Private Internet Access Settings (N66U)

[n66user-asus-merlin]

Unfortunately I've been unable to manage getting this going on my own with the countless resources sourced on the world wide web. I'm hoping someone might be able to point out some small mistake I've made in my settings.

Route: Asus N66U
Firmware: 3.0.0.4.374.39
VPN Provider: Private Internet Access (PIA) (www.privateinternetaccess.com)

Settings/Guides I've followed:
https://www.privateinternetaccess.c...on/1125/asus-rt-ac66u-openvpn-setup-guide-/p1
https://www.privateinternetaccess.c...tup-asus-rt-n66u-merlin-build-with-openvpn/p1
http://forums.smallnetbuilder.com/showthread.php?t=10314

Current Settings:
Interface Type: TUN
Protocol: UDP
Server Address: us-east... and Port 1194
Firewall: Automatic
Authorization Mode: TLS (I've inserted certificate into the CA space)
Username/Password Authentication: Yes
Username PIA username
Password PIA Password
Username Auth. Only: No
Extra HMAC authorization: Disabled
Create NAT on tunnel: Yes
Advanced Settings
Poll Interval: 0
Redirect Internet traffic: No
Accept DNS Configuration: Strict
Encryption cipher: Default
Compression: Adaptive
TLS Renegotiation Time: 0
Connection Retry: 30
Verify Server Certificate: No
Custom Config:
persist-key
persist-tun
tls-client
comp-lzo
verb 1
reneg-sec 0

Under VPN Details Tab:
Basic Config:
Broadcast Support: Disable
Authentication: Auto
All Checkboxes for MPPE Encruption
Connection to DNS Server automatically: Yes
Connection to WINS Server automatically: Yes

Under the left hand column (WAN).
WAN DNS Setting: It's set to Yes for Connect to DNS Server Automatically

Would a system Log help?

Thanks in advance for any suggestions.

 

[Zirescu]

Yeah, you better include the system log. One difference I did note between your setup and the one they did for the AC66U was the following addition under the Custom Configuration section: "auth-user-pass /tmp/password.txt" there were a few more additional steps to update the password.txt file on the router. No mention of this being needed for the N66U though which I thought was odd.

 

[RMerlin]

What is your actual issue? Failure to connect? Traffic not being routed (which would be because you did not enable Redirect Internet Traffic according to your posted settings)?

 

[n66user-asus-merlin]

I'm not sure it's connected as I can't visit any web pages (google, etc.) and I've grabbed a few of the IP addresses of main sites to see if its the DNS not resolving and it's also not going anywhere.

System Log:
Feb 19 23:10:29 rc_service: httpd 324:notify_rc start_vpnclient1
Feb 19 23:10:29 kernel: tun: Universal TUN/TAP device driver, 1.6
Feb 19 23:10:29 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Feb 19 23:10:30 openvpn[14012]: OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Jan 31 2014
Feb 19 23:10:30 openvpn[14012]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Feb 19 23:10:30 openvpn[14012]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 19 23:10:30 openvpn[14018]: UDPv4 link local: [undef]
Feb 19 23:10:30 openvpn[14018]: UDPv4 link remote: [AF_INET]209.222.7.237:1194
Feb 19 23:10:30 openvpn[14018]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Feb 19 23:10:31 openvpn[14018]: [server] Peer Connection Initiated with [AF_INET]209.222.7.237:1194
Feb 19 23:10:33 openvpn[14018]: TUN/TAP device tun11 opened
Feb 19 23:10:33 openvpn[14018]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Feb 19 23:10:33 openvpn[14018]: /usr/sbin/ip link set dev tun11 up mtu 1500
Feb 19 23:10:33 openvpn[14018]: /usr/sbin/ip addr add dev tun11 local 10.150.1.6 peer 10.150.1.5
Feb 19 23:10:33 openvpn[14018]: updown.sh tun11 1500 1542 10.150.1.6 10.150.1.5 init
Feb 19 23:10:33 rc_service: service 14057:notify_rc updateresolv
Feb 19 23:10:33 dnsmasq[9882]: exiting on receipt of SIGTERM
Feb 19 23:10:33 dnsmasq[14060]: started, version 2.68 cachesize 1500
Feb 19 23:10:33 dnsmasq[14060]: asynchronous logging enabled, queue limit is 5 messages
Feb 19 23:10:33 dnsmasq-dhcp[14060]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 1d
Feb 19 23:10:33 dnsmasq-dhcp[14060]: DHCP, sockets bound exclusively to interface br0
Feb 19 23:10:33 dnsmasq[14060]: read /etc/hosts - 5 addresses
Feb 19 23:10:33 dnsmasq[14060]: read /etc/hosts.dnsmasq - 1 addresses
Feb 19 23:10:33 dnsmasq-dhcp[14060]: read /etc/ethers - 3 addresses
Feb 19 23:10:33 dnsmasq[14060]: using nameserver 206.248.154.170#53
Feb 19 23:10:33 dnsmasq[14060]: using nameserver 209.222.18.218#53
Feb 19 23:10:33 dnsmasq[14060]: using nameserver 209.222.18.222#53
Feb 19 23:10:33 openvpn[14018]: Initialization Sequence Completed

