Tutorial How to Setup a VPN client including Policy Rules for PIA and other VPN providers 384.5 07.10.18

[Skyy]

Yorgi,

I hope you may be able to help me. I have been getting an AUTH_FAILED error after being connected for a few hours using either 128 or 256 encryption. I never used to have any problems. I have an 88U unit running the latest merlin build 65.4 I have even gone back to prior firmware 64.2 and have the same problem. VPN works fine when switching on or starting with wan but a few hours later i notice the vpn down and it shows authentication failed. I can switch it on again but cant figure out why it dies like that. I have reset the router to factory defaults as well and cant keep it from happening. I have 2 PIA accounts and the router is the only place I have an issue so i have ruled out account issues. I read that it could be a problem with the files open vpn creates but I would have thought any corrupt files would be gone on a factory reset.

I would appreciate any help someone could offer.

Thanks.

 

[nferguzl]

Yorgi may I ask you a simple question, which firmware worked 100% with your original guide?

 

[Flyinace2000]

Recently moved from the stock ASUS firmware on my RT-AC68U to Merlin 380. goal is to exclude my Roku from my PIA VPN connection for NetFlix.

Anyway, can't get it working. Always ends w/ "Authenticate/Decrypt packet error: cipher final failed"

I'm using the following Certificat Authority (downloaded today)
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1
MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
bmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXD
L1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzX
lH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWp
cdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/
8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB
/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RC
OfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tL
y8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZO
sqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpM
b3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4G
A1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUg
SW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2Vz
czEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAn
a5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xU
ryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK3
7pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyC
GohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz
1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUt
YDQ8z9v+DMO6iwyIDRiU
-----END CERTIFICATE-----

LOG
Apr 20 21:28:57 rc_service: httpd 443:notify_rc start_vpnclient5
Apr 20 21:29:00 openvpn[4902]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 29 2017
Apr 20 21:29:00 openvpn[4902]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
Apr 20 21:29:00 openvpn[4903]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 20 21:29:00 openvpn[4903]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.182.231.37:1198
Apr 20 21:29:00 openvpn[4903]: UDP link local: (not bound)
Apr 20 21:29:00 openvpn[4903]: UDP link remote: [AF_INET]107.182.231.37:1198
Apr 20 21:29:01 openvpn[4903]: [84863bf223b3b6ebfc008dc8a2b4c49e] Peer Connection Initiated with [AF_INET]107.182.231.37:1198
Apr 20 21:29:02 openvpn[4903]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Apr 20 21:29:02 openvpn[4903]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Apr 20 21:29:02 openvpn[4903]: WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Apr 20 21:29:02 openvpn[4903]: TUN/TAP device tun15 opened
Apr 20 21:29:02 openvpn[4903]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Apr 20 21:29:02 openvpn[4903]: /usr/sbin/ip link set dev tun15 up mtu 1500
Apr 20 21:29:02 openvpn[4903]: /usr/sbin/ip addr add dev tun15 local 10.49.10.6 peer 10.49.10.5
Apr 20 21:29:02 openvpn[4903]: updown.sh tun15 1500 1545 10.49.10.6 10.49.10.5 init
Apr 20 21:29:03 rc_service: service 4962:notify_rc updateresolv
Apr 20 21:29:05 openvpn-routing: Skipping, client 5 not in routing policy mode
Apr 20 21:29:05 openvpn[4903]: Initialization Sequence Completed
Apr 20 21:29:12 openvpn[4903]: Authenticate/Decrypt packet error: cipher final failed

 

[FatherLandDescendant]

Recently moved from the stock ASUS firmware on my RT-AC68U to Merlin 380. goal is to exclude my Roku from my PIA VPN connection for NetFlix.

Anyway, can't get it working. Always ends w/ "Authenticate/Decrypt packet error: cipher final failed"


Apr 20 21:29:02 openvpn[4903]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Apr 20 21:29:02 openvpn[4903]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Apr 20 21:29:02 openvpn[4903]: WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Apr 20 21:29:02 openvpn[4903]: TUN/TAP device tun15 opened
Apr 20 21:29:02 openvpn[4903]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Apr 20 21:29:02 openvpn[4903]: /usr/sbin/ip link set dev tun15 up mtu 1500
Apr 20 21:29:02 openvpn[4903]: /usr/sbin/ip addr add dev tun15 local 10.49.10.6 peer 10.49.10.5
Apr 20 21:29:02 openvpn[4903]: updown.sh tun15 1500 1545 10.49.10.6 10.49.10.5 init
Apr 20 21:29:03 rc_service: service 4962:notify_rc updateresolv
Apr 20 21:29:05 openvpn-routing: Skipping, client 5 not in routing policy mode
Apr 20 21:29:05 openvpn[4903]: Initialization Sequence Completed
Apr 20 21:29:12 openvpn[4903]: Authenticate/Decrypt packet error: cipher final failed

I was having some of the same issues, that was one of the error messages I was getting. This post really helped me get on track. And an earlier post suggested I set my TLS Renegotiation Time to 0. I've not had a VPN issue yet.

