How to configure Expressvpn on the Keenetic Giga router. Installing the necessary components…

We will tell you as clear and affordable as possible how to set up on Keenetic routers, bypassing locks, that is, go to blocked sites. Go to Android 1!

On the Internet, several articles are written on how to bypass the locks on Keenetic routers, but the information is either not complete or written for system administrators, but not all users are like that are such. Therefore, to understand what needs to be done to go to the blocked site using the Keenetic router not many are clear. It was decided to write this material to rectify the situation.

VPN server

In order for the Keenetic router to learn how to bypass the lock, you need to have a VPN server already created. If it is VPN Wireguard even better, since at the moment it is one of the fastest and most protected protocols. How to set up such a VPN, read in our article. create a VPN Wireguard server.

Go to the Keenetic Web Intections “General Settings” set the Wireguard component.

Then reboot the router, then again to the web-intese and go to the Other Connections menu and add Wireguard connection.

VPN on a home router: quickly and reliably

Typically, wireless routers are used to provide Internet access to various home devices. But sometimes it is necessary to solve the opposite problem in a certain sense. to realize remote access to services and systems posted on the home network. The traditional version of this problem usually consists of three steps-use the dynamic DNS service to automatically determine the external IP address of the router, assign a fixed address for the desired client in the DHCP Router service and create a port of broadcasting for the required service on this client. Note that remote access in most cases is possible only if there is a “white”/“external” address on a WAN-integrate router (for more details see. in the article), but DDNS may not be required if your provider provides a fixed IP address.

The rules of transmission of ports are often quite enough to implement the task, but they have certain features. For example, if necessary, protect the transmitted information, you will need to solve this issue for each connection individually. The second potential problem is restrictions in the case when the software requires the use of a certain port number, and there are several servers in the local network. In addition, if you have a lot of services and internal systems, then there are obvious inconvenience of prescribing to the router of each broadcast rule.

VPN technology. virtual private networks will help to help cope with these issues. They allow you to create a safe connection between a remote client or local network and immediately the entire network behind the router. That is, it will be enough for you to set this service once and when connecting to it, the client will behave as if he is in a local network. Note that this scheme also requires an external address on the router and, in addition, has some restrictions related to the use of systems and other services.

configure, keenetic, giga, router

In the firmware of many modern routers of the middle and upper segment, a VPN server is provided. Most often it works with PPTP and OpenVPN protocols. The first is a popular option that was developed more than 15 years ago with the participation of large IT companies, including Microsoft. His client is built into many modern OS and mobile devices, which simplifies the implementation. However, it is believed that security issues are not very well resolved in this decision. The speed of the secure connection for this protocol depending on the performance of the router platform is usually 30-50 Mbit/s, on the fastest devices we met 80 Mbps (see (see. for example an article).

OpenVPN is a free implementation of a VPN of similar age and is released under the GNU GPL license. There are customers for him for most platforms, including mobile. Servers can be found in many alternative firmware for routers, as well as in original versions from equipment manufacturers. The disadvantage of this protocol is the requirement of significant computing resources to ensure high speed, so 40-50 Mbps can only be obtained on the solutions of the upper segment (see. for example).

Another option that is more often associated with “serious” solutions of safe network communications is IPSEC (see. article). Its story began a little earlier and today it can be found in many products of remote corporate level access.

Nevertheless, relatively recently, its implementation appeared in such clearly mass equipment as Roters of the Zyxel Keenetic series. The software module used in them allows you to implement safe remote access scenarios, as well as unification of networks without complex settings. In addition, it is compatible with the solutions of the Zywall series. The advantages of this manufacturer include a convenient knowledge base with detailed articles on the implementation of typical scenarios. On this topic, you can pay attention to articles on combining two networks and connecting a client with Windows. It makes no sense to bring detailed screenshots of settings, since they are according to these links. We just note everything simple and clear.

