Great videos man, keep it up! Would you be willing to consider doing a vid for piping specific host traffic over the VPN with the EdgeRouter? I'd like to have the option to let certain hosts pass through normally.
Not sure if it is a dumb question, but I want to set up openvpn on a different vlan so I can have access to both private and not private internet. Is it possible?
Hi Willie - Any tips on tunnelling VPN traffic by MAC address only? I don't want to route my entire traffic through the VPN. Either by MAC address or VLAN. Appreciate the help!!
Hello Willy I Have a Edgerouter 8 Pro and i use eth1 and eth7 for the OPENVPN but can i use eht2 -eth6 without the OPENVPN and how i change it in the firewall ?
Thanks man, worked like a charm on EdgeRouter POE. The only difference is that you have to type "configure" to enter the configuration mode to be able to use the set commands.
Regarding vi, you can type w - to just write the changes you made or q to quit. Even combined those wq - to write and quit. You only need to use ! when you wanna "force" something. The only time i need to use that is when you open a file that need root with a normal user and you want to quit. Then you have to type q! to quit. The vi editor is very simple if you just learn a few commands like the above and i,o,p, dd,dw. Thats the only ones you need =)
Great video on tutorial on steps by steps to create everything from scratch. May i know if it is possible to just route the VPN network to just a specific range of IP as I just wanted VPN on specific devices instead of whole LAN?
Could you offer some guidance on how to configure to only route certain IP's or ranges of IP's from the main network down the VPN tunnel while the rest goes out direct?
I had before Asus RTN66u with Merlin firmware which is so much has built-in control~ that I could independently set VPN traffic by all, by IP or 5 different VPN endpoint and apply different devices and even set to cut all traffic if VPN goes down, I really miss that future in Ubiquity.
Willie Howe Yes, I did and Merlin firmware based on official Asus. There is even outlet scripts available to run ad blocking service right on router. www.snbforums.com/forums/asuswrt-merlin.42/
Excellent video! Thanks. Once I get this set up how hard would it be then to allow another IPSEC into my Edge Router POE to allow connections to me using my public static IP address from outside my house? Could they both be running at the same time? Would I be able to connect from say a laptop at a coffee shop and be able to see my home network and then if I went to the internet it would then route to PIA? If so how tough would that be set set the 2nd piece up? TIA
I followed your tutorial however I only specified one IP address to use the VPN tunnel as I don't want everyone to use it. And it works for that one IP however it seems internet traffic on the rest of the switch is now disabled?
Hi there! Thanks for the video! I got one question: This setup should work with a TAP OpenVPN too? I'm intend to start this configuration on my edgerouter but as my VPN Server uses TAP instead TUN o got doubt ...
Thank you Mr. Howe! The PIA VPN works flawlessly on my Edgerouter X! I have one question. Since configuring the VPN for all traffic, I noticed that I am now geo-blocked from watching Amazon Prime. Is there a way around this, or can one local IP/Mac address be set to not use the VPN? Thanks again!
I'm very close here, I can see the vtun0 connected to my vpn provider under the dashboard, but none of my devices get internet access unless I disable it...
Great video, thanks! I got everything up and working, but have run into an issue where there is no internet connectivity after a reboot, unless I disable and re-enable the vtun0 interface. Any thoughts on what could cause this?
I have this setup and it works pretty well. I am looking to separate one IP on my current LAN subnet and have it NAT'd out of the default Eth0 interface. I havent figured out how to do this yet and was curious if you had any suggestions. This is for my AppleTV. Hulu and some other streaming services dont support the VPN.
Thanks for posting this. I just bought and setup a Lite for just this purpose. Extremely helpful and timely. Would love to try other options with PIA if it was less of a performance hit.
You sound exactly like Eric Forman!! btw Plz help. I have only edgerouter lite and when setting set interfaces switch switch0 firewall in modify pia_route it says: interface switch switch0: does not exist What do I do??
Question. I’m currently on pfSense running 4 simultaneous outbound VPN connections bound together on the same priority level for redundancy and distributed speed which works great on a 1Gig uplink. Is ubnt gear capable of doing something similar? I’m aware I’d need a high-end model for the CPU cycles.
