I NEED ASSISTANCE !!!

Can anyone please help me with how to set up my PIA open VPN on Asus RT-N66U with firmware version 3.0.0.4.380_7743. I have been battling with this for days to no avail. I tried to follow the steps on PIA set up instructions for DDWRT old build on their website but no result. Although the my router's interface has a lot of similarities to the old build described on PIA's website but there's slight difference on my interface compared to the old build and that's what is probably making it difficult for me to use the old build procedures described on PIA's website.
Can anyone help? I don't want to brick my new router. I need help please!!!!

Comments

  • Posts: 453
    Can you be a little more specific as to what is different? That will help us to try and figure out what you are doing or need to do.
  • Posts: 6
    Hi,
       Than you for your response Omnibus_IV. I am a novice in this but i hope this will explain what i am trying to do; 
    This is the installation step guide i had from PIA below;

    FlashRouters offers plug and play DD-WRT Routers preconfigured Private Internet Access Routers for this setup.


    By default, DD-WRT may use your ISP's DNS servers using DHCP. For privacy reasons, we'll instead configure DD-WRT to explicitly use alternate DNS servers. The below servers are provided as an example, you can use any Public DNS service you would prefer, such as Google DNS (8.8.8.8 and 8.8.4.4), Level 3 (209.244.0.3 and 209.244.0.4), or you can use a combination to fill in the 3 Static DNS fields.


    You can find our CA Certificate here, which will be useful later.


    1. In the DD-WRT Administrative Interface, navigate to Setup > Basic Setup.
    2. Under Network Address Server Settings (DHCP), set: 
      Static DNS 1 = 4.2.2.1 
      Static DNS 2 = 4.2.2.2 
      Static DNS 3 = 4.2.2.3
      Use DNSMasq for DHCP = Checked
      Use DNSMasq for DNS = Checked
      DHCP-Authoritative = Checked
    3. Save and Apply Settings.
      DD-WRTOpenVPN1
    4. To Disable IPv6, Navigate to Setup > IPV6
    5. Set IPv6 to Disable, then Save & Apply Settings.
    6. Disable IPv6
      DD-WRTOpenVPN2
    7. To Enable Local DNS, Navigate to Services > Services
    8. If there is a DNS Suffix, Remove that
    9. Under DHCP Server, Set Used Domain to LAN & WLAN
    10. Under DNSMasq Ensure that DNSMasq, Local DNS, and No DNS Rebind are all enabled
    11. Save & Apply Settings. 
      DD-WRTOpenVPN3
    12. Navigate to Service > VPN
    13. Under OpenVPN Client, set Start OpenVPN Client = Enable. Other options will appear.
    14. Set Advanced Options to Enable, More options will appear.
    15. Set the following:
      Server IP/Name = us-california.privateinternetaccess.com [*
      Or if you prefer to use a specific location, You can find the full list of locations here: https://www.privateinternetaccess.com/pages/network
      Port = 1198 
      Tunnel Device = TUN 
      Tunnel Protocol = UDP 
      Encryption Cipher = AES­-128-­CBC 
      Hash Algorithm = SHA1 
      User Pass Authentication = Enable 
      Username, Password = Your PIA username & password 
      TLS Cipher = None 
      LZO Compression = Yes 
      NAT = Enable 
      DD-WRTOpenVPN4
    16. In Additional Config, Type:
      persist-key
      persist-tun
      tls-client
      remote-cert-tls server
    17. Download the file https://www.privateinternetaccess.com/openvpn/ca.rsa.2048.crt
    18. Right-Click the ca.rsa.2048 file, and Choose Open With, Then choose Notepad
      DD-WRTOpenVPN5
    19. Highlight the full contents of the ca.rsa.2048 file by pressing Ctrl+A then copy with Ctrl+C
    20. In DD-WRT, Paste, (Ctrl+P) the contents in the CA Cert field. Be sure the entire text gets pasted in, including "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
      DD-WRTOpenVPN6
    21. Save and Apply Settings
    22. To Verify the VPN is Working, Navigate to Status > OpenVPN
      Under State, you should see the message "Client: CONNECTED SUCCESS"
      DD-WRTOpenVPN7

    And this is my Asus RT- N66U router's interface below;

    Operation Mode:Wireless router Firmware Version:3.0.0.4.380_7743
     General
    Network Map
    Guest Network
    Traffic Manager
    Parental Controls
    USB Application
    AiCloud 2.0
    Advanced Settings
    Wireless
    LAN
    WAN
    IPv6
    VPN
    Firewall
    Administration
    System Log
    Network Tools
    LAN IP
    DHCP Server
    Route
    IPTV
    Switch Control
     
