Tutorial How to Setup a VPN client including Policy Rules for PIA and other VPN providers 384.5 07.10.18

[Trial_Master]

Large buffers can negatively impact latency, that's why I'm not a fan of them. For Internet traffic, latency can be more important than squeezing a few extra mbits of performance IMHO.

I'm not concerned about speed, I want to be able to stream Pandora Music. No other use for VPN. I'm about to add your Custom Configuration commands.

 

[doczenith1]

I added those commands in and it near doubled the download speed and increased upload by 2Mbps. Ping is still really high?

Speed Test Ping 237 ms, Download 32.32 Mbps, Upload 8.06 Mbps

I see that you are using a PIA server located in the USA which I assume is for Pandora. This is the reason for the large pings and slow speedtest results. For testing your openvpn setup have you tested ping and bandwidth on a local PIA server? When I connect to the Sydney AU server I get a ping of 214 and 44/32 Mbps D/U. The Melbourne server gives me a ping of 218 and 47/25 Mbps D/U. I tried few different Speedtest.net servers in each location and took an average. You might want to try a few different PIA USA servers and see if one does better for you.

Large buffers can negatively impact latency, that's why I'm not a fan of them. For Internet traffic, latency can be more important than squeezing a few extra mbits of performance IMHO.

That is a good point and in the future I will add a note stating that your mileage may vary when increasing the buffers and one should check both latency and bandwidth with and without the increased buffers.

 

[Trial_Master]

Thanks for the advice doczenith1

Will play around with different PIA Servers

 

[Geraner]

Just wanted to add a link to another VPN post I wrote, and where OpenVPN in Asus routers, are discussed.
Since I was using PIA as well in this test, I thought it's interesting for all reading this post to get the input from this thread as well.

 

[Trial_Master]

Just wanted to add a link to another VPN post I wrote, and where OpenVPN in Asus routers, are discussed.
Since I was using PIA as well in this test, I thought it's interesting for all reading this post to get the input from this thread as well.

Thanks for info. Disappointing, but good to know.

 

[OOo]

Hi, I am running Merlin 380.69 (was on 382.2 beta but had lots of issues). Yes, I did a factory reset after install, and I started from scratch.

Now I am running into an issue with my Roku devices. I am doing what I think you would call Peer to Peer VPN (One Asus 68U(client) to another 68U(server).
Here is the issue, I have a VPN client setup to run 1 of my Roku's through VPN. Works great by all accounts. But, when I turn OFF (service state) the VPN client, the Roku does not have internet access through the ISP. I reboot the Roku, reboot the router, nothing works. I can see the Roku on my wireless network, the Roku reports the same IP address, etc. But again, no ISP internet connection. The only way I can get the Roku to get internet connectivity is to turn the VPN back ON. I have played with the "Block routed clients if tunnel goes down". But my understanding is that only is active when the client "service state" is in the ON position. When vpn client is OFF then everything goes through the ISP. Regardless, I can't get the Roku to get internet access through the ISP. Tried and read everything.

Any thoughts?

 

[doczenith1]

When "Block routed clients if tunnel goes down" is set to 'Yes' it will block the devices even if the VPN client is turned off in my experience. Whether or not that is the intended result will have to be answered by someone with a higher pay grade than me

 

[OOo]

Thanks Doc. It seems you and me are are the only ones around here...

For Roku, there are times I want to use it with Netflix on my regular ISP and other times I want to enforce the kill switch. Seems I can't have it both ways. I suppose I could set up two different VPN clients, one for each scenario.

 

[xtropodx]

I've found by setting "Redirect Internet traffic" to "All", as per:


Has still allowed traffic through even if VPN fails, least on the last several firmware updates I've done. So not sure if it's because of some issue/corruption with router, or if instructions are wrong, but I've now changed it to "No". Now done full update, full factory reset & manually updated everything & will see how it goes.

What I want to know is, is there some way to configure router to email you if/when VPN fails?

Well now it seems "ALL" & "NO" don't work, either that or there's still some issue with merlin/vpn stuff. Logged on this morning & VPN was down yet I could still access internet.

