VPN Client on router or x86 ??

[ignade82]

I live in uk . Currently I have Virgin media 100mbit with HUB 3 (terrible router)
I am searching a new router that supported VPN client. During my searching, I found in many topic people saying I need a really powerful router to handle VPN or even x86 Pc.

A Pc ,is it true ?
Because otherwise I dont spend for a router.

My system is quite simple and my flat is 50sqm 1 floor.
1 Amazon Fire TV to connect US by PureVPN
1 laptop to connect to Italy server by Purevpn
xbox one
3 mobile, 1 tablet and another laptop . all 5ghz wifi supported.

What I want to do is:
Routing a VPN for my Fire TV
routing a VPN for torrent to the usb port on the router Until I willl have NAS.
Sometimes switch the VPN Torrent to Italy server.
The other device Virgin Media

can a router?
have 2 VPN to connect on the same time plus ISPs?
handle torrent ?

I was thinking to buy Asus RT-AC87U.
Rt-Ac68U seems no powerful enough and it is really slow by using usb.
Should I spend more?

 

[System Error Message]

x86 only needed for gigabit speeds software based VPNs. It really depends on your needs.
Virgin media service and hubs have always been horrible. If you host a game server on their connection not only do their uploads suck but you get throttled as well.

an asus router with RMerlin's firmware gives you plenty of options for VPN on the consumer router side. Routers like mikrotik and ubiquiti are way more flexible in this regard but need skill to configure. Mikrotik and pfsense dont have torrent clients though despite the fact that they are the performance options.

Just get yourself an asus router. The ASUS ac3200 and newer will do what you want as the determining factor here is really just the vpn type you're going to use and the speed of vpn you want to have.

Im in the UK and im on BT and dont need to use a VPN for torrents . I know virgin media is very strict in this regard even in the way you use your own net that its easy to get throttled and the very slow upload speed as well. In essence virgin media is like your typical US cable ISP. For a short while BT actually stopped blocking the websites that was supposed to be blocked by law. If i needed to get a torrent i just use a free vpn like tunnel bear just to browse tpb to get the torrent and download it like normal via my ISP.

ASK4 also have residential as well as student and they dont care what you download nor do they actually block the websites that the main ISPs block. They have a 100Mb/s package with twice the upload of virgin media and much lower overhead, more reliable and better speeds as its actually easy to hit your subscribe speed instantly.

 

[ignade82]

Thank you for your reply.
Good to know x86 is only for gigabit.I got 100mbit. I hope my VPN can reach 30mbit to have 4k on netflix.I have PureVPN but Maybe I will migrate to ExpressVPN

Yes I will use RMerlin s firmware.

You are suggesting Asus RT-Ac300 over my thought RT-AC87u.But They have the same CPU 1ghz and 256 ram.I dont think I need 3 band?
I live with my girfriend, so 2 people at home.
What Can I do with 3 band?Can I use one for VPN?

BTW you really dont use VPN for torrent or kodi?I pay Prime and Netflix but I feel they are not enough.

 

[System Error Message]

Thank you for your reply.
Good to know x86 is only for gigabit.I got 100mbit. I hope my VPN can reach 30mbit to have 4k on netflix.I have PureVPN but Maybe I will migrate to ExpressVPN

Yes I will use RMerlin s firmware.

You are suggesting Asus RT-Ac300 over my thought RT-AC87u.But They have the same CPU 1ghz and 256 ram.I dont think I need 3 band?
I live with my girfriend, so 2 people at home.
What Can I do with 3 band?Can I use one for VPN?

BTW you really dont use VPN for torrent or kodi?I pay Prime and Netflix but I feel they are not enough.

They have different CPUs. Broadcom uses their own dual ARM A9. The AC87U uses quantenna's CPU. the AC3100 has MU-MIMO and an even faster CPU.

With the AC68U you will have to get some active cooling for it and overclock it if you want to go with it. I had mine running at 1.4Ghz with active cooling.

I dont use VPN for torrents or kodi because my ISP doesnt seem to care much what i download. I have prime purely by coincidence (being a student gets free prime) but when i need to watch something i use a primewire proxy website. With BT as long as you avoid downloading anything very obvious like the latest movie you'll be fine. I also have amazon's highest end fireTV not to use for watching TV but for testing android apps. The fireTV can pair with other remotes and game controllers easily.

 

[ignade82]

ok I will try to buy AC3200 or Ac3100.I still dont understand how MU mimo works
AC3100 is too expensive I hope I can find second hand .250£ too much

I didn't know primewire website , do you think can I use o on Fire tV??