Great video. However... my edgerouter connects, but when enabled, doesn't give me internet access. I can ping 8.8.8.8, I can ping the VPN IP Address, I cannot ping google.com. I think it's a DNS issue, but it's only when the VPN is enabled. Thoughts.
I have multiple networks on separate vlans is it possible to allow one of those networks to go through PIA? I have a web server that needs to be public but I want the normal computers to go through PIA.
I got it to work but on my Edge Router PoE it gave my 70 Mb connection a 5 Mb connection :( Plus, I couldn't figure out why the other networks didn't go out to the internet without VPN.
I'm fairly new to the edge router. Trying to setup open vpn (used to use a dlink router with pptp but wanting to use my edgerouter now). What changes to your config would I need to do to make the vpn only apply to a specific ethernet interface ie eth4 etc. ie I only want eth4 to think its in UK etc. Any help would be great! (Great video by the way. Quite helpful.)
Quick question. I have duel wan. Load Balanced. I should configure PIA for both of those interfaces correct. So outbound -interface should be eth0 for first want and eth1 since that is my second wan port.
Here is something funny for you sir. I just figured it out and i have to run the setup on my router again. I was wondering why PIA wasnt working for me. I used OpenDNS and it turns out i had it blocked for some reason so this whole time it wasnt working was because of that lol
Dear Mr. Howe, the pia setup works great on my ER-X. Thank you. Is it possible to have two OpenVPN setups, one for pia (vtun0) and one for my homelan (vtun1) to get from outside in my lan (an OpenVPN Server is up and listening)? How must i modify your setup to get this. I'm not really good in EdgeOS config. Thank you in advance!
I was hoping you might be able to give me some guidance on this topic, or perhaps make another video. What I would like to do is set up my VPN (I happen to be using Nord) so that only certain IP's are sent over the VPN and everything else is sent regularly over WAN.
Two questions for you, 1. I saw roku in your SCP sessions list, is there something you know that I don't know? I'm just curious. 2. If you're hosting a service, we'll say a webserver, are they still able to access that are your non-VPN IP or would they need to access your VPN IP?
Somewhere along the line I made and error. I seemed to be able to complete the steps. And I see the configuration completed and connected in the edge router light, but it don’t work?? I can disable it in the router and then everything is back up and running. To go back through steps would I first remove the ovpn from the router and then start over or is there a better way. PS - for the Guy who asked about Netfix I am just planning to enable and disable it in the router depending on what I am using.
Willie able to connect to PIA non problem. But no DNS resolution unless I disable the vtun0. what might be causing this. Also I have a edgerouter er-8. it has not switch capability
In your configuration, what is your switch0 interface? I'm trying to follow your instructions and when I try that last CLI command I get: interface switch switch0: does not exist Can you post your output of "show interfaces"? I'm starting with a bone stock EdgeRouter setup, configured with the Basic Setup wizard.
You mentioned that the performance increases using a faster router since hardware offloading does not apply to OpenVPN - it utilizes the CPU. You may not have tested throughput using a Edgerouter pro, but what do you think the improvements would look like using one of the 2 Mpps machines that Ubiquiti has? I would love to spend $100 or less, but I'm not willing to suffer that kind of performance hit. Do you think that ER-8 for example would get close to 50 Mbps or ....? I have a 150 Mbps service like yourself.
So your .66.0 network was your main local network? or was that just the subnet you wanted to make go through the VPN? Can we add just specific vlans to be sent through PIA and the rest normal? Also, the last CLI command about switch0 isnt necessary unless your making your router do switch things across all the ports right? Thanks Willie your vids are top notch.
Hi, is it possible to specify only the device with the ip's that go trough the vpn and not all the traffic. I ask this because, I use my smart tv to stream Netflix, but Netflix is blocking vpn.
Can you elaborate? For some reason when I change to a single IP my entire network is still under the VPN. Also I would ultimately like to set a range of IPs to go through the VPN. Is there anyway to do that?
Great video! Now a personal request. Since I dont like to switch on and off. Can you show how can you can create like 2 vlans 1 with vpn and 1 goes through wan? :) Thanks a lot
Hi Willie, what a great video thanks a lot for the excellent content which you expertly delivered. A couple of quick questions before I attempt to recreate this... Firstly, instead of doing all the manual configuration on the router can you modify/create the .ovpn and userpass.txt files in windows notepad prior to uploading them onto the edgerouter? Also, after you apply this configuration and the VPN tunnel is active how do you remotely access resources on the LAN network (e.g. security cams/NVR or a file server when your outside the network from the Internet? Thanks in advance.