Given the resource intensity of algorithms used in this scenario, the issue of the performance of such a solution is important. For its study, three models of the latest generation have been selected. the top.end Keenetic Ultra II and Keenetic Giga III, as well as the budget Keenetic Start II. The first two have MediaTek processors of the MT7621 series, 256 MB of RAM and 128 MB of Flashpamyati, gigabit network ports, two Wi-Fi ranges, support 802.11ac, USB 3 port.0. At the same time, the elder uses a chip with two cores operating at a frequency of 880 MHz, and in the second. the same chip, but only with one core. And the third router is equipped with 100 Mbps (and in the amount of two pieces. one WAN and one LAN) and a wireless module. The processor in it uses MT7628N with one core and frequency of 575 MHz, and the amount of RAM is 64 MB. From the point of view of software capabilities associated with IPSEC, the devices do not differ.

On all three routers, firmware from the beta branch versions V2 were installed.07 (XXXX.2) B2. The Internet connection mode on all devices was chosen the easiest. iPoe. Working with other options will most likely lead to a decrease in the results. The following two graphs provide the results of testing pairs with different settings of the connection parameters. Ultra II and GIGA III, Ultra II and Start II. In the first device as a whole, the speeds are compared (though the elder has two nuclei), and in the second restrictions will be from the younger model. The direction is indicated regarding the second device. Scenarios of transmission, receiving and simultaneous transmission and data receiving between the clients connected to routers were used.

As we see, the speeds here are quite low and do not even reach 100 Mbps/s. At the same time, the load on the processor during active data exchange is very high, which can have negative consequences for other tasks solved by the device.

How to set up a bypass of locks on Keenetic routers

First of all, you need to get a VPN server who has access to a caring resource. It can be its own server (virtual, allocated), paid VPN or completely free Warp.

Next, you need to configure the VPN tunnel between your router and VPN server. The type of tunnel does not play a special role. Here it is worth starting from the capabilities of the VPN server and your knowledge.

If you set up your own Debian server, then it can be a PPTP or WREGUARD tunnel. The main thing is not to forget to let us use users connected via VPN. https: //

Or use the VPN Warp from Cloudflare, which I talked about recently. https: // In most cases, he copes with providing access to blocked sites, although not intended for this.

The next step is to set static routing in your router. That is, you need to configure the routing table so that the requests for the required resource do not go through your provider, but through the VPN server.

At this stage, we need to find out all the IP addresses of the site of interest. In Windows, this can be done using the NSLOOKUP command. Below is an example for the Yandex

Read more how to find out all the IP addresses of the site in this article. https: //

After you learned the IP address (a) of the necessary site you need to go to the web-panel of the router control to the section “Network Rules Route” and add a static route:

Then the route should appear on the list:

In my example, all addresses and names from the previous article about WARP on the Keenetic router.

  • WARP. connection name (tunnel);
  • The gateway address is the address of your tunnel from its settings;
  • Address address. in my case, this is the IP address M.Video;
  • Description. any description understandable to you;
  • Type of route. if you need a route to one IP address, then select “Route to the Node”.

If the site has several IP addresses, then you need to configure static routes for each address.

How to check that routing through VPN works

You can use the Tracert command in Windows. An example of passing packages without using VPN:

After you connect static routing through the VPN list of intermediate nodes will be different, and the equipment of your provider will no longer be in second place, but the address of the device from the VPN tunnel:

Pay attention to the Ping value of the second device after your router. The total response time of the final server through the VPN will also be larger.

After proper tuning, the locked site should calmly open in the window of your browser.

How to configure the VPN server on the Router Zyxel Keenetic?

I welcome the readers of the blog, and more specifically those who are the owner of the Router Zyxel Keenetic. after all, today I will create a VPN connection to the device of this particular manufacturer. After setting up this function, the user has the opportunity to connect with a local network, a tuned house or in the office, remotely through the Internet, without a direct connection on Wi-Fi with this router. For example, they forgot at home some important file that was on a network drive connected to the router-we immediately entered it via VPN and received the necessary data-conveniently!