    LAN - DHCP Server
    DHCP (Dynamic Host Configuration Protocol) is a protocol for the automatic configuration used on IP networks. The DHCP server can assign each client an IP address and informs the client of the of DNS server IP and default gateway IP. RT-N66U supports up to 253 IP addresses for your local network.
    Basic Config
    Enable the DHCP ServerYes No
    RT-N66U's Domain Name
    IP Pool Starting Address
    IP Pool Ending Address
    Lease time
    Default Gateway
    DNS and WINS Server Setting
    DNS Server
    WINS Server
    Enable Manual Assignment
    Enable Manual AssignmentYes No
    Manually Assigned IP around the DHCP list (Max Limit : 64)
    Client Name (MAC address)IP AddressAdd / Delete
    No data in table.

                                                                   Apply


    General
    Network Map
    Guest Network
    Traffic Manager
    Parental Controls
    USB Application
    AiCloud 2.0
    Advanced Settings
    Wireless
    LAN
    WAN
    IPv6
    VPN
    Firewall
    Administration
    System Log
    Network Tools
    VPN Client
     
    VPN - VPN Client
    VPN (Virtual Private Network) clients are often used to connect to a VPN server to access private resources securely over a public network.
    Some devices like set-top boxes, smart TVs and Blu-ray players do not support VPN software.
    The ASUSWRT VPN feature provides VPN access to all devices in a home network without having to install VPN software on each device.

    To start a VPN connection, please follow the steps below:
    1. Add profile
    2. Select a VPN connection type
    3. Enter VPN authentication information provided by your VPN provider then connect.
    VPN Server List
    Connection StatusDescriptionVPN typeEditDeleteConnection
    No data in table.
                                                                      Add Profile

    Under Basic Settings;
         
    VPN Server
    VPN Client
     
    VPN Server - OpenVPN
    OpenVPN
    The wireless router currently uses a private WAN IP address (192.168.x.x, 10.x.x.x, or 172.16.x.x). Please configure DDNS service before starting the VPN server.
    Basic Config
    Enable OpenVPN Server
    OFF/ON
    VPN Details General Advanced Settings 
    Export OpenVPN configuration file
    RT-N66U will automatically generate a .ovpn file with the Certification Authority key. You can provide the .ovpn file with a username and password to all users connecting to the OpenVPN server. You can change the default settings of the OpenVPN server to provide a custom OPVN file for a specific connection type. To change OpenVPN server settings, go to Advanced Settings 
    1. Windows
    2. Mac OS
    3. iPhone/iPad
    4. Android
      Username and Password (Max Limit : 16)
      Connection StatusUsernamePasswordAdd / Delete
      -
       In Advance settings ;
          VPN Server - OpenVPN
      PPTP
      OpenVPN

      The wireless router currently uses a private WAN IP address (192.168.x.x, 10.x.x.x, or 172.16.x.x). Please configure DDNS service before starting the VPN server.
      Basic Config
      Enable OpenVPN Server

      VPN Details
      You can change the default settings of the OpenVPN server to provide a custom OPVN file for a specific connection type.
      To use your own key, click the yellow link to modify settings.
      Refer to the System Log for any error messages related to OpenVPN.
      Before configuring the advanced settings of the OpenVPN server, ensure that these advanced settings options are compatible with the OpenVPN software in the client devices.
      Advanced Settings
      Interface Type
      Protocol
      Server Port:
      1194
       (Default : 1194)
      Firewall
      Authorization Mode Content modification of Keys & Certification.
      Username / Password Auth. Only Yes No
      Extra HMAC authorization (TLS-Auth)
      VPN Subnet / Netmask
      10.8.0.0
       
      255.255.255.0
      Poll Interval
      0
       minute(s) (Disable : 0)
      Push LAN to clients Yes No
      Direct clients to redirect Internet traffic Yes No
      Respond to DNS Yes No
      Encryption cipher
      Compression
      TLS Renegotiation Time
      -1
       seconds (Default : -1)
      Manage Client-Specific Options Yes No
      Custom Configuration

       Apply  
                                    configuration





       I tried to follow the procedure given by PIA but i can find some of the things on the interface on my router,though there quite a few similarities on the interface. I don't know if am making any sense but any assistance to get it sorted will be much appreciated.Thanks.
    5. edited October 30 Posts: 453
      OK, you do not want to use the VPN Server function of your router. That is for you to setup your own VPN network. So ignore that guy.