I tried using a VPN a year back when I had the Archer C9 router. I've since switched to an Edgerouter SFP and wanted to try a VPN again so this is EXACTLY what I was looking for. However, the speed drop was HORRENDOUS the last I tried this. Out of a 225 down connection, I was getting 16 at best. It looks like your results are just as bad, unless you're on a 35 down connection or something like that. If I sign up with PIA, are 90% speed losses what I can expect through my SFP?
Awesome video, I just got a Edge Router X and was looking for a way to connect to my vpn service as I do currently with openWRT. I use a different VPN provider, but there is enough info here to translate it over. thanks!
Willie here is my example. Person has 100mb connection. Some activities they would like to go via the VPN and the rest on the normal connection. So Vlan 2 is VPN traffic and all other traffic is non Vlan. Equipment on hand are unifi usg pro unifi switches and unifi APs
Is there a command to make the openvpn script run automatically when it boots? Followed the video, everything works, but when I unplug and plug the router, the VPN connection does not start automatically. I have to log into the web GUI and disable, then enable the VPN we setup. It would be great
Its Enabled, I am running on the same router, Firmware 1.10.1, Finish the setup, openvpn tunnel working, if I then unplug it, and plug it back in. When it boots back up, it doesn't have internet access. If I log into the web GUI, the Open VPN interface says the IP of my opnvpn connection, but no traffic. (0 bps). The only work around I have found is to then click disable, wait for that to provision and the click enable. And it back and working. Maybe its a bug with the firmware?
Thanks for this. I just started trying to figure this out and I'm a networking n00b so this was very helpful! I'm a bit bummed that the ERX isn't exactly up to the task in regards to speed, but not surprised really. Perhaps a pfSense machine is the way to go after all.
It routes all traffic behind your edge router (or traffic that you select) through the vpn. This means you dont have to run the vpn client on every device each time you log on to your computer. Makes things easier :)
Thumbs up, sub'd.. Thank you very much for this. Your video clearly laid out what needed to be done better than any blog i could find. I have a different vpn service but am able to get the same ovpn config files so I will give it a whirl later this weekend.
Anyone has a good fast setup for edge router..I've gone through 5 different regions and cant get more then 5mb..I have fiber to my home and without the vpn I'm st 900mb down and 980 down
Thanks for the great tutorial! One question though... can I make only one subnet route through the VPN? I have a general access network on 10.1.1.0/24 which I don't want routed via PIA, and a special network on 10.1.2.0/24 that I do want to be routed through PIA. Any ideas? I tried adjusting the config myself to this: set interfaces openvpn vtun0 config-file /config/auth/midwest.ovpn set interfaces openvpn vtun0 description 'Private Internet Access' set interfaces openvpn vtun0 enable set service nat rule 5000 description PIA set service nat rule 5000 log disable set service nat rule 5000 outbound-interface vtun0 set service nat rule 5000 source address 10.1.2.0/24 set service nat rule 5000 type masquerade set service nat rule 5001 description default set service nat rule 5001 log disable set service nat rule 5001 outbound-interface eth0 set service nat rule 5001 source address 10.1.2.0/24 set service nat rule 5001 type masquerade set protocols static table 1 interface-route 10.1.2.0/24 next-hop-interface vtun0 set firewall modify pia_route rule 10 description 'PIA' set firewall modify pia_route rule 10 source address 10.2.1.0/24 set firewall modify pia_route rule 10 modify table 1 set interfaces switch switch0 firewall in modify pia_route aaand... I lost internet on both subnets :/ thanks :)
I get this warning on the EdgeRouter X... I'm not sure what I'm doing wrong here. [ service nat rule 5000 outbound-interface vtun0 ] NAT configuration warning: interface vtun0 does not exist on this system [ interfaces openvpn vtun0 ] OpenVPN configuration error: Failed to start OpenVPN tunnel.
I got this error too when running the commands via SSH, but when I checked the Config Tree via the Router GUI, the vtun0 had indeed been created and the NAT 5000 rule had been created too.