Can someone, please, advise on how to set this so that either:
-It actually stops traffic if VPN fails. So far "ALL" & "NO" DO NOT WORK. Or provide clarity over the wording on OP, as it isn't 100% crystal clear.
-VPN attempts to reconnects later if it does fail (I've just manually had to turn it on, despite correct settings).
-Set up something so router emails you if/when VPN does fail - least this way I would know immediately that the issue has occurred. Looking in the logs I have no idea when/what to look for.

 

[robahearts]

Looking for some help after trying different servers. My internet is 100/100Mbps, and I have the RT-AC66R with FW 380.69_2. No matter what configuration I use, when using PIA, I'm only getting 10/10 Mbps

 

[Xentrk]

Looking for some help after trying different servers. My internet is 100/100Mbps, and I have the RT-AC66R with FW 380.69_2. No matter what configuration I use, when using PIA, I'm only getting 10/10 Mbps

The CPU in the router is what is limiting you. Distance from VPN server and encryption cipher are other factors. AES-128-GCM will get you a little bump when compared to AES-128-CBC. Using SHA1 will be faster than SHA256.

If you want to stick with Asus-Merlin WRT, the AC86U has hardware acceleration and will give you improved VPN performance. Merlin posted some stats in the AC86U in the VPN forum.

Or, look into hardware that has a CPU that supports AES-NI and flash it with pfSense. Earlier this week, I converted an old PC to a pfSense router. I got some massive gains when compared to the AC88U. You can read about it in the Router forum here.

 

[robahearts]

The CPU in the router is what is limiting you. Distance from VPN server and encryption cipher are other factors. AES-128-GCM will get you a little bump when compared to AES-128-CBC. Using SHA1 will be faster than SHA256.

If you want to stick with Asus-Merlin WRT, the AC86U has hardware acceleration and will give you improved VPN performance. Merlin posted some stats in the AC86U in the VPN forum.

Or, look into hardware that has a CPU that supports AES-NI and flash it with pfSense. Earlier this week, I converted an old PC to a pfSense router. I got some massive gains when compared to the AC88U. You can read about it in the Router forum here.

What about the Asus AC-1900? I see is has dual core and I see some for sale for around $50.

 

[Xentrk]

What about the Asus AC-1900? I see is has dual core and I see some for sale for around $50.

Sorry, The CPU in the AC-1900 will not give you the bump in VPN performance. The newly released AC86U is the current leader in Asus routers for OpenVPN performance.

 

[doczenith1]

The AC-1900 will give you around 50 Mbps as a vpn client. The AC86U that @Xentrk mentioned will do 200+ Mbps as a vpn client. Both models personally tested using PIA by yours truly.

 

[Xentrk]

Distance from VPN server is the other factor to consider. With my AC88U, I was lucky to get 10 Mbps to server in USA. I can get 7x that speed when I connect to the server in Bangkok.

 

[Xentrk]

@robahearts
more info on VPN consumer grade routers.
https://restoreprivacy.com/vpn-routers/

 

[robahearts]

@robahearts
more info on VPN consumer grade routers.
https://restoreprivacy.com/vpn-routers/

Decided to go with the AC-86U. Damn that thing is fast. Thank you

 

[Xentrk]

Decided to go with the AC-86U. Damn that thing is fast. Thank you

Thanks for the feedback. I plan to test the AC-86U over my VPN tunnels this week. I am helping another expat with his home network. I will first configure it and test it on my network before installing at his home. I am curious how the performance compares to my pfSense build. I will post my findings after running the metrics.

 

[robahearts]

Anyone here using this solution and Terrarium TV? I'm getting good speed while on VPN but once I use terrarium tv I get a lot of freezing. Once I take it off the VPN then is fine.

 

[Xentrk]

Anyone here using this solution and Terrarium TV? I'm getting good speed while on VPN but once I use terrarium tv I get a lot of freezing. Once I take it off the VPN then is fine.

I have experimented with Kodi and Terrarium on the Fire TV and Raspberry Pi. I had buffering and freezing isssues. I suspected it was due to the CPU in these devices as I know others who use Terrerium on Android boxes and have no problems. So, I recently purchased the Nvidia to find out for myself. With the Nvidia, have no problems with buffering , which confirms my suspicions it was the device CPU architecture rather than any issues with the VPN. What device are you using?

Be aware that geo location spoofing on Android boxes may be more difficult though. See
https://www.snbforums.com/threads/google-knows-the-geolocation-of-your-wifi-router.46162/