Jump to content
Not connected, Your IP: 3.236.55.137

Recommended Posts

I'm trying to get my house set up so some devices are on VPN, and some are not.  As I understand it, the easiest way to do this is by having a second router connected to the primary router, and have that second router set up for VPN devices, and the primary one for non-VPN devices.  First of all, does AirVPN support this, and if so, is there a guide on how to set it up?  The Router I currently have is a TP-Link Archer AC1750.  What do I need to look for when purchasing a second router?

Thanks!

Share this post


Link to post

Just get an asus AC86 and run merlin firmware.  With that you can do policy routing....routing some clients to the WAN and others through the VPN.  No need for two routers.

I recommend the AC86 because it has an AES-NI CPU so your openvpn speed should be satisfactory.

Share this post


Link to post
35 minutes ago, go558a83nk said:

Just get an asus AC86 and run merlin firmware.  With that you can do policy routing....routing some clients to the WAN and others through the VPN.  No need for two routers.

I recommend the AC86 because it has an AES-NI CPU so your openvpn speed should be satisfactory.


Apologies, most of that is a foreign language to me :)

I don't need WiFi on the VPN Router; everything is hard wired.  Is there a cheaper option?



 

Share this post


Link to post
2 hours ago, go558a83nk said:

no cheaper option unless you want to be crippled by a poor CPU.

 


Are you referring to using a single router solution?  Is using a second router a cheaper option which wouldn't "cripple" anything?  Do other VPN's offer more flexibility with router VPN solutions?

Share this post


Link to post

Yes, you could use a single router and still have some devices go through the VPN and others not.

I'm telling you, a cheap option will not be satisfactory with regard to speed.

I'll not even entertain using another VPN provider.

Share this post


Link to post
1 minute ago, go558a83nk said:

Yes, you could use a single router and still have some devices go through the VPN and others not.

I'm telling you, a cheap option will not be satisfactory with regard to speed.

I'll not even entertain using another VPN provider.


Speed in what terms?  Download/Upload?  If it makes a difference, the devices I want on the VPN are:

2 x Roku TV
1 x Roku Ultra
1 x Plex Server (Windows 10)

Share this post


Link to post
On 8/26/2019 at 11:43 AM, go558a83nk said:

Just get an asus AC86 and run merlin firmware.  With that you can do policy routing....routing some clients to the WAN and others through the VPN.  No need for two routers.

I recommend the AC86 because it has an AES-NI CPU so your openvpn speed should be satisfactory.


I've been reading and understanding a little more about your recommendations.  Considering what you suggested indeed.   Would an RT-AC68U be sufficient, though?

Share this post


Link to post
3 minutes ago, moogleslam said:

I've been reading and understanding a little more about your recommendations.  Considering what you suggested indeed.   Would an RT-AC68U be sufficient, though?


What speed are you wanting through the VPN?  The AC68U will struggle to do 30mbit/s.  The AC86 can do on the order of 200mbit/s because of AES-NI.

Share this post


Link to post
12 hours ago, go558a83nk said:


What speed are you wanting through the VPN?  The AC68U will struggle to do 30mbit/s.  The AC86 can do on the order of 200mbit/s because of AES-NI.

Per 4k streaming requirements, it looks like 25 mb/s is necessary, but if we're talking about potentially 2 or even 3 devices streaming at once, the AC68 might not cut it indeed.

Share this post


Link to post

Depending on your router, you should be able to flash DD-WRT to it and have VPN running in client mode.
That way it will connect to the AirVPN server and any devices that connect to your router won't need to run AirVPN locally.
You can also add exception lists so your streaming devices don't use the VPN and connect to the web directly (probably an issue for some geo-blocked streaming services).

To add a whitelist (IP addresses you *want* to use the VPN client on the router, in DD-WRT on the Services -> VPN page, under the Policy based routing section, add "192.168.XXX.XXX/32" (XXX = the actual local IP of the device/computer).
If this is done right, any IP's not on that list will connect to the web nakedly.

Share this post


Link to post

Hi guys,

I've made some good progress:
1.  Purchased and set up ASUS RT-AC86U
2. Flashed with latest Asuswrt-Merlin
3. Installed VPN on it via config files and tested.  Success
4. Tested Policy Rules.  Success

My problem now is that my applications such as Amazon Prime & Netflix, running on a Roku TV, which I added to the policy to route through VPN, are being detected as running on the VPN, and are blocked. 