Not sure if you'll see this but I am on the final step but it is failing to commit! Double checked everything and there don't appear to be any typos or obvious problems. Please help?! Edit: If it helps, the error is "OpenVPN configuration error: Failed to start Open VPN tunnel". Checked my login credentials and all of the other obvious stuff. Edit 2: Also, as another question since I've got you, is there an easy way to disable this if I need to be able to take advantage of higher DL speeds? Thanks!
I appreciate the response! Triple checked to make sure there were no typos and the .txt was named the same way as it it in the .ovpn. Checked for typos in general too and found nothing amiss.
This is the log error: ubnt openvpn[8738]: Options error: Unrecognized option or missing parameter(s) in /config/auth/useast.ovpn:13: auth-user-pass/config/auth/userpass.txt (2.3.2)
Getting an error when running the commands 1st error on 3rd line insert - set interfaces openvpn vtun0 enable return - the specified configuration node is not valid Any advice?
I had the same - if you look into it the "enable" command doesn't exist for that context. It might be an EdgeOS version thing. Should just able to exclude that line :)
Great videos man, keep it up! Would you be willing to consider doing a vid for piping specific host traffic over the VPN with the EdgeRouter? I'd like to have the option to let certain hosts pass through normally.
Not sure if it is a dumb question, but I want to set up openvpn on a different vlan so I can have access to both private and not private internet. Is it possible?
I could not add the interface vtun0 on my Edgerouter ER4. Do I have to add a different type interface? I have everything else done. Thanks!
Hi Willie - Any tips on tunnelling VPN traffic by MAC address only?
I don't want to route my entire traffic through the VPN. Either by MAC address or VLAN.
Appreciate the help!!
Nice video... Great instructions
But. I just want to add 1 internal ip-adres to use the vpn. Does somebody have a idea? Or instruction
Hello Willy
I Have a Edgerouter 8 Pro and i use eth1 and eth7 for the OPENVPN but can i use eht2 -eth6 without the OPENVPN and how i change it in the firewall ?
Can you share your config file of the ERL? That would make things way easier
Thanks man, worked like a charm on EdgeRouter POE. The only difference is that you have to type "configure" to enter the configuration mode to be able to use the set commands.
Regarding vi, you can type w - to just write the changes you made or q to quit. Even combined those wq - to write and quit. You only need to use ! when you wanna "force" something. The only time i need to use that is when you open a file that need root with a normal user and you want to quit. Then you have to type q! to quit. The vi editor is very simple if you just learn a few commands like the above and i,o,p, dd,dw. Thats the only ones you need =)
Great video on tutorial on steps by steps to create everything from scratch. May i know if it is possible to just route the VPN network to just a specific range of IP as I just wanted VPN on specific devices instead of whole LAN?
That second NAT rule incase the VPN goes down, would that leak you actual IP address if traffic continued after the VPN dropped?
Could you offer some guidance on how to configure to only route certain IP's or ranges of IP's from the main network down the VPN tunnel while the rest goes out direct?
Great video! How about Ubiquity USG to Private Internet Access?
I wanna see that as well, just got my USG today & I only have PIA running on one PC.
buy a real router, USG is crap.
YES!!!!!!!!!! Willie YES!!! now to do a vid on USG :D
Yeah that would be nice!
I had before Asus RTN66u with Merlin firmware which is so much has built-in control~ that I could independently set VPN traffic by all, by IP or 5 different VPN endpoint and apply different devices and even set to cut all traffic if VPN goes down, I really miss that future in Ubiquity.
Willie Howe Yes, I did and Merlin firmware based on official Asus. There is even outlet scripts available to run ad blocking service right on router. www.snbforums.com/forums/asuswrt-merlin.42/
I did, wish Ubiquiti had VPN that easy setup. I did have PiA, openvpn and PPTP, all on one router for different devices either by device or ip.
Willie Howe, but with Ubiquiti ac pro I find better speeds vs Asus from the same location with one AP.
Yes!! Thanks for this. You're on fire with this vids lately, great balance of content.
Excellent video! Thanks. Once I get this set up how hard would it be then to allow another IPSEC into my Edge Router POE to allow connections to me using my public static IP address from outside my house? Could they both be running at the same time? Would I be able to connect from say a laptop at a coffee shop and be able to see my home network and then if I went to the internet it would then route to PIA? If so how tough would that be set set the 2nd piece up? TIA
I followed your tutorial however I only specified one IP address to use the VPN tunnel as I don't want everyone to use it. And it works for that one IP however it seems internet traffic on the rest of the switch is now disabled?