 

[System Error Message]

ok I will try to buy AC3200 or Ac3100.I still dont understand how MU mimo works
AC3100 is too expensive I hope I can find second hand .250£ too much

I didn't know primewire website , do you think can I use o on Fire tV??

i watch on my desktop instead.

You can still use the AC68U but you will need to get some cooling for it and overclock it.

 

[ignade82]

i watch on my desktop instead.

You can still use the AC68U but you will need to get some cooling for it and overclock it.

https://www.uswitch.com/broadband/n...tm_source=uswitch&utm_term=bband-content-hero

What do you think?

Sent from my LG-H815 using Tapatalk

 

[System Error Message]

https://www.uswitch.com/broadband/news/2017/02/internet_providers_clamp_down_on_torrenting/?ref=email~insight~170216~uswitch&utm_campaign=insight&utm_content=170216&utm_medium=email&utm_source=uswitch&utm_term=bband-content-hero

What do you think?

Sent from my LG-H815 using Tapatalk

Thats an improvement. Considering you can watch videos online for free live on websites like primewire (technically pirating but streaming rather than downloading) with the focus being on videos and songs. Rarely do i download movies by torrenting, mainly games and when the games i like go on discount i buy them.

The main cause of pirating is because people cant afford things. For PC gaming at one point AAA titles got so expensive for example the launch price of crysis 3 and now they've at least learned their lesson and made their games cheaper on launch. Indie or small developers however can be questionable as minecraft costs more than space engineers and space engineers is a game that is much better than minecraft in every way. So pricing is important as minecraft can be sold for much less. piracy allows those that cant afford something to try it out so you shouldnt shun piracy as you can think of it as free advertisement. People who would've never bought your software/media would be trying it out and if they like it you could end up with another buyer especially since the genuine version for games allows multiplayer in the case of a central server. Another way to look at it is if the pirated copy can be activated to be genuine, it would save the company a lot of bandwidth as the people pirating would be hosting it.

Thankfully im not a fan of series like game of thrones which will be watching you if you decide to pirate it. You dont see the smaller companies complaining about piracy, only the bigger ones as it affects what yacht or mansion they can buy. In big companies the guys that do all the work get paid the same regardless how successful the product is.

 

[ignade82]

So before buying the router I am doing some test with PureVPN by using OpenVPN on Win 10 instead of them software.

Spoiler: PureVPN USA 256

client

dev tun
remote it1-ovpn-udp.purevpn.net 53
proto udp
nobind
persist-key
persist-tun
cipher AES-256-CBC
comp-lzo
<ca>
-----BEGIN CERTIFICATE-----
MIIEoTCCA4mgAwIBAgIJANysBdFD6U2oMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD
VQQGEwJISzELMAkGA1UECBMCSEsxETAPBgNVBAcTCEhvbmdLb25nMRAwDgYDVQQK
EwdQdXJlVlBOMQswCQYDVQQLEwJJVDEQMA4GA1UEAxMHUHVyZVZQTjEQMA4GA1UE
KRMHUHVyZVZQTjEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRvbWFpbjAeFw0x
NDA0MTAwNzI5NDlaFw0yNDA0MDcwNzI5NDlaMIGRMQswCQYDVQQGEwJISzELMAkG
A1UECBMCSEsxETAPBgNVBAcTCEhvbmdLb25nMRAwDgYDVQQKEwdQdXJlVlBOMQsw
CQYDVQQLEwJJVDEQMA4GA1UEAxMHUHVyZVZQTjEQMA4GA1UEKRMHUHVyZVZQTjEf
MB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRvbWFpbjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAJYqtUkQTlf/pHcGXuuII8S3pfI0fwFbs7l/1RP3nX3n
v1vyuvLi7h0jWsgJU0XM7LJywiRFJ8zsMLH7KZnIg7bscb50GY75WIq7C2NnWnnS
7zzyCCm2XD/2xZPym2lVRytpnWJbpemSS6Hdz7xI3q2FmixuBa1t5FeKsXfeaGGg
+ohwLvamnGHJYUYu3Nu0EWVzzy5wgT0c2C5jleGxl3kxRimD8FpnlAVdqyt0ib/f
f9XanaotSopIHUZmpYjT+udRC2+harlNKvOXYgDRl1mpimCvlzEWpZAo8dyBCxWl
xlBIT8OA8rimGi1XviknuOlWu2cGi13Ug8mCG0MjOQ0CAwEAAaOB+TCB9jAdBgNV
HQ4EFgQUt+1vJ2X2ho12PUDhdo2CsSHYXbYwgcYGA1UdIwSBvjCBu4AUt+1vJ2X2
ho12PUDhdo2CsSHYXbahgZekgZQwgZExCzAJBgNVBAYTAkhLMQswCQYDVQQIEwJI
SzERMA8GA1UEBxMISG9uZ0tvbmcxEDAOBgNVBAoTB1B1cmVWUE4xCzAJBgNVBAsT
AklUMRAwDgYDVQQDEwdQdXJlVlBOMRAwDgYDVQQpEwdQdXJlVlBOMR8wHQYJKoZI
hvcNAQkBFhBtYWlsQGhvc3QuZG9tYWluggkA3KwF0UPpTagwDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQUFAAOCAQEAAhLQQmkKWJdyGqgMSKOWXSKN2WXTDjIdb9bK
Q8uHeq0LYCcPoRh8VYJg2X4UWR/KO9pKaG+iZJw4Jqz4GQJjjJLKHfsWwj790ay0
7U5KT08qmxFaxZUYn663H9b0+Zud1spTsTJjVe1eoRk6IDbbB4OMUzN9zyWEn6er
xi6llIAjQX1qtlBQasmTAbRtbSsCsZAxL2kXysULIdLrQP0iTgMQqqkv5zvpdEKN
3ciKCd8OHEhHOlAwA0/DNy3dg3Et0F2hNMDJhqMpxXsbKtGJ/rzGXQF2geEVzLZA
o42I1wBOSZLTX1fO1gl3gAGS9aYg5o31rrpBKzQewitJgIuc+Q==
-----END CERTIFICATE-----
</ca>

