Double Tunnel using Merlin and PC
I've discovered an interesting scenario: say my location is Seattle. If I open a VPN tunnel to the PIA Seattle server with my Asus AC-66U Merlin router, and then open a second VPN tunnel on a Windows 7 PC running the PIA app to the same Seattle server, my PC appears to do all the encryption while the router just passes the data through to the PIA server. Note that I am using the same login for both devices, and the PC is statically routed through the router's VPN tunnel. Also, I am using policy routing in the Asus router with the kill switch enabled.
My assumption is that it's not a double tunnel at all, and that since both devices are logged into the same server, the router somehow knows it doesn't need to encrypt the traffic, and therefore the connection is completed via a single tunnel to the server, passing through the Asus without double encryption. Sound about right? If I'm correct, this is a useful setup for folks like me with underpowered routers that would like a second kill switch at the router for peace of mind.
My assumption is that it's not a double tunnel at all, and that since both devices are logged into the same server, the router somehow knows it doesn't need to encrypt the traffic, and therefore the connection is completed via a single tunnel to the server, passing through the Asus without double encryption. Sound about right? If I'm correct, this is a useful setup for folks like me with underpowered routers that would like a second kill switch at the router for peace of mind.
Comments
Well... does anyone know how to set Merlin to not use encryption? I'd still like to use the kill switch feature on the router. My logic is this: if both devices are connected to the same server (Seattle), then they'll both experience any outage that may occur, and the Merlin router will kill the connection to any devices until it can be restored.
Additionally, there are numerous articles on the internet stating that it does increase security.
Someone, anyone, please help me in my quest to turn off the encryption in Merlin.
Port 1195: For no encryption use with encryption type set to none and Auth digest set to none and in custom configuration add auth none. this method is the fastest and full speed but without encryption. Not very safe.
And got this in my System Log:
I see the server certificate verification isn't working... do I need to change it from TLS?
I ditched the Win7 virtual machine because it refused to use AES-NI. It really taxed the CPU. I am now running Docker DSM (DDSM) on my Synology NAS using Synology's Download Station for bittorrent. DDSM is running through an OpenVPN connection to PIA using 128-CBC encryption (~1% CPU usage @ 5 MB/s with AES-NI enabled). My Merlin Asus router is connected to PIA, but without encryption and uses <5% CPU. The kill switch is activated in policy based routing on Merlin to shut off connection to DDSM in the offchance the connection drops.
The end result is a fully isolated bittorrent client on a double redundant OpenVPN connection that uses minimal resources. I've just finished setting up scripts and installing FileBot for full HTPC automation to my Plex server. All that's left now is to crack a cold one, sit back, relax, and enjoy the show! Thanks for the help!