So I recently picked up an Asus RT-AC87U and flashed Asus Merlin. Great router, great firmware, I’m impressed!
I’m trying to setup a whole network VPN from within the router using PIA. It is setup and working, but I’m a little confused as to the different options (PPTP vs L2TP vs OpenVPN).
Which one should I be using? Currently I setup L2TP, which seems to be working fine. I found this comparison:
http://www.giganews.com/vyprvpn/compare-vpn-protocols.html
Which suggests OpenVPN is the most stable, most secure, etc., however I couldn’t get this working no matter what I tried.
Is L2TP good enough? Anybody setup OpenVPN on Asus Merlin?
Also, is there a “kill switch” option in the router? (like in case the VPN disconnects, all traffic is halted).
Thank you!
Don’t use PPTP, it is not secure.
As long as you are talking about IPSEC/L2TP and not just L2TP then it is just fine and is usually the best performing VPN. If it works for you then there is no need to change to OpenVPN. Both IPSEC and OpenVPN are secure as long as you chose good encryption.
A quick google returned this result from PIA’s forum looks like this guy got it working. https://www.privateinternetaccess.com/forum/discussion/3574/asus-rt-n66u-firmware-376-44-merlin-build-openvpn
I use OpenVPN, because it is the easiest to setup on an Android phone. VPN on a phone is incredibly useful.
Never ever use PPTP if your calendar say it’s past 1998.
Thanks for this!
How would I tell if it’s IPSEC vs just L2TP?
I don’t see any mention of IPSEC… I also don’t see any encryption options, just basic settings.
http://imgur.com/a/btTxN
http://imgur.com/a/FcdLm
OpenVPN is a CPU intensive beast. A common wifi router has a weak CPU, so I’d be surprised to see much more than 30-40Mb/s from it. Depending on the net connection, that might be slow for some.
If you want to push OpenVPN into the hundred megabit range you need a modern x86 cpu.
Thanks!
Like I said, I couldn’t get OpenVPN working no matter what I tried, but I will keep trying 
Thanks! After some digging, I actually found instruction from PIA to set it up.
Unfortunately, it’s horribly slow and I see now just how taxing OpenVPN is on the routers CPU.
L2TP/IPSec with PSK is also pretty easy to setup and built in to Android. The server part might be a bit harder
That is PPTP/L2TP not IPSEC/L2TP, so it is not secure. I don’t see IPSEC there, so use OpenVPN.
Yup, can confirm, just got it working and can’t pull over 50 mbps down.
And this router / firmware doesn’t seem to have an IPSEC option…
Hmmmm…
Return and pay slightly more for ER-X + AP?
Good to know, I have PIA as well and was thinking about making a virtual pfsense router on the server I am currently building, and do the OpenVPN that way I just don’t know how it will act. Guess I’ll find out.
OK, thanks!
Will keep working on the OpenVPN.
The ER-X will only be better if you use IPSEC, it will be just as bad if not worse in OpenVPN. As /u/vidarlo said, you need an x86 system to get fast OpenVPN. Something like pfSense.
Seems with proper hardware / server OpenVPN is great.
Just not so great on my Asus router… And I can’t justify $$ for an expensive pfsense box / server, so looking for alternatives.
I understand that, and it seems after more reading, and these replies, that L2TP/IPSEC is what I should be using, since PPTP is not secure, and OpenVPN is too taxing unless I want to spend a lot on a pfsense box.
Any tips on setting up an EdgeRouter Lite for IPSEC with PIA? I can’t find anything concrete other than previous requests and attempts. I’d like to try IPSEC for the performance improvement over OpenVPN; I have that configured nicely already but the speed hit is frustrating.
I am building my server with older hardware:
SuperMicro XDTL-i motherboard, two Xeon x5660 CUPs, 24GB ram.
Hopefully it will be able to handle most of my beginner stuff. But I am hoping to get a smaller rack and a Dell 710 this summer.
Xeon x5660
That will run OpenVPN much faster than any consumer router. It should be good for at least 200 Mbps and probably more.
Dell 710
Be aware that the R710 uses the same class of Xeons that you have now. If you want even better OpenVPN performance you need CPUs that are faster per core. Newer generations and higher clock speeds. More cores does nothing for OpenVPN unless you are running multiple tunnels at the same time.