So I'm having a problem with PIA on the Asus AC68u router. Only one computer can connect to the internet when I enable PIA. All other devices will disconnect from the internet.
Set up openvpn client like you see here for PIA.
For Server, use any one of the following:
United States (US VPN)
us-california.privateinternetaccess.com
us-east.privateinternetaccess.com
us-midwest.privateinternetaccess.com
us-texas.privateinternetaccess.com
us-florida.privateinternetaccess.com
us-seattle.privateinternetaccess.com
us-west.privateinternetaccess.com
us-siliconvalley.privateinternetaccess.com
United Kingdom (GB VPN)
uk-london.privateinternetaccess.com
uk-southampton.privateinternetaccess.com
Canada (CA VPN)
ca-toronto.privateinternetaccess.com
ca.privateinternetaccess.com
Australia (AU VPN)
aus.privateinternetaccess.com
aus-melbourne.privateinternetaccess.com
Netherlands (NL VPN)
nl.privateinternetaccess.com
Switzerland (CH VPN)
swiss.privateinternetaccess.com
Sweden (SE VPN)
sweden.privateinternetaccess.com
France (FR VPN)
france.privateinternetaccess.com
Germany (DE VPN)
germany.privateinternetaccess.com
Romania (RO VPN)
ro.privateinternetaccess.com
Hong Kong (HK VPN)
hk.privateinternetaccess.com
Singapore (SG VPN)
sg.privateinternetaccess.com
Japan (JP VPN)
japan.privateinternetaccess.com
Israel (IL VPN)
israel.privateinternetaccess.com
Mexico (MX VPN)
mexico.privateinternetaccess.com
The port and encryption cipher can be either of the following
1196
AES-128CB
or
1194
Blowfish CBC
Additional Config:
persist-key
persist-tun
tls-client
remote-cert-tls server
For Policy Based Routing, use the IP's you want to go through the tunnel. If none are entered, everything should go through.
CA Cert should be all of the following including the all the -----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
If you want to route only some ip's through the vpn and use policy based routing you can create a firewall script to act as a kill switch for those ip's to prevent using the wan gateway. Set it up like the following using your local ip's.
iptables -I FORWARD -s 192.168.1.5 -o $(nvram get wan_iface) -j REJECT
iptables -I FORWARD -s 192.168.1.102 -o $(nvram get wan_iface) -j REJECT
iptables -I FORWARD -s 192.168.1.105 -o $(nvram get wan_iface) -j REJECT
iptables -I FORWARD -s 192.168.1.116 -o $(nvram get wan_iface) -j REJECT
iptables -I FORWARD -s 192.168.1.117 -o $(nvram get wan_iface) -j REJECT
etc.
Hope this helps.