Hello everyone,
Merry Christmas!
So, I have an idea but please don't kill me if I'm being an idiot. I've just about had enough with OpenVPN clients on my AX86U. I'm using an OVPN client on the router with ExpressVPN to send some LAN IP traffic through it and everything works OK at times but it's shaky at best and my speed is severely limited compared to my Virgin 1GB connection.
Iv been looking into wireguard with Surfshark as a viable option. As far as I know, there is still the hardware acceleration issue with flow cache on the AX86U which I don't think can ever be properly corrected and I think the fastest speed i can get from the AX86U CPU is around 350mbps. I have had a look and wireguard speeds on the Pi4 can go as high as 900mbps.
My idea is to use an old RPi 4 with 8GB of RAM (overkill I know) which is sat doing nothing as a wireguard client and get the router to shunt specific LAN IPs through it. This would offload all the routers VPN client traffic to the Pi.
I wanted to get advice from you guys to see if it's actually possible to do this, and do it in a way where latency wouldn't be as much of an issue. I would want some LAN IPs on my network to have all their traffic going to the Pi (ethernet connected to my AX86U), through the Surfshark Wireguard client (using Surfshark DNS servers for simplicity, to get it going) and back again. So the the Pi would be sort of like an access point
If this is possible and sanctioned by you guys, what would be the best way to set up the Pi4? Please bare in mind that I'm not very experienced on Linux Pi Operating Systems. The simpler the setup, the better. I'd want to manage the Pi4 in a headless way via RDP (I don't have a spare screen to keep connected to the Pi).
I have had a look at pi hole which may do the job on paper, along with ad blocking and possibly unbound (currently running on my AX86U, thank you to all those who have been involved in creating those packages) but I can't find info on someone who has actually set pi hole up in the way I have described.
I think it would be quite complicated from what I can see. The only other alternative is to go PFsense and do the whole lot from there. I do have old PC parts which I can cobble together and then use the AX86U as a wireless AP. I'd rather not do this though.
I know, I know, VPNs aren't really secure, can't trust them etc etc. My opinion is, on the Internet I have no real freedom but the very least I can do is try to stop entities from making money off me without my consent by watching everything i do. I'm not clever, I can't see or understand all the different ways they accomplish their objectives. At the very least, I can try to hamper them as much as I can (of which using a VPN client is just one part of this) and I can watch streaming services from other countries / access blocked websites while I'm at it. Silly, not silly, it's my opinion.
As ever, thank you so much to all of you for all the help over the years and for any better suggestions or input into this post
Thank you for reading this long post.
NetNoob.
Merry Christmas!
So, I have an idea but please don't kill me if I'm being an idiot. I've just about had enough with OpenVPN clients on my AX86U. I'm using an OVPN client on the router with ExpressVPN to send some LAN IP traffic through it and everything works OK at times but it's shaky at best and my speed is severely limited compared to my Virgin 1GB connection.
Iv been looking into wireguard with Surfshark as a viable option. As far as I know, there is still the hardware acceleration issue with flow cache on the AX86U which I don't think can ever be properly corrected and I think the fastest speed i can get from the AX86U CPU is around 350mbps. I have had a look and wireguard speeds on the Pi4 can go as high as 900mbps.
My idea is to use an old RPi 4 with 8GB of RAM (overkill I know) which is sat doing nothing as a wireguard client and get the router to shunt specific LAN IPs through it. This would offload all the routers VPN client traffic to the Pi.
I wanted to get advice from you guys to see if it's actually possible to do this, and do it in a way where latency wouldn't be as much of an issue. I would want some LAN IPs on my network to have all their traffic going to the Pi (ethernet connected to my AX86U), through the Surfshark Wireguard client (using Surfshark DNS servers for simplicity, to get it going) and back again. So the the Pi would be sort of like an access point
If this is possible and sanctioned by you guys, what would be the best way to set up the Pi4? Please bare in mind that I'm not very experienced on Linux Pi Operating Systems. The simpler the setup, the better. I'd want to manage the Pi4 in a headless way via RDP (I don't have a spare screen to keep connected to the Pi).
I have had a look at pi hole which may do the job on paper, along with ad blocking and possibly unbound (currently running on my AX86U, thank you to all those who have been involved in creating those packages) but I can't find info on someone who has actually set pi hole up in the way I have described.
I think it would be quite complicated from what I can see. The only other alternative is to go PFsense and do the whole lot from there. I do have old PC parts which I can cobble together and then use the AX86U as a wireless AP. I'd rather not do this though.
I know, I know, VPNs aren't really secure, can't trust them etc etc. My opinion is, on the Internet I have no real freedom but the very least I can do is try to stop entities from making money off me without my consent by watching everything i do. I'm not clever, I can't see or understand all the different ways they accomplish their objectives. At the very least, I can try to hamper them as much as I can (of which using a VPN client is just one part of this) and I can watch streaming services from other countries / access blocked websites while I'm at it. Silly, not silly, it's my opinion.
As ever, thank you so much to all of you for all the help over the years and for any better suggestions or input into this post
Thank you for reading this long post.
NetNoob.
Last edited:
