Jump to content
Not connected, Your IP: 18.119.137.175
agunymous

"Small AirVPN Thingy"?

Recommended Posts

Hi there,

 

I´m switching from a Tomato router to an AVM Cable Router (https://en.avm.de/products/fritzbox/fritzbox-6490-cable/technical-data/) with stock firmware which sadly does´t support OpenVPN but rather relies on IPSec.

 

To  keep the AirVPN functionality, I am thinking about getting a small dedicated device (like RasPi, NUC ,...) that will channel all WAN traffic through AirVPN servers to all devices that are connected to the AVM router.

 

Do you have any suggestions for a capable, user-friendly device, that will have enough power to facilitate the full AirVPN-Speed while being energy-efficient and 100% quiet (no fans)?

 

Looks like a RasPi 2 is not sufficient for full speed (e.g. when torrenting) and pfsense-hardware would be just too expensive?

 

Do you have any suggestions?

Maybe just using a NUC with Linux?

 

Thanks for your help, I´m thankful for any input.

Share this post


Link to post

Define expensive. If you want to use high speed broadband internet, and have the same speed with VPN on, you will

have to get hardware that can support it. Otherwise you will be paying for your ISP for something you can never get.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Why you dont add the tomato Router behind the avm Modem/Router?

 

You can Check the Linksys wrt 1200ac v1 or 1900acs v1

 

I read on ddwrt Board wrt1200ac should give 70Mbps openvpn speed

Share this post


Link to post

Any suggestions for something that would handle 150 meg (maybe 200)?  My budget is not unlimited but I can see I have to spend a little more money than I did in the past.  Currently I get just shy of 150 but within a year or two I am betting my pipe will be near 200 around here.  Open to almost anything that doesn't require me to sell my first born.  On some days that would be negotiable too!

Share this post


Link to post

Any suggestions for something that would handle 150 meg (maybe 200)?  My budget is not unlimited but I can see I have to spend a little more money than I did in the past.  Currently I get just shy of 150 but within a year or two I am betting my pipe will be near 200 around here.  Open to almost anything that doesn't require me to sell my first born.  On some days that would be negotiable too!

 

There are many threads on the pfSense forums where people discuss their own custom hardware builds.

Here is one example:

https://forum.pfsense.org/index.php?topic=75415.0

 

When you want anything beyond 100Mbit you must use x86 hardware, so no consumer router is an option for you.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Any suggestions for something that would handle 150 meg (maybe 200)?  My budget is not unlimited but I can see I have to spend a little more money than I did in the past.  Currently I get just shy of 150 but within a year or two I am betting my pipe will be near 200 around here.  Open to almost anything that doesn't require me to sell my first born.  On some days that would be negotiable too!

 

did you check out the pfsense store as I suggested?  I refuse to hold hands so you're going to have to do the legwork on your own.

Share this post


Link to post

Wow, thanks for all the replies & sorry for getting back to you so late!

 

I only got a 100mbit/s connection, so maybe the Linksys wrt 1200ac v1 or 1900acs v1 would be actually sufficient... the price for the 1200ac v1 looks tempting... especially since I already know the Tomato interface and wouldn't have to familiarize myself to a new router/firewall os.

 

A custom hardware build is a nice idea, but I´d rather stick to a preassembled consumer product... I just don't have the time to tinker with electronics right now. ;-)

 

I just checked the pfsense store and the stuff they got there looks really nice and rock solid, but the prices are just too high for me since I only use AirVPN in my spare time and as a hobby.

 

So I guess that for openvpn speeds between 70-100mbit/s, I´ll just look into consumer routers a little more... if anyone has any (DD-WRT-, Tomato-, pfsense-) hardware-recommendations besides the two LinkSys routers, I´d be happy to hear from you!

 

Thanks again for all your input!

Share this post


Link to post

Ah, this doesn't sound too encouraging. ;-) So you think the mentioned 70mbit/s using a wrt 1200ac are not a real-world-scenario? Too bad... looks like I´ll have to spend more money then... 

Share this post


Link to post

Mentioned where? OpenVPN in AES-256 mode is intensive, without an AES-NI capable CPU you won't have much luck on those arm/mips routers.

 

dj77 said it above in this thread.

Share this post


Link to post

Mentioned where? OpenVPN in AES-256 mode is intensive, without an AES-NI capable CPU you won't have much luck on those arm/mips routers.

Talking about AES-NI capable CPUs... this just reminded me, that I´m using a rather new Synology DS 716+ (Datasheet). The NAS is only used by max. 2 devices simultaneously and it´s running idle most of the time. I think that the NAS would be ok for running OpenVPN in AES-256 mode... but probably the NAS would be the only device able to use the OpenVPN connection, right? Or would I be able to somehow route the "encrypted connection" back into the router and make the openvpn connection usable by other devices on the network? Sorry if this is a stupid question but I´m a novice regarding OpenVPN & networks.

 

Thanks for your help!

Share this post


Link to post

was able to successfully setup openvpn to connect to privateinternetaccess, using my computer my speed goes up to 90MB UP/DOWN but with my router it only goes up to 8MB UP/DOWN

 

You should re-read the first post and the replies. There is no way a consumer router will reach those speeds even with AES-128 OpenVPN.

Post 7 is not a realistic test - maybe on a local LAN network and using iperf. You can't have this on 1333Mhz arm without AES-NI.

I would be happy to see any proof for that.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Read what Kong say he is Developer i think you can Trust him

 

I Tested wrt1200ac and i have fullspeed with ovpn.to 50Mbps aes256 + sha512 + tls cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384

 

I Tested Kong Build not Brain slayer

 

Wrt1200ac and 1900acs use Marvel CPU Looks like they Are faster then broadcom

Share this post


Link to post

This is not about trust, it's simple hardware and a little math. 50Mbit might be more realistic, but nowhere around the numbers you mentioned above.

You can use the openssl benchmark to estimate your throughput:

openssl speed -elapsed -evp aes-256-cbc

 

The actual tunnel speed will be a little lower than the average number in these tests.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

 

Any suggestions for something that would handle 150 meg (maybe 200)?  My budget is not unlimited but I can see I have to spend a little more money than I did in the past.  Currently I get just shy of 150 but within a year or two I am betting my pipe will be near 200 around here.  Open to almost anything that doesn't require me to sell my first born.  On some days that would be negotiable too!

 

did you check out the pfsense store as I suggested?  I refuse to hold hands so you're going to have to do the legwork on your own.

 

 

I am reading and investigating the expense vs performance, which will take a bit to conclude.  In the meantime I removed the encryption from the router, pass directly through via ethernet, and I crunch the tunnel math in a high end laptop as a linux host on a vpn1 scenario.  Air is my #1 server before other hops.

 

In this mode vpn1 pulls at least 50 even with a ssl tunnel wrapper in place over the first hop.

 

If I hit the Powerball this will all be moot, but for now $$ is a factor.  Same for almost all of us!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...