Setting up a Router running Merlin Firmware

1. Login to the Asus Router control panel via a web interface.

2. On the left side menu, select the option 'VPN'

3. This will take you to the 'VPN Status' page. Select 'OpenVPN Clients' from the tabs at the top.

4. In this tab, you will be able to configure your OpenVPN clients in order to connect to the internet via your PrivateInternetAccess service.

5. Configure your client as follows:

  • Start with WAN: Yes.
    This will start your VPN when you connect to your ISP. If this is set to no, you will need to manually start your VPN service at the router level when your router restarts.
  • Interface Type: TUN
  • Protocol: UDP
  • Firewall: Automatic
  • Authorization Mode: TLS
  • Server Address: Select your address from our server list found here.
    In this example we used 'us-east.privateinternetaccess.com' (New York, USA)
  • Port: 1198
  • Username/Password Authentication: Yes
  • Username: Enter your PIA username (for example P1234567)
  • Password: Enter your PIA password (for example 12345678)
  • Username / Password Auth. Only: No
  • Extra HMAC Authorization: Disabled
  • Auth Digest: Default
  • Create NAT on Tunnel: Yes

6. Click the option next to 'Authorization Mode: TLS' that says 'Content modification of Keys & Certificates.'

7. Download the Certificate Authority from www.privateinternetaccess.com/openvpn/ca.rsa.2048.crt

8. Open the file with a text editor and then copy and paste the contents of ca.rsa.2048.crt into the Certificate Authority.

9. Scroll down to the bottom and click 'Save'

10. Under Advanced Options, configure your client as follow:

  • Global Log Verbosity: 1
  • Poll Interval: 0
  • Accept DNS Configuration: Strict
  • Encryption Cipher: AES-128-CBC
  • Compression: Adaptive
  • TLS Renegotiation Time: -1
  • Connection Retry: 30
  • Verify Server Certificate: No
  • Redirect Internet Traffic: No

11. Under Custom Configuration, enter the following:

persist-key
persist-tun
auth-nocache

12. Click 'Save'.

13. You will now be able to set the 'Service State: On' (located at the top of the options). Service State on will only stay green and On when your service is correctly configured.

14. To see the status of your VPN service, you may check the 'VPN Status' tab located at the top which will actively poll your connection to give you the latest statistics on your connection.

If the VPN Status page constantly says 'Connecting (server address & port)' it indicates potential issues with the connection settings or Certificate Authority. Please refer to steps 5 and 6 and verify that all settings are correct.

 

Alternatively, you can choose to use the ovpn file available below (please copy and paste into a text document and rename the file as Merlin.opvn).

===========================================================

client
dev tun
proto udp
remote uk-london.privateinternetaccess.com 1198
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
auth-nocache
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
remote-cert-tls server
#mute 10000
auth-user-pass
auth-nocache
comp-lzo
verb 4
pull
fast-io
cipher AES-128-CBC
<ca>
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1
MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
bmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXD
L1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzX
lH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWp
cdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/
8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB
/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RC
OfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tL
y8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZO
sqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpM
b3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4G
A1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUg
SW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2Vz
czEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAn
a5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xU
ryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK3
7pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyC
GohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz
1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUt
YDQ8z9v+DMO6iwyIDRiU
-----END CERTIFICATE-----
</ca>
key-direction 0

Have more questions? Submit a request