How To Setup Merlin for: ASUS CM-32_AC2600 Router

[Francis P. Mejia]

Hello To Whom May be Listening,

New to the Forum and require advice for setting up Merlin on my brand new ASUS CM-32_AC2600 Router that I have using Comcast as my internet service...

...I currently have Private Internet Access VPN that isn't working without Merlin on my new router.

Thanks in advance for any and all help :]

 

[RMerlin]

That device is not supported.

https://asuswrt.lostrealm.ca/about

 

[Francis P. Mejia]

Thank you...

 

[Jack Yaz]

Thank you...

Return and get the standard AC3200 and use the Comcast modem in bridge mode, connected to WAN on the 3200.

 

[Francis P. Mejia]

Return and get the standard AC3200 and use the Comcast modem in bridge mode, connected to WAN on the 3200.

We had habitual connectivity issues with our old bridgemode setup connected to a Linksys FlashRouter. Hence the attempt to try our VPN on a single router connected to a comcast dedicated Asus router... appreciate the advice, I may go back to the old setup (slow speed / vpn / connectivity blackouts) or just stay with the current setup (quadruple the speed / no vpn / no blackouts) I'm gonna miss my VPN thou

 

[Jack Yaz]

We had habitual connectivity issues with our old bridgemode setup connected to a Linksys FlashRouter. Hence the attempt to try our VPN on a single router connected to a comcast dedicated Asus router... appreciate the advice, I may go back to the old setup (slow speed / vpn / connectivity blackouts) or just stay with the current setup (quadruple the speed / no vpn / no blackouts) I'm gonna miss my VPN thou

You may find the bridge behaves properly when connected to the Asus. Worth a go!

 

[Francis P. Mejia]

You may find the bridge behaves properly when connected to the Asus. Worth a go!

You're right, I'm just bummed out that my new ASUS system / VPN didn't work out... I shall keep trying!!! Thanks...

 

[CaptainSTX]

Hello To Whom May be Listening,

New to the Forum and require advice for setting up Merlin on my brand new ASUS CM-32_AC2600 Router that I have using Comcast as my internet service...

...I currently have Private Internet Access VPN that isn't working without Merlin on my new router.

Thanks in advance for any and all help :]

Go to PIA's web site and search and you will find the settings that you need. PIA works very well with Merlin's firmware on an ASUS router.

 

[Francis P. Mejia]

Go to PIA's web site and search and you will find the settings that you need. PIA works very well with Merlin's firmware on an ASUS router.

Unfortunately a PIA tech support ticket opened and closed with the rep stating that my specific router is unable to run merlin thanks for the effort...

 

[Zastoff]

Isent PIA vpn a open vpn client?
should be supported in that case
https://www.asus.com/Networking/CM-32-AC2600/specifications/

 

[Francis P. Mejia]

Isent PIA vpn a open vpn client?
should be supported in that case
https://www.asus.com/Networking/CM-32-AC2600/specifications/

I tried setting up the VPN without Merlin via ASUS' default portal. I downloaded the correct ovpn file and the correct certificate; uploading both and was unable to activate it after all the effort of multiple activation attempts. Thus my attempt to try and use Merlin :/

 

[Zastoff]

Try skip certificate dont use that with my open vpn client..
Must define certificate authority: NO
Verify Server Certificate: NO
Worth a try perhaps

 

[Francis P. Mejia]

Try skip certificate dont use that with my open vpn client..
Must define certificate authority: NO
Verify Server Certificate: NO
Worth a try perhaps

Still nothing... even tried it without the certificate

this is what the default portal vpn looks like... I added a description, user name and password along with the uploaded .ovpn file and certificate... for some reason unknown it just wont activate.

 

[Zastoff]

Maybe you can fin something in this tread
https://www.snbforums.com/threads/a...se-help-setup-pia-vpn-within-my-router.30421/

 

[Francis P. Mejia]

Maybe you can fin something in this tread
https://www.snbforums.com/threads/a...se-help-setup-pia-vpn-within-my-router.30421/

Thanks... That would help if I could gain access to the vpn but unfortunately PIA has given me the update that its not possible with my Asus Comcast Specific Router (AC2600) and Merlin doesnt support the router as well as DD-WRT and Tomato... thank you all for the kind efforts and time to reply to my inquiry... Godspeed!

P.S. See below for the fore-mentioned conversation with PIA, maybe this will help someone else who may have a similar issue, good luck!






