on to the client turned on afterwards even though they each use a different .ovpn server file from different server and one is using TCP and the other is using UDP.

Both LAN and WAN DNS Server is set to 192.168.1.1. I have DNSFilter on with Custom DNS as an OpenNIC DNS IP for the PC client when the PC OpenVPN tunnel is turned off for the PC. NOTE: Turning on or off DNSFilter makes no impact on the above problem with OpenVPN.

Is this a bug with firmware or do I have something setup wrong?

Suggestions for fix are welcome.

Thanks.

Take note that you don't need dnsfiltering with the new firmware so turning that on wont help in anything but confuse the matter further.
Looks like you are having a router conflict. You need to turn the power off cold boot the router. but before you do that disable both clients and make sure you take off start with LAN
What encryption are you using? Sometimes its happens when you use 2 servers from the same company that are on the same subnet.
try turning client 1 on and test it and then turn turn client 1 off
then turn client 2 on and test it .If there is no issues there then its a same subnet issue.
Now turn one client on and off until you have no issues when both clients are on at the same time.
I have seen this problem happen many times although i never saw that happen to me when I used blowfish-cbc
I had 3 clients on at the same time and never had a glitch.
I know Merlin is going to come here and say I am wrong because encryption doesn't matter but I think there is a bug with the aes-128-cbc where although its the preferred method I only started seeing these conflicts when I changed over to AES-128-CBC
and if you use AES-256-CBC good luck to have 2 clients working at the same time.
I really don't have the need to have 2 clients on at the same time. I have them configured but I use one at a time.
Maybe that would be the best solution for you. If you are not using the appleTV and the PC at the same time try doing that.
If not turn each service off and on until you have no issues when both services are ON.
Once that happens you are OK until the next router conflict.
I have seen some real weird things where the router freaks out so much that it actually leaks your local ISP IP address and DNS, scary.
So use multiple clients from the same server with caution.
What Merlin would probably suggest is have 2 separate VPN servers then its different subnets thus having no issues with dns leak.
or try Blowfish-cbc for both clients. Its not that it has ever been cracked and the big problem is with SHA and SHA1
google and Microsoft are trying to get that encryption out of the way because they feel its a security problem because its old technology
so even if you are using aes-128 its no better then blowfish.
Try out blowfish on both clients and see if you get any problems. If you don't stick with it that way.
I hvae 8 mbps modem so I now use AES-256 with sha256 because my bandwidth is not the end of the world
but if bandwidth limitations are an issue for you then try one of the methods I mentioned and see which works for you.
I know I am going to hear it from some people but you have nothing to lose but try

 

[Boosted]

I will try the methods you described above.

I am using AES-256-CBC and each client is using a different server and location from each other, but I am using same VPN service provider.

I will try these methods out and report back.

 

[yorgi]

I will try the methods you described above.

I am using AES-256-CBC and each client is using a different server and location from each other, but I am using same VPN service provider.

I will try these methods out and report back.

you should be able to get 2 aes-128-cbc to work well. although I did run into conflicts
blowfish never gave me a problem.

 

[patrick sullivan]

Great guide yorgi! I hadn't upgraded to the latest firmware yet, but I finally intend to do so tonight. The only problem I have with my current setup is that sometimes, ipleak shows my DNS/IP as USA instead of Canada. The VPN tunnel isn't down as far as I can tell because the status shows that it is active, and I can connect to the net (like you I have the box checked to kill internet access if VPN goes down). Usually when this happens, I go in and turn off the VPN, then turn it back on, and that solves the problem. This happened to me last night, but my usual fix didn't work. So, I'll upgrade the firmware and see if that helps. If anything goes wrong, I'll use this guide as a walkthrough/refresher. Hope life is good up North!

Cheers!
Patrick

 

[yorgi]

Great guide yorgi! I hadn't upgraded to the latest firmware yet, but I finally intend to do so tonight. The only problem I have with my current setup is that sometimes, ipleak shows my DNS/IP as USA instead of Canada. The VPN tunnel isn't down as far as I can tell because the status shows that it is active, and I can connect to the net (like you I have the box checked to kill internet access if VPN goes down). Usually when this happens, I go in and turn off the VPN, then turn it back on, and that solves the problem. This happened to me last night, but my usual fix didn't work. So, I'll upgrade the firmware and see if that helps. If anything goes wrong, I'll use this guide as a walkthrough/refresher. Hope life is good up North!

Cheers!
Patrick

Hey Brother Patrick
Its normal to see USA instead of Canada. I get the same issue. I guess if their Canadian servers get over loaded they use US servers with the same subnet to handle the load.
I do the exact thing you do to resolve it. Its not a firmware bug its PIA that has the problem.
Upgrading to this firmware is a great move. Let me know how it goes for you.
Also you don't need to use DNSfiltering anymore.
Up north is not good so far, a lot of rain

 

[patrick sullivan]

Upgrade worked perfectly. Glad I finally got around to doing it. Take care man and hang in there-Summer's around the corner.

Cheers!

 

[patrick sullivan]

Oh, and I didn't mess with DNS filtering because I forgot where/how to turn that on/off? But, all appears to be working well as is.

 

[yorgi]

Oh, and I didn't mess with DNS filtering because I forgot where/how to turn that on/off? But, all appears to be working well as is.

You don't need DNSfiltering anymore

 

[patrick sullivan]

You don't need DNSfiltering anymore

Copy that....but, where is it turned on/off? I forget! You and Rango were discussing it, but I didn't see where to actually adjust the filtering...