What's new

Private Internet Access OpenVPN Client Custom Configuration

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

VacTacks11

Occasional Visitor
I'm able to create an OpenVPN client on my 87R with no problem. My question is more around Custom Configuration.

The posts that I've read that outline how to create an OpenVPN client on Merlin all have different entries in the Custom Configuration area.

For example, on PIA's own support forum, one post has:

Code:
tls-client
remote-cert-tls server
reneg-sec 0
verb 4
comp-lzo
mssfix 0
mtu-disc yes

Yet, two posts down someone has:

Code:
tls-client
ns-cert-type server
remote-cert-tls server
reneg-sec 0
verb 4
comp-lzo
mssfix 0
mtu-disc yes

Going to a different site, it's recommended that the following is used:

Code:
tls-client
remote-cert-tls server
reneg-sec 0

I guess I'm asking what the difference is between them, and what do I really need in there vs. what I don't?

Thanks
 
Some of these settings make no sense. For instance, "comp-lzo" should be defined through the "Compression" webui setting, not through the custom settings - the two will conflict. "verb 4" merely changes the logging level, and will conflict with the firmware already using "verb 3" by default.
 
I am having problems starting up OpenVPN with PIA myself. To further add to the confusion, here are a couple more custom config settings.

http://www.thinhammer.com/index.php...-vpn-client-using-private-internet-access-pia
From the SNB Forum for setting up the OpenVPN Client:
Code:
tls-client
remote-cert-tls server
reneg-sec 0

https://www.privateinternetaccess.com/forum/discussion/comment/15781/#Comment_15781
From the OpenPrivateAccess forum for setting up the OpenVPN Client with DD-WRT (recommended for Asus-Merlin Forks):
Code:
persist-key
persist-tun
tls-client
comp-lzo
verb 1

This last one is probably wrong because, according to Merlins post above, the setting should be "verb 3" instead of "verb 1".

Is there another SNB forum member who uses PIA with OpenVPN able to get the OpenVPN client to work and the router to encrypt all traffic?
 
I am having problems starting up OpenVPN with PIA myself. To further add to the confusion, here are a couple more custom config settings.

http://www.thinhammer.com/index.php...-vpn-client-using-private-internet-access-pia
From the SNB Forum for setting up the OpenVPN Client:
Code:
tls-client
remote-cert-tls server
reneg-sec 0

https://www.privateinternetaccess.com/forum/discussion/comment/15781/#Comment_15781
From the OpenPrivateAccess forum for setting up the OpenVPN Client with DD-WRT (recommended for Asus-Merlin Forks):
Code:
persist-key
persist-tun
tls-client
comp-lzo
verb 1

This last one is probably wrong because, according to Merlins post above, the setting should be "verb 3" instead of "verb 1".

Is there another SNB forum member who uses PIA with OpenVPN able to get the OpenVPN client to work and the router to encrypt all traffic?

I have been using PIA for about a week now. After reading RMerlin's post above I removed comp-lzo and verb 1 from the Custom Configuration. Everything appears fine. Initially I had followed the "Alternate Setup For Tomato" on PIA's client support website.
 
Code:
tls-client
remote-cert-tls server
reneg-sec 0
verb 0

This is what I'm using with PIA, I used many other different custom configs before but to be honest I never had problems making a successful connection with anything I threw in there...

I'm using "verb 0" atm because I want my log cleaner, "verb 3" is to "spamming" for me!

Keep in mind that PIA requires any sort of encryption, default option may be used (equals AES-256-CBC if not mistaken) and "Accept DNS configuration" can't be disabled, use one of the 3 options available having in consideration what is best for your situation.

Code:
Disabled = DNS servers sent by VPN-provided DNS server are ignored
Relaxed = DNS servers sent by VPN-provided DNS server are prepended to the current list of DNS servers, of which any can be used
Strict = DNS servers sent by the VPN-provided DNS server are prepended to the current list of DNS servers, which are used in order (existing DNS servers are only used if VPN-provided ones don't respond)
Exclusive = only the VPN-provided DNS servers are used
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top