Setting up VPN on router...couple of questions...

[THXTom]

Hello all,


Running RT-AC66U w/Merlin’s 378.55

Currently using PIA/VPN

Want to run PIA/VPN on router.

Been researching last few days as I’m new to this and think I have it figured out to set up…but have a few last questions…
========================
Is it possible using the Asus Merlin firmware to set a specific PC/smart TV/TV Box up on the LAN to route it's traffic through a VPN connection which has been setup on the Asus router?

Then the rest of the home Laptops/PC’s/phones on the LAN to bypass the VPN settings and go out on the web as normal?

Also, is it a simple matter of going to VPN>OpenVPN Clients>Service state “off” to disable open vpn altogether?



Thanks, Tom

 

[yorgi]

Hi

here is a setup guide for VPN with Merlin and PIA
http://www.thinhammer.com/index.php...-vpn-client-using-private-internet-access-pia

You need to change a couple of options from that illustration as follows;

accept dns configuartions input "Strict"
encryption chipper "BF-CBC"
Username / Password Auth. Only "YES"
and for custom configurations at the bottom use the following;

tls-client
remote-cert-tls server
reneg-sec 0
verb 3

also you have to put the .crt from PIA in
Authorization Mode
Content modification of Keys & Certificates. and paste it in the second box
Certificate Authority

You can setup to have up to 5 VPN and local your local isp and route the internet from whatever services you want and
will also drop any connections if your VPN goes down so you don't show your IP when the VPN goes down.
Here is the way to do it.
Setup a VPN and make sure it works.
Use Redirect Internet traffic to policy rules in the VPN section at the bottom.
setup Source IP with each device that you want connected to the VPN.
for example you can reserve 192.168.1.90 and destination ip 0.0.0.0 and lface VPN
also enable Block routed clients if tunnel goes down.
You can create as many ip address as you like to go via that vpn service.
So when you change your ip on your device to one of the reserved IP address's example 192.168.1.90 it will surf via VPN
You can simply add ip address's that you want to reserve for that specific VPN
so you can do this. 192.168.1.91, 192.168.1.92 etc
each IP is reserved for that specific VPN service. the great thing is that if the VPN goes down the firewall kicks in and stops traffic until the vpn re establishes this is why VPN on a router is better then software.
If you take the above example you can do the same for each VPN up to 5
example setup VPN 1 for canada. VPN 2 for NY, VPN 3 for europe etc.
For VPN 2 you can use ip range example 192.168.1.79 and on. Just make sure you don't use the same ip address on each vpn service you have.
by putting IP address's that are reserved for each VPN you can change ip address on your device according to the VPN you specified by the IP rules and switch from one to the other.
You can also create scripts that you can run on your PC or MAC to switch between IP address that corresponds to different VPN servers or your Local ISP
Go to this site
https://github.com/RMerl/asuswrt-me...ver-VPN-and-Drop-connections-if-VPN-goes-down
look at the bottom
VPN or Local ISP batch file for Windows this will show you how to create batch files to jump from one VPN to another.
also those scripts in that url are useless. you are better off using the vpn with ip tables from the firmware instead of creating scripts that run in the background with firewall. They mess up the QOS.
hope that helps you out

 

[THXTom]

https://drive.google.com/file/d/0B1kv1k4fworhVWVzMEItYWVyZms/view?usp=sharing

thanks yorgi, this will help.
How bout these settings, for fireTV, etc?

 

[el pescador]

Does this only run on merlin?Or stock as well?I have the AC88U and am running 1354 and dont want particularly want to change firmware till firmware are known to be very stable.
I want to run my PS4 via my vpn client only without having to redirect every other client.
Not too bothered if the vpn connection drops either as im only using it for the PS4 at the moment.

 

[yorgi]

Does this only run on merlin?Or stock as well?I have the AC88U and am running 1354 and dont want particularly want to change firmware till firmware are known to be very stable.
I want to run my PS4 via my vpn client only without having to redirect every other client.
Not too bothered if the vpn connection drops either as im only using it for the PS4 at the moment.

On stock firmware the only way to do it is if you ssh to the router and manual upload scripts and start them every time.
Big pain in the butt, because each time the power glitches you have to start the process all over again.
You also need to know how to script
I would suggest putting Merlin firmware on your router even though its fairly new, at least to try it
This article explains the scripts in detail, but you have to manually setup jffs partition and then load them via puddy.exe and make them executable

chmod a+rx /jffs/scripts/*

https://github.com/RMerl/asuswrt-me...ver-VPN-and-Drop-connections-if-VPN-goes-down

This works, I had it running like that for a while on my stock firmware until I got fed up and went the Merlin way

good luck

 

[el pescador]

I want to try merlin but a bit worried that if i decide to go back to stock or another firmware i might lose 4 ports....ike another user reportedly had.

 

[yorgi]

I want to try merlin but a bit worried that if i decide to go back to stock or another firmware i might lose 4 ports....ike another user reportedly had.

That is not possible because even if you bricked the router ASUS gives you a recovery utility that you can put firmware back in minutes and have it running like new. Do it don't worry.

Merlin announced a new firmware that he is working on that will work a lot better for your 88u
here is the link

http://www.snbforums.com/threads/test-builds-380-58-alpha-builds-are-now-available.30648/

here is a step by step setup for for VPN setup on Merlin Firmware

http://www.snbforums.com/threads/ho...n-firmware-a-step-by-step-how-to-guide.30851/