Hi there! Thanks for the video!
I got one question: This setup should work with a TAP OpenVPN too? I'm intend to start this configuration on my edgerouter but as my VPN Server uses TAP instead TUN o got doubt ...
Thank you Mr. Howe! The PIA VPN works flawlessly on my Edgerouter X!
I have one question. Since configuring the VPN for all traffic, I noticed that I am now geo-blocked from watching Amazon Prime. Is there a way around this, or can one local IP/Mac address be set to not use the VPN? Thanks again!
On Edge Router Lite, I am only TX nor RX. It shows connected, but I am only seeing data moving on the TX side. Any ideas??
could we also get a configuration for L2TP-IPSEC (that is also supported by PIA)? OPENVPN has limited bandwidth on ERL as there is no hardware offload
I'm very close here, I can see the vtun0 connected to my vpn provider under the dashboard, but none of my devices get internet access unless I disable it...
hi can i ask if this is still the same to configure on edge router 4p i saw some difference on the crl file contents please confirm thanks.
followed the instructions, now my wifi mesh router is offline and cannot connect to the internet. If I need to, how do I reverse everything?
the line vtun0 enable is outdated. The interface is active by default.
Great video, thanks! I got everything up and working, but have run into an issue where there is no internet connectivity after a reboot, unless I disable and re-enable the vtun0 interface. Any thoughts on what could cause this?
Thanks :) - should i use ExpressVPN rather than PIA, would there be any major changes?
Using an Edgerouter poe and want to set this up. What will be my approximate speed loss in %?
Thanks
Would LOVE the USG version of this video!!
That would be great!!!
Any hope of a USG version of this one?
Nice! TWO NEW VIDEOS!
Setup and all I get is TBD on dashboard never gets IP from PIA. Not sure what's going on got no errors on commit. Any help would be great.
Have you had problems with netflix and hulu and PIA?
I have this setup and it works pretty well. I am looking to separate one IP on my current LAN subnet and have it NAT'd out of the default Eth0 interface. I havent figured out how to do this yet and was curious if you had any suggestions. This is for my AppleTV. Hulu and some other streaming services dont support the VPN.
Thanks for posting this. I just bought and setup a Lite for just this purpose. Extremely helpful and timely. Would love to try other options with PIA if it was less of a performance hit.
You sound exactly like Eric Forman!! btw Plz help. I have only edgerouter lite and when setting
set interfaces switch switch0 firewall in modify pia_route
it says: interface switch switch0: does not exist
What do I do??
Ignore the line, your edgerouter might not have switching (e.g. ER4)
Thinking of getting this router for gaming does the open VPN and qos smart que work together still?
LOVE PIA... been a member for quite a while, fantastic VPN service, highly recommended.
Question. I’m currently on pfSense running 4 simultaneous outbound VPN connections bound together on the same priority level for redundancy and distributed speed which works great on a 1Gig uplink. Is ubnt gear capable of doing something similar? I’m aware I’d need a high-end model for the CPU cycles.
Great vid and thanks for posting. One quick question, how do you back the configuration out without a factory reset?
Thanks Will.
Great video. However... my edgerouter connects, but when enabled, doesn't give me internet access. I can ping 8.8.8.8, I can ping the VPN IP Address, I cannot ping google.com. I think it's a DNS issue, but it's only when the VPN is enabled. Thoughts.
What about putting a EdgeRouter X to Private Internet Access in front of a Unifi USG that already has Remote User VPN setup
how to config vpn with openvpn on UDM Pro?
I get an openvpn configuration error must specify mode message when I commit
I have multiple networks on separate vlans is it possible to allow one of those networks to go through PIA? I have a web server that needs to be public but I want the normal computers to go through PIA.
I got it to work but on my Edge Router PoE it gave my 70 Mb connection a 5 Mb connection :( Plus, I couldn't figure out why the other networks didn't go out to the internet without VPN.