      The one you want to use is the VPN Client. The first thing it is asking for is a profile. I believe that these profiles should work.
      https://www.privateinternetaccess.com/pages/openvpn-ios

      Even though they say iOS, I have used them on my Android and had no issues. The profile contains the certificates and the configurations. Just pick one that is close to you.

      I am not sure what they mean by connection type.

      The third part is the authentication. That would be your pxxxxxxxxx user name and your password.

      By the looks of it, that is all this router needs. I hope one of the tech support guys visits and corrects anything that I may have made a mistake. But by the looks of it, you are lucky to have a simple process.

      I will find the user manual for that device and see if I can make heads or tails out of the VPN Client setup.

      added - check out this page for more information. It might answer alot of your questions.
      https://getflix.zendesk.com/hc/en-gb/articles/205009280-Full-VPN-Setup-for-ASUS-Routers-OpenVPN


      Post edited by Omnibus_IV on
    6. Posts: 6
      Hi,
      Thanks for your assistance. I opened the link to texas.ovpn and uploaded on add profile under VPN client but after loading,it showed a message ," Lack of certificate Revocation". The 2nd link ovpn file too is showing error message: *,+l,:,?,,,,',/ ,,,[,],\,=,=" are invalid characters. I don't know what this means.
      Also under VPN server - OpenVPN, I have this messages :
      The wireless router currently uses a private WAN IP(192.168.x.x, or 172.16.x.x ). Please configure DDNS service before staring the VPN server.
      I don't know what all this means and will appreciate help to sort this out.Thank you.
    7. edited October 30 Posts: 453
      I apologze if things are getting convoluted here. I do not have your router so I am trying my best to determine the correct course to configure based on what I am reading.

      I believe the profile I directed you to is not going to work. Again, I apologize for that. So I would recommend getting the OpenVPN configuration files from here -
      https://www.privateinternetaccess.com/openvpn/openvpn.zip

      Lets work with those doing one thing at a time. Just download those files and put them in a folder called HOLD or something like that. Extract all the files and move these three files from HOLD to the working folder for your router.

      US Texas.ovpn
      crl.rsa.2048.pem
      ca.rsa.2048.crt

      This is where it gets a little tricky because the instructions are not clear. But I would put US Taxas.ovpn in the space for VPN Server. Makes sure you have your user name and password there in plain text.

      Then I would press OK. Again, if it does not work then there should be no damage done. If you get a certificate error you may have to add (cut and paste) your certificate to the US Taxas.ovpn file.

      If you are still having issues, you might what to find a IT savvy friend to help you.




      Post edited by Omnibus_IV on
    8. Posts: 6
      Thanks Omni for your assistance.Very much appreciated. I guess it might be best for me to flash the router stock firmware to DDWRT because the stress of configuring this stock firmware is too much.
    9. I guess it might be best for me to flash the router stock firmware to DDWRT because the stress of configuring this stock firmware is too much.
      I can't speak for others, but I can not trust any router's firmware and always flash a custom firmware like DD-WRT. If I can't flash it, I don't buy the router. The threat of hidden vulnerabilities hackers can exploit or nation-state ordered backdoors in a router sold in a specific country are too serious to me to ignore. Good for you for going DD-WRT! It can be a scary experience at first (all those warnings of bricking your device) but after I finished my first time, the first words out of my mouth were "..that's it?". :)
    10. Posts: 265
      I guess it might be best for me to flash the router stock firmware to DDWRT because the stress of configuring this stock firmware is too much.
      I can't speak for others, but I can not trust any router's firmware and always flash a custom firmware like DD-WRT. If I can't flash it, I don't buy the router. The threat of hidden vulnerabilities hackers can exploit or nation-state ordered backdoors in a router sold in a specific country are too serious to me to ignore. Good for you for going DD-WRT! It can be a scary experience at first (all those warnings of bricking your device) but after I finished my first time, the first words out of my mouth were "..that's it?". :)
      Agreed! I'm on LEDE personally (OpenWRT fork), but I apply this to everything. I don't buy a phone, computer, router or any device I can't flash right away with a custom OS on it. There's just too many vendor exploits coming to light and too little care from OEMs to have any trust in their software.

      This is mostly humor but highlights the issue quite well: https://www.troyhunt.com/what-would-it-look-like-if-we-put-warnings-on-iot-devices-like-we-do-cigarette-packets/
    Sign In or Register to comment.