AC68U OpenVPN server question - Router vs NAS

[Eric Lieb]

This is a question that I have been wondering about for a while. Is it better to run the OpenVPN server on my AC68U router or on my QNAP 453Be (quad core celeron). Can I run a TAP client on the NAS like I can on the router? The reason I ask is it seems OpenVPN uses a lot of the available resources on the router itself.

 

[L&LD]

For ease of use and security, the RT-AC68U is better.

Use a USB stick and amtm from thelonelycoder to create a swap file for the router to use. Also, make sure to disable the 'regularly flush cache' setting. This will make the router more 'crash-proof' while also giving the most performance it can.

It's okay if the resources are being used. Are there other processes that that is interfering with?

 

[maxbraketorque]

This is a question that I have been wondering about for a while. Is it better to run the OpenVPN server on my AC68U router or on my QNAP 453Be (quad core celeron). Can I run a TAP client on the NAS like I can on the router? The reason I ask is it seems OpenVPN uses a lot of the available resources on the router itself.

Are you wanting to access your entire network or just the NAS?

 

[Zonkd]

Are you wanting to access your entire network or just the NAS?

If he does want to just access the NAS and doesn’t want to access to the entire network, could he still run the VPN server on the router? Or would he have no choice but to run it on the NAS?

 

[maxbraketorque]

If he does want to just access the NAS and doesn’t want to access to the entire network, could he still run the VPN server on the router? Or would he have no choice but to run it on the NAS?

Interesting question. I don't know. The reason I asked is because I was thinking that it would be difficult to access the entire network via an OVPN server on the NAS.

 

[Zonkd]

Interesting question. I don't know. The reason I asked is because I was thinking that it would be difficult to access the entire network via an OVPN server on the NAS.

My Synology NAS has an option to do it. I haven’t tested it though.

 

[Eric Lieb]

My Synology NAS has an option to do it. I haven’t tested it though.

I think QNAP has that option too... wasn't sure if it was a TAP to the network or if it would just be TUN and i wouldn't have access to local resources (like the NAS).

 

[coen99]

This is a question that I have been wondering about for a while. Is it better to run the OpenVPN server on my AC68U router or on my QNAP 453Be (quad core celeron). Can I run a TAP client on the NAS like I can on the router? The reason I ask is it seems OpenVPN uses a lot of the available resources on the router itself.

I had a AC66 having the same issue, lacking CPU power. So I bought the AX88 Quadcore with AES hardware acceleration. This thing is a beast.
Before the tranferrate using OPENVPN was 12Mb/s with 100% of CPU use (I know, you have a dual core and the 66 has only 1, but still..).
The AX88 max's out the bandwidth (190Mb/s) and still has enough power left to address all other clients and the harddrive connected to the USB3.
The only downside is the price of the AX88. But I would buy it again with no hesitation.

 

[L&LD]

I had a AC66 having the same issue, lacking CPU power. So I bought the AX88 Quadcore with AES hardware acceleration. This thing is a beast.
Before the tranferrate using OPENVPN was 12MB/s with 100% of CPU use (I know, you have a dual core and the 66 has only 1, but still..).
The AX88 max's out the bandwidth (190MB/s) and still has enough power left to address all other clients and the harddrive connected to the USB3.
The only downside is the price of the AX88. But I would buy it again with no hesitation.

I would be interested to see/read about how IPSec VPN works compared to OpenVPN with your new hardware.

 

[coen99]

I would be interested to see/read about how IPSec VPN works compared to OpenVPN with your new hardware.

Using L2TP I get 165Mb/s, CPU use : 1-core max 38% (average around 25%)
If you like to know more let me know.


cheers

 

[L&LD]

Using L2TP I get 165Mb/s, CPU use : 1-core max 38% (average around 25%)
If you like to know more let me know.

View attachment 16584 View attachment 16583
cheers

So that I am understanding correctly, L2TP is using IPSec VPN?

 

[coen99]

So that I am understanding correctly, L2TP is using IPSec VPN?

This is what I know/found:

The term Cisco IPsec is just a marketing ploy which basically means plain IPsec using ESP in tunnel mode without any additional encapsulation, and using the Internet Key Exchange protocol (IKE) to establish the tunnel. IKE provides several authentication options, preshared keys (PSK) or X.509 certificates combined with Extended Authentication (XAUTH) user authentication are the most common.

The Layer 2 Tunneling Protocol (L2TP) was has its origins in PPTP. Since it does not provide security features such as encryption or strong authentication it is typically combined with IPsec. To avoid too much additional overhead ESP in transport mode is commonly used. This means first the IPsec channel is established, again using IKE, then this channel is used to establish the L2TP tunnel. Afterwards, the IPsec connection is also used to transport the L2TP encapsulated user data.

Compared to plain IPsec the additional encapsulation with L2TP (which adds an IP/UDP packet and L2TP header) makes it a little less efficient (more so if it is also used with ESP in tunnel mode, which some implementations do).

NAT traversal (NAT-T) is also more problematic with L2TP/IPsec due to the common use of ESP in transport mode.

One advantage L2TP has over plain IPsec is that it can transport protocols other than IP.

Security-wise both are similar but it depends on the authentication method, the mode of authentication (Main or Aggressive Mode), the strength of the keys, the used algorithms etc.

 

[L&LD]

This is what I know/found:

Thank you so much!

 

[coen99]

You're welcome!