OpenVPN Private Internet Access client setup for NextGen

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3
Author Message

Joined: 18 Nov 2015
Posts: 1580
Location: WCentral Indiana USA

PostPosted: Wed Nov 18, 2020 14:34    Post subject: Re: Best practice - encryption and data ciphers... Reply with quote
a15995 wrote:
FYI: PIA has closed down the ( - not responding) - use ( instead (seems a bit slower though)...

Same with some US servers.
I have two routers were using 2 different servers and both lost connections (yesterday I think-name does not resolve).
Switching to IP addresses did not help.
Had to search the nexgen files for working servers Twisted Evil

Glad @egc was way ahead of this with nexgen setup guide. Thank You!

STUBBY DoT install guide----Forum Guide Lines (Please read!) --- How to get help the right way----PIA Setup Guide by egc----Before asking for help - upgrade DD-WRT!

Joined: 08 Oct 2015
Posts: 121

PostPosted: Thu Mar 04, 2021 19:08    Post subject: Reply with quote
To take IPV6 out of the mix while correcting some of PIA's seemingly confused settings for GCM over NextGen, adding the following to the DD-WRT Additional Config seems to help:

resolv-retry infinite
auth sha256
remote-cert-tls server
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
sndbuf 300000
rcvbuf 300000
verb 0
reneg-sec 3600
-----BEGIN X509 CRL-----
{copy/paste X509 cert here}
-----END X509 CRL-----

Note that "ncp-disable" is needed for OpenVPN GCM (but not CBC) to work over PIA NextGen, but that it's also a deprecated command slated for removal in OpenVPN 2.6. Thus, PIA will either have to make changes or GCM may no longer be workable over PIA NextGen in the future. I'm with @egc on some of the recent PIA issues combined with their delay in supporting WireGuard router configs. My guess is that they're intentionally dumbing down their offerings to focus on a particular market niche. YMMV

My DD-WRT Routers:
Linksys/Marvell WRT1900ACSv2 (r46885 - test only)
Linksys/Marvell WRT1900ACSv1 (r46069 - daily use)
HP-Laptop/Intel/x86-64 (r46316 - test only due to unsupported wifi)
Netgear/Broadcom R7000 (3x: r45928 - remote use)
Linksys/Broadcom WRT54G/GS (4x: r44715 - occasional use)
Netgear/Atheros R9000 (bought broken and awaiting delivery)
DD-WRT Novice

Joined: 26 Feb 2021
Posts: 7

PostPosted: Thu Apr 29, 2021 2:34    Post subject: Could not get it to work Reply with quote
I could not get it to work.

I have the latest build : DD-WRT v3.0-r46446 std (04/24/21)

Anyone else successful?


Joined: 16 Nov 2015
Posts: 4398
Location: UK, London, just across the river..

PostPosted: Thu Apr 29, 2021 6:02    Post subject: Reply with quote
yep it works for me...if its not working for you, it means you didn't follow the settings...
TP-Link WR740Nv1 -----DD-WRT 46949 BS AP,NAT
TP-Link WR740Nv4 -----DD-WRT 44251 BS WAP/Switch
TP-Link WR1043NDv2 ---DD-WRT 46885 BS AP,NAT,AP Isolation,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---DD-WRT 46949 BS AP,NAT,AD/Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 ---Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Netgear R7800 -----DD-WRT 46974 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Netgear R7000 -----DD-WRT 46974 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,VLAN's,DoT,VPN
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Goto page Previous  1, 2, 3 Display posts from previous:    Page 3 of 3
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT


Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum