A VPN client is a terminal device or software used to establish a secure connection between a user and a VPN server.
What is VPN?
VPN (Virtual Private Network) helps you access internet resources remotely, securely, and privately with tunneling technology. The VPN encrypts your personal information and hides your IP address from the public when you use the internet. To the users of the VPN, it will look like the computers were directly connected to each other.
Common Network Topology:
Here we take WR2100 as a demonstration.
Step 1: Open a web browser and go to http://cudy.net or http://192.168.10.1.
For details, please refer to How to log into the web interface of Cudy Router?
Step 2: Click on General Settings->VPN and enable VPN.
Default Rule: Allow all devices or Ban all devices to use VPN.
To specify the device, click on System Status-> Devices->VPN to enable or disable it.
Site-to-Site: Allow the devices in two sites to communicate with each other.
VPN Policy:
Disable: No additional setting.
VPN kill switch: Turn off the Internet connectivity when the VPN connection is lost.
Domain: Specify which domains go through the VPN and which don't
Remote Subnet: Specify what subnets go through the VPN and which don't
Step 3: In the Protocol list, select the one you need and enter the VPN information provided by your VPN provider.
• PPTP VPN
Enter the VPN server address (for example, 113.92.73.163) and the VPN Username and password provided by your VPN provider.
• L2TP VPN
Enter the VPN server address (for example 113.92.73.163), VPN username and password, and pre-shared key provided by your VPN provider.
If your VPN provider also provides you the tunnel IP which binds with the account, you can enable the Use custom tunnel IP option.
• OpenVPN
Click on Browser to import the configuration file provided by your VPN provider.
• WireGuard VPN
Click on Browser to import the configuration file provided by your VPN provider.
The Interface and Peer will synchronize automatically from your VPN Provider's CONF File.
• ZeroTier Slave
Type in the ZeroTier Network ID and Gateway provided by the ZeroTier Master. The Gateway can be found on VPN Status part.
Related Article: How to remote connect Cudy Router via Zerotier?-Cudy Home
138 comments
Dear TEN, Yes, there is a @. samcudy.com.
“Is an @ supposed to go between your name and your company’s?
Will be happy to provide you with all relevant (redacted) screenshots and logs.
Cannot currently record or live-stream video though, as I am not where the router is, and it is on low bandwidth even when (intermittently) online.”
Is an @ supposed to go between your name and your company’s?
Will be happy to provide you with all relevant (redacted) screenshots and logs.
Cannot currently record or live-stream video though, as I am not where the router is, and it is on low bandwidth even when (intermittently) online.
Dear TEN, Would you please record a screen video to show me how do you set on the router and how to reproduce this issue. Then send it to my email box. samcudy.com
I will check and try to find a solution.
Adding to the urgency of my and others’ reports below, on firmware 2.4.7 I have found the “VPN kill switch” to fail contrary to its name and purpose, leaking local IP after WireGuard drops, which as you know may put users in serious jeopardy.
@Dear TEN,
We will follow it, please wait patiently.
“WireGuard VPN with kill switch does NOT (re)connect automatically indeed (i.e. stays red) on current firmware https://www.cudy.com/cdn/shop/files/WR3000E-R53-2.4.7-20250528-182254-sysupgrade.zip in WISP mode after reboot(s) or when host WiFi comes up (again).
Cf. Evian’s requests currently at the bottom of https://www.cudy.com/de-de/blogs/faq/wie-stelle-ich-den-vpn-client-ein-um-auf-einen-remote-vpn-server-zugreifen?page=5#Comments-589223624948
From the web interface which most clients should not (have to) access, VPN can be made connect (turn green) by manual iterations through toggling it off, saving, waiting, then toggling VPN on again, saving again (steps possibly required repeatedly), or comes on again (then) automatically after running Diagnostics:
This behavior suggests there may be a timing issue of VPN initially failing e.g. because WISP (or generally WAN) isn’t fully up yet for a WireGuard tunnel to establish, then staying disconnected because it may not be retrying (frequently enough, or at all).
If auto-connect can’t be made more reliable, dedicated buttons to (re)connect VPN and show details of its log and status would at least help admins recover.
As a defense against leakage, of course enabling “VPN kill switch” often isn’t optional.”