I'm fairly new to the edge router. Trying to setup open vpn (used to use a dlink router with pptp but wanting to use my edgerouter now). What changes to your config would I need to do to make the vpn only apply to a specific ethernet interface ie eth4 etc. ie I only want eth4 to think its in UK etc. Any help would be great! (Great video by the way. Quite helpful.)
Quick question. I have duel wan. Load Balanced. I should configure PIA for both of those interfaces correct. So outbound -interface should be eth0 for first want and eth1 since that is my second wan port.
Here is something funny for you sir. I just figured it out and i have to run the setup on my router again. I was wondering why PIA wasnt working for me. I used OpenDNS and it turns out i had it blocked for some reason so this whole time it wasnt working was because of that lol
Dear Mr. Howe,
the pia setup works great on my ER-X. Thank you. Is it possible to have two OpenVPN setups, one for pia (vtun0) and one for my homelan (vtun1) to get from outside in my lan (an OpenVPN Server is up and listening)? How must i modify your setup to get this. I'm not really good in EdgeOS config. Thank you in advance!
Willie would like to see this for unifi!!!!!!!
Does this work if i'm using a dual balanced configuration?
Another vote for a vid on the USG setup with the VPN PrivateInternetAcess.
if its the non-pro you'll take a big hit on your internet speed
I was hoping you might be able to give me some guidance on this topic, or perhaps make another video. What I would like to do is set up my VPN (I happen to be using Nord) so that only certain IP's are sent over the VPN and everything else is sent regularly over WAN.
Two questions for you,
1. I saw roku in your SCP sessions list, is there something you know that I don't know? I'm just curious.
2. If you're hosting a service, we'll say a webserver, are they still able to access that are your non-VPN IP or would they need to access your VPN IP?
Hi willie I have used your referal... Could you do privateinternet access with mikrotik also?
Helpful video! One suggestion, zoom in on your terminal session so it's easier to see.
Another great video. How about policy routing based on source address and destination address. I saw a few comments with similar needs.
Somewhere along the line I made and error. I seemed to be able to complete the steps. And I see the configuration completed and connected in the edge router light, but it don’t work??
I can disable it in the router and then everything is back up and running.
To go back through steps would I first remove the ovpn from the router and then start over or is there a better way.
PS - for the Guy who asked about Netfix I am just planning to enable and disable it in the router depending on what I am using.
I got side tracked my self but would like to get this going
Willie able to connect to PIA non problem. But no DNS resolution unless I disable the vtun0. what might be causing this. Also I have a edgerouter er-8. it has not switch capability
set dns resolution in the ovpn conf
Can edgerouter X use as vpn client to connect with ExpressVPN p2lt?
In your configuration, what is your switch0 interface? I'm trying to follow your instructions and when I try that last CLI command I get:
interface switch switch0: does not exist
Can you post your output of "show interfaces"?
I'm starting with a bone stock EdgeRouter setup, configured with the Basic Setup wizard.
Ok, I'm using an EdgeRouter Lite. What can I replace that last CLI line with so that this works on my hardware?
Not sure thats correct i own a Edge POE 5 port (non X) and i have switch0, mine did work with your vid but the performance hit was to big
Is this a reupload? i could have swore in october or november 2016 I watched a eerily similar vid.
You mentioned that the performance increases using a faster router since hardware offloading does not apply to OpenVPN - it utilizes the CPU. You may not have tested throughput using a Edgerouter pro, but what do you think the improvements would look like using one of the 2 Mpps machines that Ubiquiti has?
I would love to spend $100 or less, but I'm not willing to suffer that kind of performance hit. Do you think that ER-8 for example would get close to 50 Mbps or ....?
I have a 150 Mbps service like yourself.
Willie great video, do happen to have a video to route traffic like netflix, amazon video or hulu outside of the pia vpn?
So your .66.0 network was your main local network? or was that just the subnet you wanted to make go through the VPN? Can we add just specific vlans to be sent through PIA and the rest normal? Also, the last CLI command about switch0 isnt necessary unless your making your router do switch things across all the ports right? Thanks Willie your vids are top notch.
Right, other edgerouters might not have builtin switch (like ER4)
Hi, is it possible to specify only the device with the ip's that go trough the vpn and not all the traffic. I ask this because, I use my smart tv to stream Netflix, but Netflix is blocking vpn.