In order to create a VPN server on the Zyxel Keenetic router, you must first install this component in the firmware. By default, it is not among the base set.

configure, keenetic, giga, router

After rebooting in the Zyxel Keenetic settings, a new section will appear. VPN server, which is located in the “Appendix” menu.

Here we put the daw on “turn on” and on “one connection for one user”.

For access to the local network, select at the next paragraph “Home Network”

configure, keenetic, giga, router
  • The initial address of the pool is IP, from which the issuance of addresses to connecting clients will begin in order. There should be no coincidences with a manually prescribed by statical IP inside the local network.
  • The size of the pool is how many addresses will be issued for the VPN server, and if in Russian, how many customers can connect to it at the same time.
  • Click on the “Apply” button

How to make WARP work

If WARP has stopped working, and the opportunity to connect to this VPN has disappeared. Then in most cases it is enough to replace Endpoint = Engage in the compound 2408 on Endpoint = 2408.

In the last octet, you can use numbers from 1 to 9. At all these values, the connection had time to establish.

That is, acceptable addresses for Endpoint may be as follows:

  • 162.159.193.four
  • 162.159.193.eight

How to use ExpressVPN in 2022 | LIVE tutorial��

You can also try to use another port instead of a standard 2048. For example 500, 1701, 4500. At the time of writing, they all worked successfully for me.

Automatic configuration file for WARP

In order not to “suffer” with the generation of WARP keys for the Keenetic router, you can use the site https: // CF-WARP.Maple3142.Net/. At every visit to which you will automatically receive a new configuration file.

And then this file can simply be imported in the integration of the Keenetic router.

But do not forget about replacing the address and port of Endpoint if necessary.

Как войти в express vpn

Wireguard encryption keys for Warp

“Correct” keys create official customers from Cloudflare (Appendix “ Warp VPN “). But I do not know how these keys to “pick out” from these applications.

Therefore, we will use the unofficial CLI for Cloudflare Warp. https: // github.COM/VIRB3/WGCF. Which can register accounts in WARP and create profiles indicating the encryption keys for wireguard. The latter we actually need.

Download the WGCF utility for your operating system from this page. https: // github.COM/VIRB3/WGCF/Releases

The utility is console and looks the same in both Windows and in softening systems based on Linux nucleus. Its use comes down to two teams:

Instead of WGCF, you must use the name of the download utility file, in particular in Windows it is called WGCF.EXE.

After completing these commands, you will have a WGCF-Profile file.Conf which will contain all the data for configuration WARP VPN on the Keenetic router.

Setting Warp Keenetic

In the Keenetic router, you need to create a wireguard tunnel, setting the server:

Red color marks the values ​​that must be taken from your WARP VPN WGCF-Profile configuration file.Conf

If everything was done correctly, then the Warp VPN state should look something like this:

Setting up a VPN connection

If all the above conditions are met, we proceed to the VPN setting up on the Zyxel Keenetic router.

  • We go through the main menu to the “System” section, then. “Components”. We note that the activation of the VPN server option is required:
  • Depending on the ZYXEL model, a reboot is required to use the changes made. After that, a new panel “VPN” will appear on the “Appendix” tab:
  • Next, go into it, set the following parameters:
  • We activate the VPN server on Zyxel Keenetic, note that each user has created a new communication channel to increase the reliability of data transmission.
  • Connection occurs with encryption, this raises the level of security of the communication channel. Therefore, the MPPE protocol is used. Accordingly, we miss the third point.
  • Field “Translate customer addresses (NAT)” we activate so that users connect through the external network.
  • The next subsection. “access to the network”. indicates the name of the communication channel, according to which the Internet will be released. As an example, the client’s home network is indicated. PPTP connection will be carried out through it.
  • The following two points are responsible for the list of IP addresses provided by the VPN server for newly connected. The number of participants depends on the router’s model: for example, Zyxel Keenetic Giga allows a maximum of 10 connections.
  • In the first paragraph, select the initial value of the IP address pool, and in the second we indicate the maximum possible amount. Thus, ten addresses that will be issued by PPTP clients will be reserved on the router.
  • The IP address list for VPN should not coincide with the address of the address of the DHCP server of the network device. For example, ZYXEL distributes an IP address in the 192 range.168.0.10. Accordingly, it is recommended to set the pool for VPN, starting from
  • After making all the changes, click the “Apply” button, move on to the next section. “Configuration of user accounts” located below the VPN parameters:
  • Press the left mouse button on the name Admin.
  • Choose the item “Allow access to VPN”. We use changes:
  • Add customers to the list of allowed through the “System” menu, section “Users”:
  • Indicate the name, come up with a password and set access rights:
  • In our case, it is necessary to note the item “VPN server”. Next, click “Save”.