 

[n66user-asus-merlin]

Yeah, you better include the system log. One difference I did note between your setup and the one they did for the AC66U was the following addition under the Custom Configuration section: "auth-user-pass /tmp/password.txt" there were a few more additional steps to update the password.txt file on the router. No mention of this being needed for the N66U though which I thought was odd.

I think when the guide was published in May 2013, that may have been needed but I think with the newer firmware since it was published it's become redundant. (I could however be wrong.) Currently I do not log into the router to place any files in the /tmp folder but could if need be.

 

[n66user-asus-merlin]

What is your actual issue? Failure to connect? Traffic not being routed (which would be because you did not enable Redirect Internet Traffic according to your posted settings)?

I Checked the "Redirect Internet Traffic" now.

It must be connected as I can post here in this forum but I still can't visit any web pages. So I'm sort of dumbfounded.

Under VPN Status:
It does say OpenVPN Client 1 - Running
And a number of bytes being transmitted or received.

 

[RMerlin]

I Checked the "Redirect Internet Traffic" now.

It must be connected as I can post here in this forum but I still can't visit any web pages. So I'm sort of dumbfounded.

Under VPN Status:
It does say OpenVPN Client 1 - Running
And a number of bytes being transmitted or received.

Try a traceroute to a remote site from your computer, and see if it goes through your ISP or through the tunnel provider.

 

[Zirescu]

This post might fix the issue for you:
https://www.privateinternetaccess.com/forum/index.php?p=/discussion/comment/10778#Comment_10778

 

[n66user-asus-merlin]

Try a traceroute to a remote site from your computer, and see if it goes through your ISP or through the tunnel provider.

Tracing route to 98.139.183.24 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms RT-N66U [192.168.1.1]
2 24 ms 24 ms 28 ms 10.166.1.1
3 28 ms 24 ms 24 ms 66.55.134.193
4 24 ms 25 ms 26 ms 108.61.138.57
5 37 ms 24 ms 26 ms 108.61.65.41
6 25 ms 25 ms 26 ms 198.32.160.121
7 52 ms 41 ms 43 ms 216.115.100.74
8 32 ms 35 ms 48 ms 216.115.100.29
9 82 ms 36 ms 36 ms 98.139.232.105
10 34 ms 41 ms 36 ms 98.139.128.47
11 37 ms 40 ms 40 ms 98.139.129.211
12 38 ms 36 ms 51 ms 98.139.183.24

Trace complete.

I pinged the IP before I turned on the OpenVPN Client and received:

ping yahoo.com

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=38ms TTL=50
Reply from 98.139.183.24: bytes=32 time=46ms TTL=50
Reply from 98.139.183.24: bytes=32 time=40ms TTL=50
Reply from 98.139.183.24: bytes=32 time=52ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 52ms, Average = 44ms

However if I try to visit 98.139.183.24 on a browser it times out or goes nowhere.

 

[n66user-asus-merlin]

So it seems like the other devices on my network (wireless devices), haven't checked other wired devices are able to access web pages and such without any issues. Very strange yet on my regular desktop that's plugged directly to the router, things time out.