1. Please try the following:

Auth Digest = SHA1
Connection Retry = -1 (Sorry, I thought it was set to 10 in my previous post from your screen shot, I see it is set to 30. I had to enlarge the image to see the detail )
Cipher Negotiation = Disable
Cipher = AES-128-CBC
Redirect Internet Traffic = All (this will route all clients through the VPN BTW, let's start here). The current setting of No will not allow any clients to use the tunnel.
Then, select the Apply button. Your screen shot does not match some of the settings you are posting in the text.
​

2. You can try to post the log contents at pastebin.com and post the link. .

3. Even though my setup guide is TorGuard centric, I've had several PIA customers send me Private Messages of thanks as it helped them get PIA OpenVPN 2.4 client working on their router. So hang in there, we should be able to figure this out. I am hopeful

4. For the {WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'} message, try putting the config settubg disable-occ in Additional Config section as well per yorgi's guide here https://www.snbforums.com/threads/h...ia-and-other-vpn-providers-10-15-fixed.30851/.. And of course, select the Apply button.

--disable-occ
Don't output a warning message if option inconsistencies are detected between peers. An example of an option inconsistency would be where one peer uses --dev tun while the other peer uses --dev tap.

Use of this option is discouraged, but is provided as a temporary fix in situations where a recent version of OpenVPN must connect to an old version.


I'll stay tuned for an update...

 

[pusb87]

Recently moved from the stock ASUS firmware on my RT-AC68U to Merlin 380. goal is to exclude my Roku from my PIA VPN connection for NetFlix.

Anyway, can't get it working. Always ends w/ "Authenticate/Decrypt packet error: cipher final failed"

I'm using the following Certificat Authority (downloaded today)
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1
MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
bmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXD
L1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzX
lH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWp
cdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/
8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB
/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RC
OfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tL
y8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZO
sqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpM
b3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4G
A1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUg
SW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2Vz
czEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAn
a5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xU
ryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK3
7pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyC
GohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz
1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUt
YDQ8z9v+DMO6iwyIDRiU
-----END CERTIFICATE-----

LOG
Apr 20 21:28:57 rc_service: httpd 443:notify_rc start_vpnclient5
Apr 20 21:29:00 openvpn[4902]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 29 2017
Apr 20 21:29:00 openvpn[4902]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
Apr 20 21:29:00 openvpn[4903]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 20 21:29:00 openvpn[4903]: TCP/UDP: Preserving recently used remote address: [AF_INET]107.182.231.37:1198
Apr 20 21:29:00 openvpn[4903]: UDP link local: (not bound)
Apr 20 21:29:00 openvpn[4903]: UDP link remote: [AF_INET]107.182.231.37:1198
Apr 20 21:29:01 openvpn[4903]: [84863bf223b3b6ebfc008dc8a2b4c49e] Peer Connection Initiated with [AF_INET]107.182.231.37:1198
Apr 20 21:29:02 openvpn[4903]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Apr 20 21:29:02 openvpn[4903]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Apr 20 21:29:02 openvpn[4903]: WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Apr 20 21:29:02 openvpn[4903]: TUN/TAP device tun15 opened
Apr 20 21:29:02 openvpn[4903]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Apr 20 21:29:02 openvpn[4903]: /usr/sbin/ip link set dev tun15 up mtu 1500
Apr 20 21:29:02 openvpn[4903]: /usr/sbin/ip addr add dev tun15 local 10.49.10.6 peer 10.49.10.5
Apr 20 21:29:02 openvpn[4903]: updown.sh tun15 1500 1545 10.49.10.6 10.49.10.5 init
Apr 20 21:29:03 rc_service: service 4962:notify_rc updateresolv
Apr 20 21:29:05 openvpn-routing: Skipping, client 5 not in routing policy mode
Apr 20 21:29:05 openvpn[4903]: Initialization Sequence Completed
Apr 20 21:29:12 openvpn[4903]: Authenticate/Decrypt packet error: cipher final failed

These settings work fine for me using PIA where I am excluding the PS3 play station from using vpn.

