ExpressVPN on GL-AR300M


#1

Not having any luck installing the ovpn file on this router, works great as a wifi repeater to multiple devices.

I’ve tried a few different locations from the ExpressVPN site, select the file, type in the username/password credentials. After a brief delay, I see only “OpenVPN is…not started”. Tried various combinations of checking Enable VPN, Force VPN, rebootting, etc.

I have firmware version 2.25 installed.

Any ideas, or suggestions for a better VPN service (will be using in Asia, but testing in the US).

TIA!


#2

Post your .ovpn file here for further help.

Glitch


#3

Sure, I’ve pasted what is provided by ExpressVPN bellow, minus the certificate/key codes. I tried inserting a few lines of text from a previous post about ExpressVPN to no avail.

 


dev tun

fast-io

persist-key

persist-tun

nobind

remote usa-losangeles-ca-version-2.expressnetw.com 1195

 

remote-random

pull

comp-lzo

tls-client

verify-x509-name Server name-prefix

ns-cert-type server

key-direction 1

route-method exe

route-delay 2

tun-mtu 1500

fragment 1300

mssfix 1450

verb 3

cipher AES-256-CBC

keysize 256

auth SHA512

sndbuf 524288

rcvbuf 524288

auth-user-pass

[what follows after this is just Certificate/Keys gibberish]

 


#4

Please remove the following two lines and try again.

fast-io

router-method exe

You can also get a syslog and there should be some info why the openvpn is not started. Use “logread” to get the syslog or use Luci.


#5

Hi Alzho

I tried using:

dev tun

persist-key

persist-tun

nobind

remote uk-berkshire-ca-version-2.expressnetw.com 1195

 

remote-random

pull

comp-lzo

tls-client

verify-x509-name Server name-prefix

ns-cert-type server

key-direction 1

route-delay 2

tun-mtu 1500

fragment 1300

mssfix 1450

verb 3

cipher AES-256-CBC

keysize 256

auth SHA512

sndbuf 524288

rcvbuf 524288

auth-user-pass

 

<cert>

<span style=“color: #222222; font-family: source_sans_proregular, ‘Helvetica Neue’, Arial, Helvetica, Geneva, sans-serif; font-size: 14.6667px; background-color: #f9f9f9;”>[what follows after this is just Certificate/Keys gibberish]</span>

But this did not work, i tried a couple of different files removing the same lines from each but i get the same as <span style=“color: #222222; font-family: source_sans_proregular, ‘Helvetica Neue’, Arial, Helvetica, Geneva, sans-serif; font-weight: bold;”>RG9999</span>


#6

Did you get this working? I am concerned, because I recently ordered this Router (not delivered yet) and I use ExpressVPN.


#7

Still concerned about this issue. Can someone please verify that ExpressVPN will, in fact, work with OpenVPN on the GL-AR300M?

Update: A good percentage of my clientele in the field who want to buy this router travel to China on a regular basis. For China, my company uses ExpressVPN. They are a pretty big VPN player, and on the list of supported VPNs. Hopefully, someone can verify if/how they got it to work.


#8

@biffer41, can you remove “verify-x509-name” and test again?

Please give the log as well.

I did test ExpressVPN and it works.

@lstevens, sorry openvpn doesn’t work in China.


#9

@alzhao You say <span style=“background-color: #f9f9f9; color: #222222; font-family: source_sans_proregular, ‘Helvetica Neue’, Arial, Helvetica, Geneva, sans-serif; font-size: 14.6667px;”>openvpn doesn’t work in China? So what protocol do you use?</span>

 


#10

@lstevens, In china you may use shadowsockets but this is not yet support.


#11

Hi: For the benefit of those who are in/or travelling in China, some clarification on VPN usage in general, that may also help you with your use of your GLI Router there. By way of introduction, my business is computer security, and I have employees who travel to China regularly.

@alzhao, you are correct that OpenVPN is generally blocked in China. Standard OpenVPN will get blocked by algorithmic filters in Great Firewall. However, some VPN Providers (ExpressVPN being one of them), use different kinds of packet obfuscation to avoid detection. I have several employees in different parts of China right now using ExpressVPN with OpenVPN successfully. They are not currently using a GLI Router, but I hope to be recommending them to purchase one in the future after I have completed my testing. If I can assist others with any information regarding VPN use in China (in general), and which providers are currently working there, I am glad to help. -Leon


#12

@lstevens,

These vpn service providers uses modify openvpn protocol. The protocol need to be supported in both client and server. They don’t release source code so there is no way to get this supported in router without their help.

AnyConnect and Shadow sockets also uses packet obfuscation so they should be able to work in China.

But these vpn protocols works without good performance. The GFW wall just tries to drop packets and throttling your traffic. It works, but slow.