Can you elaborate? For some reason when I change to a single IP my entire network is still under the VPN. Also I would ultimately like to set a range of IPs to go through the VPN. Is there anyway to do that?
Do I use the same command for each and every system i want to use? or is there a command that i can use to exclude devices?
This didn't work for me using Windscribe. I just get "TBD" instead of the IP address of the vtun0 interface.
Hey Willie! Can you do a video about setting up the EdgeRouter with static IPv6?
Great video! Now a personal request. Since I dont like to switch on and off. Can you show how can you can create like 2 vlans 1 with vpn and 1 goes through wan? :) Thanks a lot
dont need winscp if you grab pscp when you get putty
Hi Willie, what a great video thanks a lot for the excellent content which you expertly delivered. A couple of quick questions before I attempt to recreate this... Firstly, instead of doing all the manual configuration on the router can you modify/create the .ovpn and userpass.txt files in windows notepad prior to uploading them onto the edgerouter? Also, after you apply this configuration and the VPN tunnel is active how do you remotely access resources on the LAN network (e.g. security cams/NVR or a file server when your outside the network from the Internet? Thanks in advance.
This will only be outgoing not incoming
I tried using a VPN a year back when I had the Archer C9 router. I've since switched to an Edgerouter SFP and wanted to try a VPN again so this is EXACTLY what I was looking for.
However, the speed drop was HORRENDOUS the last I tried this. Out of a 225 down connection, I was getting 16 at best. It looks like your results are just as bad, unless you're on a 35 down connection or something like that.
If I sign up with PIA, are 90% speed losses what I can expect through my SFP?
without this method i get 120 down, with this method on a edgemax POE 5 port i get only 10 down
Awesome video, I just got a Edge Router X and was looking for a way to connect to my vpn service as I do currently with openWRT. I use a different VPN provider, but there is enough info here to translate it over. thanks!
Also, wondering if there is a way to allow certain clients through without vpn? (i.e. netflix box, etc.)
How do put only 1 device on the openVPN?
I wonder why not simply create and edit your files on the windows machine and then just upload them.
Willie is it possible to do this and not have all traffic go thru the VPN?
Willie Howe I imagine a lot of people would love to be able to set this up to only send torrent traffic through the VPN :)
Willie here is my example. Person has 100mb connection. Some activities they would like to go via the VPN and the rest on the normal connection. So Vlan 2 is VPN traffic and all other traffic is non Vlan. Equipment on hand are unifi usg pro unifi switches and unifi APs
Perfect Video, worked from the first time. Just having some issues with port forwarding for my security cameras.
Man, you can read my mind lol. I was just thinking about doing this. I have an edgerouter x should I upgrade my router for this?
I know you used the x for this video. Just was curious if you think it would be ok for a home environment.
Instructive! Couple of requests:
1) What was the speedtest figures before the vpn was established?
2) How can this VPN be turned on and off on demand?
Thank you, further question (if allowed...)....... If using different PIA servers what would be the best way to be able to switch between them?
Is there a command to make the openvpn script run automatically when it boots? Followed the video, everything works, but when I unplug and plug the router, the VPN connection does not start automatically. I have to log into the web GUI and disable, then enable the VPN we setup. It would be great
Its Enabled, I am running on the same router, Firmware 1.10.1, Finish the setup, openvpn tunnel working, if I then unplug it, and plug it back in. When it boots back up, it doesn't have internet access. If I log into the web GUI, the Open VPN interface says the IP of my opnvpn connection, but no traffic. (0 bps). The only work around I have found is to then click disable, wait for that to provision and the click enable. And it back and working. Maybe its a bug with the firmware?
@@salvadorrosas Did you figure out what the issue was? I am having the same problem.
he uses ABP over ublock origin?
Thanks for this. I just started trying to figure this out and I'm a networking n00b so this was very helpful! I'm a bit bummed that the ERX isn't exactly up to the task in regards to speed, but not surprised really. Perhaps a pfSense machine is the way to go after all.
Nice! Thank you for this video. Am thinking about purchasing an Edge and this video made my day.
Thanks Willie, how about a guide for that local DNS server :)
Another vote for local DNS guide, unless it's already out there?
My connection speed before and after on a edgemax POE without vpn 120 down------ with vpn 10 down :-(
What is the benefit of doing this over just downloading the PIA program and letting that do it for you?
