Guide: Setting up Asus RT-AC68U Router with PrivateInternetAccess

openvpn
rt-ac68u
vpn-guide

#1

So, I’ve been playing around with my home server, HTPC and other bits and pieces… and I decided to install a VPN again - which can be a bit of a chore, especially when you want to install it on a headless server running something like unRaid. I thought to myself: Why bother with all this? I wonder if I can do something at router level… and you know what, you can.

Some/Many of you will know about VPNs. But, some of you won’t. I thought I’d just knock up a quick guide to my setup experience… - As I’m frankly a complete noob at this - and then discuss about any issues/errors/problems/benefits that I may be having.

Many of us actually have this router, the Asus RT-AC68U. It’s been around a while, but is still a current model. It seems a majority of ASUS routers can handle internal VPN clients so check out the latest ASUS Routers here.

Once you’ve got a compatible router, the next step is to sign up to a VPN. I did a tonne of research - read reviews, tried to dissect the ones that had fake reviews or fake complaints and ended up signing up to privateinternetaccess.

4 reasons for choosing PIA.

  1. They collect no information on you. You don’t even pick a username - you just get emailed a username and password randomly
  2. You can use anonymous payment methods, including bitcoin.
  3. From what I read and experimented with - they are very quick. I don’t intend to play games over my VPN - but I don’t pay for 100mb broadband for no reason. speed isn’t guaranteed though - so you do have to experiment. I can turn the VPN on and off as required.
  4. They are reasonably cheap to run PAYG (about £5 a month) - or if you are dedicated, you can pay for 2 years in advance and get it down to just a couple of quid a month.

So. Signed up with them. I’m sure you can work out how to do that.

Next step. Configure your router. sign into the control panel which is usually 192.168.1.1 (or http://router.asus.com)

Select VPN from the option menu on the left side and then select VPN client from the tab at the top.

Clicking Add Profile should bring up a pop-up box with 3 tabs at the top. PPTP, L2TP and OpenVPN. It’s the OpenVPN one that we’re after.

Next thing to do is open up a new tab on your browser, and go to this address:
https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip - (Note, I’ve chosen the strong OVPN pack. Others are available.)

This will download a compressed file containing lots of setup files for various VPN nodes. decompress the file to somewhere useful.

Going back to your router control panel tab, add a description - I normally include the location of the VPN, so lets say PIA Finland in this example.

Then add the username and password that would have been sent to you in an email when you registered with privateinternetaccess.

Then you need to import a corresponding .OVPN file that you downloaded and decompressed. Click choose file, locate the folder, and choose the location you want your VPN in. Click upload.

Next, click the tickbox Import the CA file or edit the .ovpn file manually. Another box will appear where you can import the CA file. Click Choose File and select the file ca.rsa.4096.crt. Then click Upload.

vpn-guide-2

Click OK and you should see your VPN added to your list. To start your VPN, just click Activate - You should see a blue tick appear on the left when it connections correctly.

vpn-guide-3

Now - You may think we’re all done. But NO! Read on…

You’re not completely anonymous, even when you tunnel your connection through a VPN. This is because your DNS can be leaked and traced back to your actually IP address. So we need to change this.

So, on the main screen of your router control panel, select WAN then select under the Internet Connection tab, find Connect to DNS Server automatically - Change this to NO. Enter the DNS server 1 and 2 boxes with these IP address respectively:

  • 209.222.18.222
  • 209.222.18.218

These are supplied by PIA and designed not to leak your identity via the DNS server.

Ok. So, now that’s done - let’s test it. Go back to VPN and VPN Client and click Activate - Wait for the blue tick to kick in.

Next, go to this page: https://www.privateinternetaccess.com/pages/whats-my-ip/

This is what my screen looks like:

As you can see, I’m in Paris. Apparently.

Next, we should check for DNS leaks. Goto: http://dnsleak.com and hit test - It should come back showing no errors, like this:

and there you go. A VPN to all your computers and devices on the network!

So, is it perfect?

Welll… Not quite, it does what I want it to do. It is not something I can leave permanently on - but I never actually intended to.

The first thing to remember is that NOWTV detected I was on a VPN and didn’t allow playback - now, I was connected to France, so fair enough - I’ll have to see if a UK VPN works. I imagine the same will be for netflix. However, I can obviously now access other countries networks should I desire, and turning the VPN off is super quick and easy.

My email server was throwing a bit of a strop too - but I’m sure that’s just a configuration setting.

Speedwise, it can be hit and miss. I’ve had some speedtest results hitting between 10-30mbps. Which compared to some people’s home connections, is probably pretty good.

I will provide updates if needed as I use it more. Happy to hear other experiences/advice/questions.


#2

So, bit of a update on this.

Seems that the DNS server that is provided by PIA generates a lot of packet loss - noticeable in programs like Discord. Must be down to location maybe. I don’t run Discord through the VPN, but I did leave the custom DNS enabled.

Simple fix is to disable it when not in use.