A better solution is this: www.knowroaming.com, buy a SIM card from then and use it in your smartphone or using our MiFi, your life in China will be different. The traffic doesn’t goes through GFW at all. Verified!


#13

alzhao - there is an update here…some (few) providers, have figured out how to operate in China without modifying the client. ExpressVPN IS one of them. I have verified (today) with my field people in China and they are running ExpressVPN on PC, MAC, Android, and IOS…ALL with unmodified OpenVPN (they are using the native/standard OpenVPN on their platform, NOT OpenVPN from ExpressVPN). It is working in China very well/fast. So, unless GL Router has some anomaly, if ExpressVPN runs/connects, it should run in China. It would be good if someone in China with this router and an ExpressVPN account could test. For anyone willing to test, ExpressVPN gives a 30 day evaluation period, with no questions asked refund policy.

 

 

 

 


#14

I have tested for some times. Let’s say that there are some times you can connect, but very rare. The GFW doesn’t block the protocol completely. There is a chance you can use for a short time but unreliable.

I have my own openvpn server and the chance of successfully connecting is 50%.

It also depends on what hotels. In some 5 start hotels their network is not filtered by GFW at all so you can connect VPN. Maybe you even don’t need a VPN client to visit google.


#15

Alzhao - Are you saying that you have specifically tested ExpressVPN with OpenVPN protocol and found it inconsistent? If so, did you only test it on the GLI Router? The reason I am asking is that my Field People in China are using ExpressVPN with Standard OpenVPN Protocol (NOT the ExpressVPN App), and they are getting consistent and fast connections. They usually connect to ExpressVPNs Hong Kong 4 Server.While they don’t (yet) have the GLI Routers (I am still testing, but I am in the US), they run standard OpenVPN on the ExpressVPN Service in China with no problem. I don’t understand the reason you are seeing different results. Maybe someone else in China who sees this can test, or you can try it again.

I want to deploy GLI Routers to my field people, but want to make sure there is not something specific in the GLI router that would preclude OpenVPN/ExpressVPN useage.

 


#16

I didn’t use ExpressVPN. I have vpn from other providers.

I will have a try when I go to China.


#17

OK. They have “special sauce” in China, and it works on OpenVPN (standard). If you don’t have an account before you go next time, get one. They REALLY honor their 30 day no questions asked guarantee. All you need to do is live chat them from their website during the first 30 days, and they will refund you right away.

 


#18

@lstevens I am in China currently and can confirm that ExpressVPN with the GL-AR300M works in general. Anything specific you’d like to see tested?


#19

khaberz: Thank you VERY much! This helps me and will help countless others who are in or travelling to China! :slight_smile:

A few operational questions, just to clarify:

  1. My field people who use ExpressVPN in China (without the GL-AR300M) find that OpenVPNs connections are consistent and have reasonable/useable speeds. Are you finding the same while using it with GL-AR300M?
  1. Which method of loading the VPN into the GLAR300M do you use? Are you simply loading the .ovpn file that is normally supplied by them for Android?

  2. What about DNS? Do you need to put it in manually, or does your config file set it for you?

  3. Any other changes/adjustments you need to/like to make to the configuration to make things work?

  4. Any other pointers and overall operational observations that might help are appreciated.

Thanks for all your help. You are helping many! :slight_smile:

Regards, Leon

 

 

 


#20

@lstevens:

  1. My field people who use ExpressVPN in China (without the GL-AR300M) find that OpenVPNs connections are consistent and have reasonable/useable speeds. Are you finding the same while using it with GL-AR300M?

>>> Yes, with 2 caveats:

a) there is no .ovpn file (I tried through their support too) for the best location (HK4 as you mentioned), so if you - like me - can not set this up another way or put together your own ,oven, you are stuck with e.g. HK2 or the Taiwan ones. Works, but not as fast or reliable as HK4 when using their client.

b) The general speed limitations of OVPN on the GL-AR300M do apply of course

  1. Which method of loading the VPN into the GLAR300M do you use? Are you simply loading the .ovpn file that is normally supplied by them for Android?

>>> Just the supplied .ovpn

  1. What about DNS? Do you need to put it in manually, or does your config file set it for you?

>>> The config file sets it. (I assume. It “just works”)

  1. Any other changes/adjustments you need to/like to make to the configuration to make things work?

>>> Nope.

  1. Any other pointers and overall operational observations that might help are appreciated.

>>> Nothing really beyond my answer on 1).

Even with ExpressVPN, it’s never as stable on Mainland China as it is elsewhere, as your colleagues will know. It has been working fine for the past week. On a previous trip, it worked well for a few days and suddenly became very erratic and I had to use US access points for it to work again.