What's new

Setting Up NordVPN on Asus RT-AC68U

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

smallnet

Occasional Visitor
I am trying to follow the instructions here:

Based on step 7, I import the .opvn file, and it prepopulates some fields, as expected. Then, as I get to step 9 of the instructions, it tells me to:

Code:
9. In the Custom Configuration field, enter this text:

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0

#log /tmp/vpn.log

But there is already code in the Custom Configuration field, specifically, it was inserted there by the import of the .opvn file.

How do you handle this, do you remove what's prepopulated and put the code form step 9?
Do you merge these entries (add to whatever is already there)?

EDIT: I am asking here in case someone knows, but have an outstanding question sent to NordVPN and if they respond, I'll post here.

EDIT2:
Just to close this out, NordVPN got back to me saying:

"In step 9 of the AsusWRT Merlin tutorial, you have to change everything that is in that Custom Configuration field to the given text so that it looks the same as in the provided picture."
 
Last edited:
Just ignore that step. All of those entries are already in the ovpn file you download from their website (you can compare them yourself just to make sure).
 
I am trying to follow the instructions here:

Based on step 7, I import the .opvn file, and it prepopulates some fields, as expected. Then, as I get to step 9 of the instructions, it tells me to:

Code:
9. In the Custom Configuration field, enter this text:

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0

#log /tmp/vpn.log

But there is already code in the Custom Configuration field, specifically, it was inserted there by the import of the .opvn file.

How do you handle this, do you remove what's prepopulated and put the code form step 9?
Do you merge these entries (add to whatever is already there)?

EDIT: I am asking here in case someone knows, but have an outstanding question sent to NordVPN and if they respond, I'll post here.

yes just paste over it. might be the same thing though double check. If I recall a few entries were different when I last did it. make sure you using the latest instructions though these vpn websites archive them alot.
 
I'm curious about something.

The NordVPN Article for configuring Merlin says to use these two DNS Servers:

103.86.96.100
103.86.99.100


The source article is here, Step #10:

1607090901135.png


What confuses me is that those DNS servers (103.86.96.100 & 103.86.99.100) seem to point to this
ISP:
Datacamp Limited

Country:
Singapore

When I opened a Support Ticket with NordVPN they claimed those are not NordVPN DNS Servers...

@smallnet do you also return that ISP when running www.dnsleaktest.com ?

@Jack Yaz Does your script update those DNS IP Addresses automatically too?

Thanks!
 
Last edited:
The NordVPN Article for configuring Merlin says to use these two DNS Servers:

103.86.96.100
103.86.99.100


The source article is here, Step #10:

View attachment 28199

What confuses me is that those DNS servers seem to point to this
ISP:
Datacamp Limited

Country:
Singapore
NordVPN appear to be incapable of producing accurate and consistent documentation. Apart from the previously discussed redundant Step 7 the DNS information is also misleading.

The 103.86.96.100 and 103.86.99.100 addresses appear to geolocate. So for me they look to be located in France (because I'm in the UK). Those address do at least appear to be publicly accessible unlike the two addresses shown in their screen shot, 103.86.96.96 and 103.86.99.99. These later addresses should not be entered as WAN DNS servers. :rolleyes:

Personally I don't trust the availability of any of NordVPN's DNS servers so I don't use them for the router's WAN DNS.

 
NordVPN appear to be incapable of producing accurate and consistent documentation. Apart from the previously discussed redundant Step 7 the DNS information is also misleading.

The 103.86.96.100 and 103.86.99.100 addresses appear to geolocate. So for me they look to be located in France (because I'm in the UK). Those address do at least appear to be publicly accessible unlike the two addresses shown in their screen shot, 103.86.96.96 and 103.86.99.99. These later addresses should not be entered as WAN DNS servers. :rolleyes:

Personally I don't trust the availability of any of NordVPN's DNS servers so I don't use them for the router's WAN DNS.

Thanks, I'm glad to know I'm not going crazy. I definitely overlooked the screenshot DNS's were different.

So then two things:

1) To be clear, which of these are you saying should not be entered?

103.86.96.100 & 103.86.99.100

Or

103.86.99.99 & 103.86.96.96


2) Which DNS Servers do you recommend to use for the WAN DNS combined with NordVPN?

Thanks again!
 
1) To be clear, which of these are you saying should not be entered?
Do not enter these: 103.86.99.99 & 103.86.96.96

2) Which DNS Servers do you recommend to use for the WAN DNS combined with NordVPN?
I don't really have a recommendation as my use case is probably different than most people's. I don't have the VPN enabled most of the time so I use my ISP's DNS servers as they are the quickest. Also, even when I do enable the VPN I'm not interested ensuring that DNS leaks never happen in any circumstance. So it all comes down to what the individual is trying to achieve.
 
I'm curious about something.

The NordVPN Article for configuring Merlin says to use these two DNS Servers:

103.86.96.100
103.86.99.100


The source article is here, Step #10:

View attachment 28199

What confuses me is that those DNS servers (103.86.96.100 & 103.86.99.100) seem to point to this
ISP:
Datacamp Limited

Country:
Singapore

When I opened a Support Ticket with NordVPN they claimed those are not NordVPN DNS Servers...