#
# 2048 bit OpenVPN static key
#
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
e30af995f56d07426d9ba1f824730521
d4283db4b4d0cdda9c6e8759a3799dcb
7939b6a5989160c9660de0f6125cbb1f
585b41c074b2fe88ecfcf17eab9a33be
1352379cdf74952b588fb161a93e13df
9135b2b29038231e02d657a6225705e6
868ccb0c384ed11614690a1894bfbeb2
74cebf1fe9c2329bdd5c8a40fe882062
4d2ea7540cd79ab76892db51fc371a3a
c5fc9573afecb3fffe3281e61d72e915
79d9b03d8cbf7909b3aebf4d90850321
ee6b7d0a7846d15c27d8290e031e951e
19438a4654663cad975e138f5bc5af89
c737ad822f27e19057731f41e1e254cc
9c95b7175c622422cde9f1f2cfd3510a
dd94498b4d7133d3729dd214a16b27fb
-----END OpenVPN Static key V1-----

</tls-auth>
key-direction 1

verb 1
mute 20
route-method exe
route-delay 2
auth-user-pass
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn

Spoiler: PureVPN USA 256 log

Sun Feb 26 18:39:30 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Sun Feb 26 18:39:30 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Feb 26 18:39:30 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Enter Management Password:
Sun Feb 26 18:39:32 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Feb 26 18:39:32 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]172.111.236.2:53
Sun Feb 26 18:39:32 2017 UDP link local: (not bound)
Sun Feb 26 18:39:32 2017 UDP link remote: [AF_INET]172.111.236.2:53
Sun Feb 26 18:39:32 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Feb 26 18:40:08 2017 [PureVPN] Peer Connection Initiated with [AF_INET]172.111.236.2:53
Sun Feb 26 18:40:09 2017 open_tun
Sun Feb 26 18:40:09 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{187671D5-CC16-4AAA-A992-10092BAE5B88}.tap
Sun Feb 26 18:40:09 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 172.111.236.128/172.111.236.130/255.255.255.192 [SUCCEEDED]
Sun Feb 26 18:40:09 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.111.236.130/255.255.255.192 on interface {187671D5-CC16-4AAA-A992-10092BAE5B88} [DHCP-serv: 172.111.236.190, lease-time: 31536000]
Sun Feb 26 18:40:09 2017 Successful ARP Flush on interface [4] {187671D5-CC16-4AAA-A992-10092BAE5B88}
Sun Feb 26 18:40:09 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Feb 26 18:40:11 2017 Initialization Sequence Completed

