RT-AC88U Merlin - Route devices through different VPN servers

[GTATurbo]

Hi Guys,

I'm completely new to all this, but I was hoping to get some help regarding setting up my VPN service on my RT-AC88U. I've flashed Merlin and managed to get the VPN profiles installed on the 5 OVPN clients. All of the traffic routes through whichever client profile I switch on, but with multiple devices running at the same time and the natural throttling of the speed due to the Great Firewall (I'm in China), I would like the option to route different devices through different VPN servers to try to increase the speed. I'm using VyprVPN which allows 5 connections at a time, and they allow either 160bit or 256bit connections. I'm not overly worried about the security of the connection as I won't be doing anything illegal as such. All I want is to bypass the GFW to access Google, Facebook, Twitter et al for business purposes.
Can I set the router up to only route traffic to particular sites through the VPN server and the rest through the normal Chinese ISP? Can I route different devices through different servers to help with the slowing down of the speed?
Any help gratefully received. Please remember I'm very new to this. I'm not a tech idiot, but I'm not exactly an engineer either!

Thanks in advance.

 

[GTATurbo]

Oh, and I have searched for this, but I can't get my head around a lot of the info, so simple is better! Thanks again!

 

[Xentrk]

Hi Guys,

I'm completely new to all this, but I was hoping to get some help regarding setting up my VPN service on my RT-AC88U. I've flashed Merlin and managed to get the VPN profiles installed on the 5 OVPN clients. All of the traffic routes through whichever client profile I switch on, but with multiple devices running at the same time and the natural throttling of the speed due to the Great Firewall (I'm in China), I would like the option to route different devices through different VPN servers to try to increase the speed. I'm using VyprVPN which allows 5 connections at a time, and they allow either 160bit or 256bit connections. I'm not overly worried about the security of the connection as I won't be doing anything illegal as such. All I want is to bypass the GFW to access Google, Facebook, Twitter et al for business purposes.
Can I set the router up to only route traffic to particular sites through the VPN server and the rest through the normal Chinese ISP? Can I route different devices through different servers to help with the slowing down of the speed?
Any help gratefully received. Please remember I'm very new to this. I'm not a tech idiot, but I'm not exactly an engineer either!

Thanks in advance.

Yes, you can route some traffic to the WAN and some through the VPN tunnel using Policy Rules. Regarding the Client 1 to 6 screens. It is my understanding that it is not meant to run more than one at any given time. The intent is to allow you to have different clients configured and be able to switch between them.

Check out my OpenVPN client config example here and let me know that helps you. I use TorGuard but the settings have also helped some PIA customers.

https://www.snbforums.com/threads/h...oviders-10-15-fixed.30851/page-16#post-314475

I am using Merlin FW 380.65_2. I had to change some settings to get OpenVPN 2.4 to work when compared to prior Merlin FW releases which utilize OpenVPN 2.3.

Please give me feedback to see if it works for you. Also, check out yorgi's VPN setup guide for additional information, which is based on OpenVPN 2.3 release. https://www.snbforums.com/threads/h...ia-and-other-vpn-providers-10-15-fixed.30851/

 

[Martineau]

Regarding the Client 1 to 6 screens. It is my understanding that it is not meant to run more than one at any given time.

Err incorrect?

I and others have multiple concurrent VPN clients running;

e.g.
For personal banking I fire up a temporary concurrent VPN session to a UK node to access my account, without disrupting family viewing of USA content via an already (heavily) active USA VPN session.

However, permanently running 5 heavily loaded concurrent VPN Clients might be evidently disappointing on the CPU limited router!

The intent is to allow you to have different clients configured and be able to switch between them.

This was a concept that I originally trialled/exploited when using a Smart DNS for Netflix streaming and downloading i.e. 'follow the sun' for performance.

e.g.
I used a USA VPN exit point, and depending on the time of day, I had a cron job that switched the active VPN Client profile 1-5 between West Coast and East Coast USA assuming that the local regional USA traffic may be lighter due to the time difference in the UK.

Obviously with Selective Routing, this is now a little more complex as the Policy rules for the devices/ports are tied to a particular VPN Client profile, but can be easily fixed dynamically by a script!.

 

[Xentrk]

Err incorrect?

I and others have multiple concurrent VPN clients running;

e.g.
For personal banking I fire up a temporary concurrent VPN session to a UK node to access my account, without disrupting family viewing of USA content via an already (heavily) active USA VPN session.

However, permanently running 5 heavily loaded concurrent VPN Clients might be evidently disappointing on the CPU limited router!

Yes, the CPU load would be heaving having so many OpenVPN clients running concurrently.

I have a question on routing with this setup. Say you have 4 OpenVPN Clients running at the same time. How do you configure the router to define which clients should use which VPN client? Thanks!

 

[Martineau]

I have a question on routing with this setup. Say you have 4 OpenVPN Clients running at the same time. How do you configure the router to define which clients should use which VPN client? Thanks!

Enable Selective routing i.e. set 'Redirect Internet traffic=Policy Rules' in the VPN Client GUI, and enter your local devices/subnet to use the appropriate VPN profile.

Selective routing by source port / domain etc. will require a script or entries in dnsmasq etc.