@smallnet do you also return that ISP when running www.dnsleaktest.com ?

@Jack Yaz Does your script update those DNS IP Addresses automatically too?

Thanks!
i wouldn't recommend setting WAN DNS to VPN servers. You should be able to set Accept DNS to Exclusive then anything going through the VPN tunnel will use Nord's DNS.
 
i wouldn't recommend setting WAN DNS to VPN servers. You should be able to set Accept DNS to Exclusive then anything going through the VPN tunnel will use Nord's DNS.

this is what I do.

but also make sure your wan dns isn't set to automatic. On stock for example it will tell you your internet is disconnected on my network. It causes sketchy problems. and I recommend against using isp's dns servers regardless because they are a huge security risk. Just put any public dns there like cloudflare or google or opendns etc...

And Ya I agree with Colin don't use the vpn servers from the nord picture. Thats a real oversight from Nord, probably using pictures from a previous tutorial that is now outdated. The customer service is abysmal, but expressvpn and pia are pretty much on par with them. You can't expect much help from these vpn companies is what i've come to learn.
 
You are overthinking it...

1) Download OpenVPN config file from NordVPN server page
2) Upload it to your router
3) Enter username and password
4) Set DNS mode to "Exclusive"
5) Start your VPN client
 
Just to close this out, NordVPN got back to me saying:

"In step 9 of the AsusWRT Merlin tutorial, you have to change everything that is in that Custom Configuration field to the given text so that it looks the same as in the provided picture."
 
Just to close this out, NordVPN got back to me saying:

"In step 9 of the AsusWRT Merlin tutorial, you have to change everything that is in that Custom Configuration field to the given text so that it looks the same as in the provided picture."


ignore the picture, just paste over everything that it tells you to put from the tutorial text. I doubt They mean the actual text from the picture, just the spot and how its pasted there in the same format.

I personally had problems using Nord on an ac66u_b1 and ax58u. Constant timeouts and the occasional auth fail. Their customer support either told me something was wrong with the firmware or that my password was compromised lol. People on these forums were blaming my ISP. I gave up on them and switched to PIA which has no issues. With them you don't even have to change anything from the default in that custom config field. Only thing I have ever added there for PIA is the dns server address for my pi-hole, or the PIA dns addresses (which they recommend you put in the .ovpn file) PIA openvpn and wireguard was just as fast as Nord in my area and not blocked by networks any more or less.
 
I have Nord setup on our AC-86U, working fine. I set DNS to "Disabled" and use OpenDNS in the WAN config. Additionally I do have some DNS filtering setup; a couple of devices that are set up to go through Nord's Smart DNS (specifically the smart tvs). Note that in DNS filtering I have the default set to "Router" (I had accidentally set this to OpenDNS Home and had no end of issues connecting devices!).
Finally I have a TCP/UDP drop on port 53 setup so that devices cannot bypass OpenDNS by picking their own dns. I am pretty sure though that if a device is using a VPN client (including the Nord one) that they will bypass the router DNS handling; though I havent done any testing to confirm that is the case.

For setup, I just uploaded the config file, left pretty much everything else default, copied and pasted in the text as shown in the Nord Merlin setup page.
I also added a WAN entry for the router's IP at 192.168.1.1, and VPN entry for the whole network at 192.168.1.0/24
I do have a couple of gaming devices set to "WAN" to allow them to bypass the VPN to reduce ping when gaming.

So far so good.

I highly recommend having a read of this page Policy based routing · RMerl/asuswrt-merlin.ng Wiki · GitHub as it helps get some of the info straight. I also did come across a DNS line that can be added to the copy/paste config for the VPN in the router:
push "dhcp-option DNS 192.168.39.9"

more info on that in this thread: (2) AsusWRT / Merlin 380.66_4 OpenVPN DNS server setting | SmallNetBuilder Forums (snbforums.com)
Note that I didnt end up using that config as I wanted the router to handle the DNS anyway.
 
Sorry, I am a new user for NordVPN, I don't know which went wrong or may be I missed some steps in setting, I just can't connect my RT-AC86u after applying NordVPN setting. While I can see my IP address and my Status is Protected under NordVPN web page, anyone here can teach my how to reconnect my router . Thanks
 

Attachments

  • ScreenShot_20210502001340.png
    ScreenShot_20210502001340.png
    278.3 KB · Views: 207
Sorry, I am a new user for NordVPN, I don't know which went wrong or may be I missed some steps in setting, I just can't connect my RT-AC86u after applying NordVPN setting. While I can see my IP address and my Status is Protected under NordVPN web page, anyone here can teach my how to reconnect my router . Thanks
Don't use your external DDNS address from within your LAN, use http://router.asus.com/ or the IP address e.g. http://192.168.50.1
 

Attachments

  • InkedScreenShot_20210502012544_LI.jpg
    InkedScreenShot_20210502012544_LI.jpg
    97.5 KB · Views: 268

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top