Spoiler: PureVPN USA 128 LOG

Sun Feb 26 18:56:46 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Sun Feb 26 18:56:46 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Feb 26 18:56:46 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Enter Management Password:
Sun Feb 26 18:56:48 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Feb 26 18:56:48 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]172.94.41.130:53
Sun Feb 26 18:56:48 2017 UDP link local: (not bound)
Sun Feb 26 18:56:48 2017 UDP link remote: [AF_INET]172.94.41.130:53
Sun Feb 26 18:56:48 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Feb 26 18:56:50 2017 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher AES-256-CBC'
Sun Feb 26 18:56:50 2017 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Sun Feb 26 18:56:50 2017 [PureVPN] Peer Connection Initiated with [AF_INET]172.94.41.130:53
Sun Feb 26 18:56:52 2017 open_tun
Sun Feb 26 18:56:52 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{187671D5-CC16-4AAA-A992-10092BAE5B88}.tap
Sun Feb 26 18:56:52 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 172.94.41.224/172.94.41.232/255.255.255.224 [SUCCEEDED]
Sun Feb 26 18:56:52 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.94.41.232/255.255.255.224 on interface {187671D5-CC16-4AAA-A992-10092BAE5B88} [DHCP-serv: 172.94.41.254, lease-time: 31536000]
Sun Feb 26 18:56:52 2017 Successful ARP Flush on interface [4] {187671D5-CC16-4AAA-A992-10092BAE5B88}
Sun Feb 26 18:56:52 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Feb 26 18:56:52 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:56:52 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:56:54 2017 Initialization Sequence Completed
Sun Feb 26 18:56:55 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:56:55 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:56:57 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:56:57 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:00 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:00 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:00 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:02 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:02 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:02 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:03 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:05 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:05 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:05 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:07 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:07 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:09 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:10 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:10 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:12 2017 Authenticate/Decrypt packet error: cipher final failed
Sun Feb 26 18:57:13 2017 NOTE: --mute triggered...

I changed the .ovpn cipher AES-128-CBC because PUREVPN says cipher up to 256 but it seems it doesnt work."cipher' is used inconsistently"

what does "WARNING: No server certificate verification method has been enabled." mean ?

 

[doczenith1]

I did some testing a while back that may help you with some reference numbers on throughput. These are my speeds using the OpenVPN Client on two different ASUS routers. Both routers running Asuswrt-Merlin 380.64 firmware. Using the VPN client to connect through PIA VPN servers.

AC3100 (1.4 Ghz dual core)
CTF enabled
DL: 61 Mbps with core 1 at 25%, core 2 at 75%
UL: 84 Mbps with core 1 at 35%, core 2 at 100%

AC68U (1.0 Ghz dual core)
CTF enabled
DL: 44 Mbps with core 1 at 30%, core 2 at 80%
UL: 58 Mbps with core 1 at 40%, core 2 at 100%

For reference, when using the same PIA VPN server with a windows client I'm able to attain 250 Mbps down and 350 Mbps up on the same DSLReports HTML5 speed test.

Data encryption: AES-128
Data authentication: SHA1
Handshake: RSA-2048

 

[ignade82]

Thanks, mate.
I am still testing Opevpn 64bit on Win 10Instad to use PurePvn client.
I still don't understand why I can connect to cipher 256 but not to 128 or none .
Next days I will post my benchmarks
I have read in other forums the same problem with these routers but it is difficult understand .I am a bit skeptical for what it is best for me.
I am willing to spend max 200£.Therefore RT_AC3100 matches.In your test it is ok but in other no ..
From my research with Asus router I can do:
-VPN client routing on my amazon fire tv
-create share drive/NAS
-USB printer
-Download master for torrent/emule to share drive?
-adblock on router

Instead, If I buy Pfsencebox
-Power for VPN
-spend a lot of time study and config
-I don know how much it will be with 4 port g and 2 wifi 2.4 5 G
-I can't use as NAS
I can't use for printer
-NO torrent/emule

 

[MichaelCG]

To note...the pfSense doesn't have to replace the existing WiFi and switch features of your current device. It can just be the router/firewall...leave all WiFi, USB, and other features on the original device which is re-configured to be just an AP.

Regarding the cipher at 256, 128, or none. This is the key length used in the encryption. AES-256 is very strong, but higher CPU utilization. AES-128 is pretty strong, with less CPU utilization. While "none" is no encryption and is mostly pointless since there is no security, but very low CPU utilization. Depending on what your provider supports and what your client supports will determine which cipher suites you have available.

 

[ignade82]

To note...the pfSense doesn't have to replace the existing WiFi and switch features of your current device. It can just be the router/firewall...leave all WiFi, USB, and other features on the original device which is re-configured to be just an AP.

Interesting but unfortunately I can't because my company Virgin media Uk that has a crap router It can't work as AP. So I should buy anyway.I take into consideration.

Regarding the cipher at 256, 128, or none. This is the key length used in the encryption. AES-256 is very strong, but higher CPU utilization. AES-128 is pretty strong, with less CPU utilization. While "none" is no encryption and is mostly pointless since there is no security, but very low CPU utilization. Depending on what your provider supports and what your client supports will determine which cipher suites you have available.

I am trying to understand If PureVPN can do it but t technical service is bad.