Using Asus RT AC68U and Merlin 380.65

 

[Flyinace2000]

Thanks all,

got it working.

Using these config commands as well that i found for a way to increase the speed. I have an 85/85 connection, but on VPN it is slowed to about 30mb/s

 

[Flyinace2000]

One more follow up. I overclocked the router and used the followign config lines. Now i'm getting around 60mbps up/down.

tls-client
persist-key
persist-tun
remote-cert-tls server
verb 1
fast-io
sndbuf 524288
rcvbuf 524288
comp-lzo yes
comp-noadapt

 

[ToonTonic]

Having similar issues as some of you fine folks in relation to VPN on Merlin, but via IPVANISH.

VPN runs fine for about 24hrs then just cuts out.

Checking the VPN status page in router & it states CONNECTED, but the devices i have set on a VPN arent able to do anything on the internet.

A quick fix is just to restart the VPN....But surely there is a better way?

Checking logs & nothing shows up that would concern me.

Any ideas?

Thank you in advance.

Sent from my SM-G935F using Tapatalk

 

[yorgi]

Having similar issues as some of you fine folks in relation to VPN on Merlin, but via IPVANISH.

VPN runs fine for about 24hrs then just cuts out.

Checking the VPN status page in router & it states CONNECTED, but the devices i have set on a VPN arent able to do anything on the internet.

A quick fix is just to restart the VPN....But surely there is a better way?

Checking logs & nothing shows up that would concern me.

Any ideas?

Thank you in advance.

Sent from my SM-G935F using Tapatalk

I noticed the same thing with the latest update. It happened to me a couple of times where the internet was not working on the VPN even though it showed it to be connected.
I stopped and started the service and then it worked. Since then I have no issues.
I never had this problem in the past. I think its the openvpn 4 that is still buggy. I am sure in the next couple of updates this will be resolved.
but the quick fix is to turn the service on and off and it works fine.
I wouldn't completely blame openvpn 4 or this firmware. I have noticed in the past that servers do not always work the same. For 3 days now i have had no issue so maybe its just the way certain servers are configured to others. Perhaps they dont all have the updated VPN. I wonder what Merlin has to say about this

 

[pusb87]

One more follow up. I overclocked the router and used the followign config lines. Now i'm getting around 60mbps up/down.

tls-client
persist-key
persist-tun
remote-cert-tls server
verb 1
fast-io
sndbuf 524288
rcvbuf 524288
comp-lzo yes
comp-noadapt

that sounds far to good to be true...... can you furnish the details of how you overclocked and achieved this ?

 

[yorgi]

i have read where people put this command on the custom configurations made their VPN faster

I haven't tried it because I only have a 15 megabit line but a few people have mentioned it. Maybe try this without overclocking the router. it will get hot and then you need a cooling fan.
I have seen where people overclocked the CPU and didn't get any major difference although this command should bump it to a faster speed.
If anyone can try with high speed connections and confirm that this command pushes their speeds way more then tradition, I will put it in the guide.

try without the push command first and then add the push commands. I have a feeling all you need is the sndbuf and the revbuf.
Please if someone can test this I would appreciate it.

sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"

 

[yorgi]

I noticed the same thing with the latest update. It happened to me a couple of times where the internet was not working on the VPN even though it showed it to be connected.
I stopped and started the service and then it worked. Since then I have no issues.
I never had this problem in the past. I think its the openvpn 4 that is still buggy. I am sure in the next couple of updates this will be resolved.
but the quick fix is to turn the service on and off and it works fine.
I wouldn't completely blame openvpn 4 or this firmware. I have noticed in the past that servers do not always work the same. For 3 days now i have had no issue so maybe its just the way certain servers are configured to others. Perhaps they dont all have the updated VPN. I wonder what Merlin has to say about this

Follow up. I have my VPN running for a few days now and there is no problem with the connection. If anyone has any issues just disconnect and connect again.
I have a feeling that not all the servers are configured with the latest openVPN and this is causing an issue and this has nothing to do with the Merlin firmware.
Just bugs that need to be addressed by openvpn and until it becomes a standard all over the place.