I've since tried using Obfuscated config files, but I cannot get the Service State to turn to ON when trying these.  Is there an additional change in the router that's required with obfuscated configs, which was not required with the standard config files?

Alternatively, I've read some stuff about setting up OpenVPN to run on TCP port 443 to solve this, but I'm not sure how, and am also concerned that it will be slower because it's not UDP.  Can this be done on my router, rather than via software?

Any solutions?  Thanks!

 

Share this post


Link to post

I don't know what's missing that you can't connect with tls-crypt configs.

Make sure that:
auth digest = sha512
TLS control channel security = encrypt channel


Getting those streaming services working has nothing to do with the above obfuscation but rather making sure your DNS isn't leaking.  If DNS isn't leaking they still may be sniffing you out some other sneaky way or just blocking IP addresses of the VPN.

To make sure DNS isn't leaking make sure the setting
Accept DNS Configuration = exclusive

Test for DNS leaks at ipleak.net

Again, it doesn't matter to those streaming services what port and protocol you use .  They just block IPs.  Use UDP if you can.  Only use TCP if your ISP heavily throttles UDP.

Share this post


Link to post

Checked the 3 things you listed, and had to change two; TLS control channel security and also Accept DNS Configuration.  Tested with Amazon Prime, and no issues!  Will test again with Netflix later tonight, and then I'll see if it helps avoid regional blackouts with a football game this weekend.

Thank you so much!

Share this post


Link to post

I might have spoken too soon.  It seems that TLS control channel security = Encrypt Channel is preventing my Router from connecting to the server.  Service State will go to ON, but adjacent it just says "Connecting...", and it never gets to "Connected"

Tried it with this setting set to Outgoing Auth (1), and it connects, but then Netflix detects the VPN again.

Have tried Router reboots and different config files, but no success.

Seeing this in the Log:

Sep 13 17:35:26 ovpn-client1[8199]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sep 13 17:35:26 ovpn-client1[8199]: TLS Error: TLS handshake failed
Sep 13 17:35:26 ovpn-client1[8199]: SIGUSR1[soft,tls-error] received, process restarting
Sep 13 17:35:26 ovpn-client1[8199]: Restart pause, 5 second(s)

Share this post


Link to post

Hello,
I think that I may have come to this party late. I live in the UK and my ISP is Virgin Media who gave me a free Cable WiFi Router (ADSL).
Sadly this router can not be used as a VPN Client so I bought a Linksys WRT 1900ACS router (DSL). The Linksys Router is a router designed for a telephone line and not a Cable router. This meant that I had to turn the free Virgin Media Cable Router into a modem. I then connected my Linksys Router to the Virgin Media Router. From this point all my network and internet connections went through the Linksys Router.

I then followed the AirVPN How-To walk-through tutorial to set up my Linksys Router. Once I followed the tutorial, everything in my home went through the VPN. I did not have to worry about what or where the kit was and I did not have to do anything to the kit other than connect it to my Linksys Router.

And the best bit about my choice of Linksys Router is that I get impressive encryption speeds which can easily hit 200mbps, provided I pay for those speeds. I am only limited by which VPN server I point my Linksys Router at and how much I am willing to pay to my ISP for their speed packages.

I just open a Command Prompt and type the magic words
nslookup gb.all.vpn.airdns.org dns1.airvpn.org
If I want another country then I replace the letters gb for Great Britain with another country like the Netherlands with nl
nslookup nl.all.vpn.airdns.org dns1.airvpn.org


Long story short I use a Linksys Router which is flashed with DD-WRT firmware and I then use the Router as a VPN client for everything within my home.

Share this post


Link to post

Which version of the Virgin Superhub are you running in modem mode?. There are a lot of complaints both here and at the Virgin support forums on a reduction in broadband speed via VPN since the introduction of the superhub v3.0 to replace the superhub v2.0ac. Although I now have a reasonable download speed with my superhub v3.0 in modem mode running through a Linksys EA7500 router it was much better with my previous v2.0ac version and I personally wish I hadn't changed it out.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...