Jeremy C. (Private Internet Access)

Nov 29, 13:47 MST


Hello Francis,

Thank you for the response, attached is the ovpn file that should work however as mentioned default ASUS firmware is not supported as of yet by our services. I would recommend installing Merlin via their site https://asuswrt.lostrealm.ca/download. Flashing Merlin is outside of our scope and we are not liable to any damages if they should occur when flashing the firmware. Just make sure you download the correct one for your device it will be listed via model number.


For your convenience I have included the file that you can try on the default ASUS firmware in plain text as well as attached on to this email:



client

dev tun

proto udp

remote uk-london.privateinternetaccess.com 1198

resolv-retry infinite

remote-random

nobind

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

persist-key

persist-tun

ping 15

ping-restart 0

ping-timer-rem

reneg-sec 0

remote-cert-tls server

#mute 10000

auth-user-pass

auth-nocache

comp-lzo

verb 4

pull

fast-io

cipher AES-128-CBC

<ca>

-----BEGIN CERTIFICATE-----

MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD

VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV

BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu

dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx

IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB

FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1

MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex

EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg

QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE

AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50

ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy

bmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXD

L1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzX

lH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWp

cdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/

8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB

/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RC

OfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tL

y8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZO

sqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpM

b3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4G

A1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUg

SW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2Vz

czEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j

b22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAn

a5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xU

ryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK3

7pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyC

GohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz

1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUt

YDQ8z9v+DMO6iwyIDRiU

-----END CERTIFICATE-----

</ca>

key-direction 0


If you use Merlin you can follow our Merlin guide to use the vpn: which I have included below.


Whilst we cannot officially support Merlin firmware, we've opted to write a setup guide for Merlin as the OpenVPN functionality is based off Tomato firmware. Currently we officially support DD-WRT, Tomato & pFsense.

We will endeavour to ensure that this article is accurate and up to date to the best of our ability.

To Setup Private Internet Access on Merlin firmware.

1. Login to the Asus Router control panel via a web interface.

2. On the left side menu, select the option 'VPN'

3. This will take you to the 'VPN Status' page. Select 'OpenVPN Clients' from the tabs at the top.

4. In this tab, you will be able to configure your OpenVPN clients in order to connect to the internet via your PrivateInternetAccess service.

5. Configure your client as follows:

• 
  
• Start with WAN: Yes.
  This will start your VPN when you connect to your ISP. If this is set to no, you will need to manually start your VPN service at the router level when your router restarts.
• 
  
• Interface Type: TUN
• 
  
• Protocol: UDP
• 
  
• Firewall: Automatic
• 
  
• Authorization Mode: TLS
• 
  
• Server Address: Select your address from our server list found here.
  In this example we used 'us-east.privateinternetaccess.com' (New York, USA)
• 
  
• Port: 1198
• 
  
• Username/Password Authentication: Yes
• 
  
• Username: Enter your PIA username (for example P1234567)
• 
  
• Password: Enter your PIA password (for example 12345678)
• 
  
• Username / Password Auth. Only: No
• 
  
• Extra HMAC Authorization: Disabled
• 
  
• Auth Digest: Default
• 
  
• Create NAT on Tunnel: Yes

6. Click the option next to 'Authorization Mode: TLS' that says 'Content modification of Keys & Certificates.'

7. Download the Certificate Authority from www.privateinternetaccess.com/openvpn/ca.rsa.2048.crt

8. Open the file with a text editor and then copy and paste the contents of ca.rsa.2048.crt into the Certificate Authority.

9. Scroll down to the bottom and click 'Save'

10. Under Advanced Options, configure your client as follow:

• 
  
• Global Log Verbosity: 1
• 
  
• Poll Interval: 0
• 
  
• Accept DNS Configuration: Strict
• 
  
• Encryption Cipher: AES-128-CBC
• 
  
• Compression: Adaptive
• 
  
• TLS Renegotiation Time: -1
• 
  
• Connection Retry: 30
• 
  
• Verify Server Certificate: No
• 
  
• Redirect Internet Traffic: No

11. Under Custom Configuration, enter the following:

persist-key
persist-tun

12. Click 'Save'.

13. You will now be able to set the 'Service State: On' (located at the top of the options). Service State on will only stay green and On when your service is correctly configured.

14. To see the status of your VPN service, you may check the 'VPN Status' tab located at the top which will actively poll your connection to give you the latest statistics on your connection.

If the VPN Status page constantly says 'Connecting (server address & port)' it indicates potential issues with the connection settings or Certificate Authority. Please refer to steps 5 and 6 and verify that all settings are correct.

Kindest regards,




Jeremy C.
Advanced Technical Engineer
Private Internet Access™

Private Internet Access: We've Got Your Back