It routes all traffic behind your edge router (or traffic that you select) through the vpn. This means you dont have to run the vpn client on every device each time you log on to your computer. Makes things easier :)
Videos with a lot of command line would be more helpful if you could zoom the specific terminal window.
EdgeRouter Lite v1.10.9 - interface switch switch0: does not exist
& NAT configuration warning: interface vtun0 does not exist on this system
But the Lite has a weaker CPU so the X is actually a bit faster than the Lite in OpenVPN. Of course it does have more RAM.
Thumbs up, sub'd.. Thank you very much for this. Your video clearly laid out what needed to be done better than any blog i could find. I have a different vpn service but am able to get the same ovpn config files so I will give it a whirl later this weekend.
Anyone has a good fast setup for edge router..I've gone through 5 different regions and cant get more then 5mb..I have fiber to my home and without the vpn I'm st 900mb down and 980 down
how do i do this with IPVanish?
I previously worked at Speakeasy/MegaPath. So strange to see them come up in one of your videos!
Thanks for the great tutorial!
One question though... can I make only one subnet route through the VPN?
I have a general access network on 10.1.1.0/24 which I don't want routed via PIA, and a special network on 10.1.2.0/24 that I do want to be routed through PIA.
Any ideas?
I tried adjusting the config myself to this:
set interfaces openvpn vtun0 config-file /config/auth/midwest.ovpn
set interfaces openvpn vtun0 description 'Private Internet Access'
set interfaces openvpn vtun0 enable
set service nat rule 5000 description PIA
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface vtun0
set service nat rule 5000 source address 10.1.2.0/24
set service nat rule 5000 type masquerade
set service nat rule 5001 description default
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface eth0
set service nat rule 5001 source address 10.1.2.0/24
set service nat rule 5001 type masquerade
set protocols static table 1 interface-route 10.1.2.0/24 next-hop-interface vtun0
set firewall modify pia_route rule 10 description 'PIA'
set firewall modify pia_route rule 10 source address 10.2.1.0/24
set firewall modify pia_route rule 10 modify table 1
set interfaces switch switch0 firewall in modify pia_route
aaand... I lost internet on both subnets :/
thanks :)
I get this warning on the EdgeRouter X... I'm not sure what I'm doing wrong here.
[ service nat rule 5000 outbound-interface vtun0 ]
NAT configuration warning: interface vtun0 does not exist on this system
[ interfaces openvpn vtun0 ]
OpenVPN configuration error: Failed to start OpenVPN tunnel.
mrlilja85 I a, getting the same error, how did you fix this?
I got this error too when running the commands via SSH, but when I checked the Config Tree via the Router GUI, the vtun0 had indeed been created and the NAT 5000 rule had been created too.
cant even SFTP to the router..................
Not sure if you'll see this but I am on the final step but it is failing to commit! Double checked everything and there don't appear to be any typos or obvious problems. Please help?!
Edit: If it helps, the error is "OpenVPN configuration error: Failed to start Open VPN tunnel". Checked my login credentials and all of the other obvious stuff.
Edit 2: Also, as another question since I've got you, is there an easy way to disable this if I need to be able to take advantage of higher DL speeds? Thanks!
I appreciate the response! Triple checked to make sure there were no typos and the .txt was named the same way as it it in the .ovpn. Checked for typos in general too and found nothing amiss.
Sure did : / No idea what else it could be.
This is the log error:
ubnt openvpn[8738]: Options error: Unrecognized option or missing parameter(s) in /config/auth/useast.ovpn:13: auth-user-pass/config/auth/userpass.txt (2.3.2)
Does seem I have no internet connection with this enabled though. I'll quit bugging you though : p Time to do some research of my own. Thanks again!
Willie, have you done a video just setting up OpenVPN server on the EdgeRouter?
Great video. This helped a lot. Thanks.
great vid!! thnx for this
just wanna share that you can write & quit in vi at the same time with :wq!
in case you didnt already know :)
The videos are amazing keep it up
Getting an error when running the commands
1st error on 3rd line
insert - set interfaces openvpn vtun0 enable
return - the specified configuration node is not valid
Any advice?
I had the same - if you look into it the "enable" command doesn't exist for that context.
It might be an EdgeOS version thing.
Should just able to exclude that line :)