 

[pusb87]

i have read where people put this command on the custom configurations made their VPN faster

I haven't tried it because I only have a 15 megabit line but a few people have mentioned it. Maybe try this without overclocking the router. it will get hot and then you need a cooling fan.
I have seen where people overclocked the CPU and didn't get any major difference although this command should bump it to a faster speed.
If anyone can try with high speed connections and confirm that this command pushes their speeds way more then tradition, I will put it in the guide.

try without the push command first and then add the push commands. I have a feeling all you need is the sndbuf and the revbuf.
Please if someone can test this I would appreciate it.

sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"

there may be something in this
i have just added

sndbuf 524288
rcvbuf 524288

and results upped from d/l of ~30 to 40 ( top 2 results with additional commands)

would you expect to see a temp rise with just this added with no overclocking ?
PS I have 150 d/l and 10 u/l and results are from Ethernet connection

 

[john9527]

try without the push command first and then add the push commands. I have a feeling all you need is the sndbuf and the revbuf.
Please if someone can test this I would appreciate it.

sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"

But, like a lot of things.....if you 'push' in one place, something 'pops' in another. If you have a problem with bufferbloat over your VPN, this is likely to make it worse.

 

[yorgi]

there may be something in this
i have just added

sndbuf 524288
rcvbuf 524288

and results upped from d/l of ~30 to 40 ( top 2 results with additional commands)

View attachment 9106

would you expect to see a temp rise with just this added with no overclocking ?
PS I have 150 d/l and 10 u/l and results are from Ethernet connection

you will never reach 150mb/s with a router its just the way it is. The cpu cant handle it.
if you are getting 40mb/s that's pretty normal. I wouldn't overclock the cpu because you can fry the router.

 

[pusb87]

you will never reach 150mb/s with a router its just the way it is. The cpu cant handle it.
if you are getting 40mb/s that's pretty normal. I wouldn't overclock the cpu because you can fry the router.

I fully understand i will never reach 150...i never expected to...i was just doing what you aksed >>>> "Please if someone can test this I would appreciate it."

so i did !!

i don't plan to do any overclocking either

 

[chitenavi]

Hello, i need help. I have an Asus rt-ac87u with merlin firmware, my vpn client works fine but i want only 3 devices throw my ISP and all another one throw VPN. I tried with policy rules with 192.168.1.0/24 to VPN and these 3 devices to ISP, that works but Transmission client on router use ISP ip. If i don't use policy rules and the VPN is activated then Transmission work throw VPN.
Thats my question, how i can setup all my traffic, Transsmision inclusive, throw VPN and only 3 devices throw my ISP??

Thanks in advance...

Enviado desde mi MI 5s Plus mediante Tapatalk

 

[yorgi]

Yorgi,

I hope you may be able to help me. I have been getting an AUTH_FAILED error after being connected for a few hours using either 128 or 256 encryption. I never used to have any problems. I have an 88U unit running the latest merlin build 65.4 I have even gone back to prior firmware 64.2 and have the same problem. VPN works fine when switching on or starting with wan but a few hours later i notice the vpn down and it shows authentication failed. I can switch it on again but cant figure out why it dies like that. I have reset the router to factory defaults as well and cant keep it from happening. I have 2 PIA accounts and the router is the only place I have an issue so i have ruled out account issues. I read that it could be a problem with the files open vpn creates but I would have thought any corrupt files would be gone on a factory reset.

I would appreciate any help someone could offer.

Thanks.

If you are using recent firmware disable this Cipher Negotiation
For some reason PIA doesn't use this cipher and it falls back to legacy 128 bit encryption.
This way it will work like the guide and it shouldn't drop connection.
I tried using no fallback only the new Cipher and it wouldn't connect properly so I disabled the new option and things are working nice now. I too had drops and it wouldnt reconect properly.
PIA will probably update soon to work with the new features of Open VPN
I will post when I find out more.

 

[yorgi]

Yorgi may I ask you a simple question, which firmware worked 100% with your original guide?

380.58
but the new version is fine. All you have to do is disable the Cipher Negotiation and use the legacy cipher otherwise you won't be able to re connect to PIA if the server drops.

 

[Jeremy37]

I want to share this to you guys, I have RT-AC68U with Merlin 380 and I'm having a problem connecting to my astrillVPN, when connecting to my VPN it always prompt a connecting status but it never connects at all it just keeps loading. I already restart my router and browser and still having an issue. I try to clear my browser's cookies and cache and these resolved my issue. I hope this help to other users that use astrillvpn.