This is the setting of the Roter Zyxel Keenetic completed, it is allowed to install a VPN connection.

Connection priorities

Starting from version 2.0, the Roters of ZYXEL supports the function of priority distribution. Compared to the first version, there is the possibility of combining compounds in different ways.

The created channels use either physical ports of the network device or virtual intenses. Each communication channel created on the equipment is assigned priority. Its value is edited manually or remains unchanged:

In the screenshot the highest priority is given to the ISP intese. This is a standard setting for Internet access through the network cable.

The next is Yota: connection via a wireless communication channel. If the first option stops working, the router will automatically switch to the specified mode. Thus, reserve communication channels and VPN connections are configured.

Connection configuration

Setting up all the Routers of the Zyxel Keenetic family (Start, Giga, Lite) is made from its connection to PC and directly to the Ethernet Cabel.

This procedure for connecting to the router is carried out as follows:

  • First you need to connect the router to the mains.
  • After that, you need to connect a network cable into a blue connector to the router.
  • When setting up using a computer, you must connect a special Ethernet cable (short, comes complete with the device) to PC and router.

How to find out the address, login and password for entering

Before setting up, you need to connect and input. To do this, we need to find out:

Find them is not a problem, for this it is enough to turn the device and pay attention to a special sticker applied from below. There will be a lot of data, including the address, login and password.

Next, open any browser and enter the address 192 in the address and data for entrance.

VPN-tunnel IPSEC

IPSEC VPN connection standard is one of the safest. A high level of reliability is provided by protocols that add headlines to an IP packet (incapsulation). In addition, this connection method allows you to get:

Many models of Keenetic routers allow you to create VPN tunnels of this type. For example, the new Keenetic Giga devices not only have a high level of protection of the transmitted data, but also provide speed up to 400 MB/s. For the first generation of devices, the VPN function is not available.

If previously data transfer was not carried out in this way, then the router should be configured. For this purpose, you will need to update the control program. To download the necessary option, you should definitely select IPSEC in the download settings settings.

After a successful update for equipment, the equipment should automatically restart. If this does not happen, then you need to turn off and turn on the router again, and then go into the equipment settings. To create a VPN tunnel, you will need to go to the “Internet” section and create a new connection with the settings, as shown in the figure below.

The description of the connection can be any, this parameter is necessary to identify the connection. When indicating the password and the secret key, the sequence of characters without errors should be introduced, otherwise the new communication channel cannot be activated. If the connection is used to enter the Internet, then you should not forget to mark this item when setting up the connection.

As a rule, in all devices supporting the possibility of creating an IPSEC VPN tunnel, the server address and DNS address are formed in automatic mode.

After creating the connection, it can be selected in the corresponding list of the control program of the router.

Tips and recommendations

In the process of setting up and using VPN routing on Keenetic routers, it will not be superfluous to know about some nuances, for example:

  • To check the availability of user in the Roter OS, you can use alternative Internet access to Open VPN.
  • It should not be forgotten that the maximum number of connections on equipment of this type should not exceed 10.
  • Secret data for entering the network (login and password) should not be saved on a computer or mobile device.