A VPN client is a terminal device or software used to establish a secure connection between a user and a VPN server.
What is VPN?
VPN (Virtual Private Network) helps you access internet resources remotely, securely, and privately with tunneling technology. The VPN encrypts your personal information and hides your IP address from the public when you use the internet. To the users of the VPN, it will look like the computers were directly connected to each other.
Common Network Topology:
Here we take WR2100 as a demonstration.
Step 1: Open a web browser and go to http://cudy.net or http://192.168.10.1.
For details, please refer to How to log into the web interface of Cudy Router?
Step 2: Click on General Settings->VPN and enable VPN.
Default Rule: Allow all devices or Ban all devices to use VPN.
To specify the device, click on System Status-> Devices->VPN to enable or disable it.
Site-to-Site: Allow the devices in two sites to communicate with each other.
VPN Policy:
Disable: No additional setting.
VPN kill switch: Turn off the Internet connectivity when the VPN connection is lost.
Domain: Specify which domains go through the VPN and which don't
Remote Subnet: Specify what subnets go through the VPN and which don't
Step 3: In the Protocol list, select the one you need and enter the VPN information provided by your VPN provider.
• PPTP VPN
Enter the VPN server address (for example, 113.92.73.163) and the VPN Username and password provided by your VPN provider.
• L2TP VPN
Enter the VPN server address (for example 113.92.73.163), VPN username and password, and pre-shared key provided by your VPN provider.
If your VPN provider also provides you the tunnel IP which binds with the account, you can enable the Use custom tunnel IP option.
• OpenVPN
Click on Browser to import the configuration file provided by your VPN provider.
• WireGuard VPN
Click on Browser to import the configuration file provided by your VPN provider.
The Interface and Peer will synchronize automatically from your VPN Provider's CONF File.
• ZeroTier Slave
Type in the ZeroTier Network ID and Gateway provided by the ZeroTier Master. The Gateway can be found on VPN Status part.
Related Article: How to remote connect Cudy Router via Zerotier?-Cudy Home
181 comments
@Dear Felice,
Please enable the VPN kill switch function, Then all the traffics from the clients will go through VPN connection.
“Hi,
I am using a Cudy AX3000 router configured as an OpenVPN client (ExpressVPN).
I have observed the following behavior:
The router itself connects correctly to the VPN and gets an IP in the VPN country. However, LAN clients do not appear to have their DNS traffic routed through the VPN tunnel by default. DNS queries from LAN clients are resolved via the WAN interface unless additional workarounds are implemented.
I would like to clarify:
1. Does the OpenVPN client on this router support full-tunnel routing for all LAN devices (i.e. all traffic, including DNS, forced through the VPN interface)?
2. Is there a setting to ensure DNS queries from LAN clients are always routed through the VPN tunnel and not via the WAN?
3. Does the “VPN kill switch” function enforce routing of LAN traffic through the VPN, or only block traffic when the VPN is down?
4. Are there firmware versions or models that support proper policy-based routing (e.g. select devices or all LAN traffic via VPN)?
My goal is to have all LAN devices fully routed through the VPN, including DNS, without relying on external DNS proxies or additional devices.
Thank you for your support."
Hi,
The router itself connects correctly to the VPN and gets an IP in the VPN country. However, LAN clients do not appear to have their DNS traffic routed through the VPN tunnel by default. DNS queries from LAN clients are resolved via the WAN interface unless additional workarounds are implemented.I am using a Cudy AX3000 router configured as an OpenVPN client (ExpressVPN).
I have observed the following behavior:
I would like to clarify:
1. Does the OpenVPN client on this router support full-tunnel routing for all LAN devices (i.e. all traffic, including DNS, forced through the VPN interface)?
2. Is there a setting to ensure DNS queries from LAN clients are always routed through the VPN tunnel and not via the WAN?
3. Does the “VPN kill switch” function enforce routing of LAN traffic through the VPN, or only block traffic when the VPN is down?
4. Are there firmware versions or models that support proper policy-based routing (e.g. select devices or all LAN traffic via VPN)?
My goal is to have all LAN devices fully routed through the VPN, including DNS, without relying on external DNS proxies or additional devices.
Thank you for your support.
@Dear Rado,
Is it L2TP or L2TP over IPSec? Is there a preshared key?
“I have a AC1200 Wireless mini VPN router.
I would like to setup l2tp VPN via double NATed.
Is there a way how to setup rightID? As currently VPN is failing on IDir ‘’ does not match to ’’”
“I have a AC1200 Wireless mini VPN router.
I would like to setup l2tp VPN via double NATed.
Is there a way how to setup rightID? As currently VPN is failing on IDir ‘’ does not match to ’’”
I have a AC1200 Wireless mini VPN router.
I would like to setup l2tp VPN via double NATed.
Is there a way how to setup rightID? As currently VPN is failing on IDir ‘’ does not match to ’’
@Dear bledad,
You can open and edit the OpenVPN file and delete this “group nogroup”.
Then upload it to the router again.
“hello , i have error with openvpn
Sun Mar 8 07:43:17 2026 daemon.err openvpn(client)29373: Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/client/client.ovpn:62: gro (2.5.2)
line 62 > group nogroup
I’m stuck
please help
thank”