Jump to content
Not connected, Your IP: 18.205.59.250

Recommended Posts

Asus RT-N16:

  • DD-WRT
  • Broadcom BCM4716 chip rev 1
  • Clock = 500 MHz (slightly up from factory 480)
     

My bottleneck is at the router while utilizing the DD-WRT OpenVPN Client function. I get a 40% decrease in bandwidth as apposed to using VPN straight from the computer. This is due to limintations of the onboard processor.

I use the router because I have just the one VPN account so I have all the computers in the network going through it. I tested the bandwidth with just a single computer connected to assure that it wasn't a network sharing issue.

Now I believe my options are:

  1. Overclock the hell out of the router.
  2. Running some kind of local OpenVPN Server.
  3. Purchase a better router.
  4. Purchase additional separate monthly VPN accounts


I would like to go with 2 because its the cheapest and less risky. Also because I am already running a local tower as SFTP file server and Ubuntu+Debian package archive mirror.

Now my knowledge of OpenVPN is limited as is my knowledge of DD-wrt routing functions.

Ideally I would like to prevent any and all PlainText traffic. So I think my setup would look roughly like this.

Current Configuration:
[Computers & Devices] --P--> [Router] --E--> [iSP] --E--> [VPN Provider] --P--> [internet]

Proposed Configuration:
[Computers & Devices] --P--> [Router] --P--> [Local OpenVPN Server] --E--> [Router] --E--> [iSP] --E--> [VPN Provider] --P--> [internet]


P = PlainText
E = Encrypted VPN Tunnel

Share this post


Link to post

Hello,

 

you might also like to evaluate a solution which is potentially simpler, i.e. configuring one computer as a host (sharing Internet connection). The host connects to a VPN server, and accepts connections from the other devices in your network. The guests will have their traffic tunneled transparently. The host needs to have two NICs: one network card is used to connect to the VPN server, while the other accepts connections from the guests. In this way you'll need to run only one OpenVPN instance on the host and you will not need to run on it an OpenVPN server.

 

Kind regards

Share this post


Link to post

Hello,

 

probably only to your router. The important thing is that it has two NICs. Normally the configuration is not difficult with nowadays OS. For example, if you connect the host to the router via cable, the guests can connect to the WiFi card of the host computer (instead of connecting to the router). When the host is connected to a VPN server, the guests traffic will be tunneled transparently. Our servers will see only one connection, so you can use the VPN with as many devices as you wish with just one account.

 

Some instructions for a graphical environment with network-manager in Linux:

http://linuxforums.org.uk/index.php?topic=10064.0

 

Some instructions for Windows 8:

http://windows.microsoft.com/en-us/windows-8/using-ics-internet-connection-sharing

 

Some instructions for Windows 7:

http://windows.microsoft.com/en-us/windows7/set-up-a-shared-internet-connection-using-ics-internet-connection-sharing

 

Kind regards

Share this post


Link to post

This thread is very useful for me as I asked via ticket about same thing. What i want to do in a near future is to buy a ASUS RT-N16 router just to install on it DD WRT and make use of it openVPN client feature. Now after reading answear to my ticket, and this thread I'm confused thinking do I really need a router with a open VPN client if I can set up this all "sharing internet connection" and what's more important make use of your VPN service without router's bottlenecking - as mentioned in threads subject. What I don't understand is a basic concept, connectibility of all of this so called ISC. Please could you explain me in a most simple way what kind od hardware would I need to have and how to connect it to make this work (please give a simple schemat what connects to what and through what - it may be in a format which thread author used with those x-->y-->z schematics - if I understand it I'll read on internet how to do this, but before it I need to catch a basic concept of such a resolution - that's what I'm asking you for). What I understand is that i would need 2 NIC's on my PC (now I'm not even sure what's a NIC - is that a built in onboard LAN card which i normally use to plug into an ethernet cable with my cable internet? is that it?). If yes what i understand i would have to buy another one and plug it into onboard PCie slot - am I right about this. Even if i would have 2 NIC do I need a router at all to set this all up? How a "guest" devices connect to host PC, via onboard PC's WIFI card?? Please explain me how all of this should be connected and what's more important do I need at all a router with a openVPN functionality to make this all work or a normal router without this function will make this work (e.g. my current Tp-Link MR 3420 v.2 which doesn't suport Open VPN-ing - shortly/briefly speaking it got too low memory to work with openVPN (there's a way to make it work - something called "exroot" but it's too messed up for me, i would rather go with a shortcut and buy a new router which support it out of the box then messing up with my current router with this method).

Last thing about which I'd like to ask is could you give me some clues/advices as fast as you can cuz currently I'm bidding in a auction for RT-N16 which ends up in 2 days and I wouldn't like to buy it and find out later on that it's unnecessary for what i want to accomplish which is to use more then one devices on your account without this "router's bottlenecking" limiting my cable's max bandtwith.

P.S. What's a "Local OpenVPN Server"- is that a routers feature or is it another piece of hardware needed to make work this 2 NIC's method?

Help.

Thank you in advance

Share this post


Link to post

@bizel

 

Hello,

 

NIC = Network Interface Card

 

If your only purpose is connecting multiple devices inside your network with just one Air account and you have a suitable host computer, you don't need DD-WRT or Tomato or any other router running OpenVPN. The same applies in every case for which you connect a computer to a VPN server.

 

The best thing to do is probably a test by yourself: setting up a host should take just a few minutes.

 

A guest can connect to the host via WiFi or Ethernet, it depends on the available NIC on the host.

 

Kind regards

Share this post


Link to post

Yes please give an example schematic as I am also still confused as to what your proposing. Am I essentially building a new router? Buying another Network Interface Card would still be a cost and I would like to cut down on that as much as posible due to being a poor college student.

 

 

@bizel

 

The Asus RT-N16 is a good router however there are limitations. So far with DD-Wrt I have only got it to work with G only wireless or N wireless. Haven't been able to make it work Dual G+N.

 

The results of connection tests that determined my bottleneck was the Router are as follows.

 

Without VPN

15 - 16.5 Mbps

VPN From Computer

10 - 11.5 Mbps

VPN through Router

5 - 7.5 Mbps

 

If your max connection speed is less then 5 Mbps then you wont have a bottleneck.

FYI: 1 Mbps (Megabits per secound) = 0.125 MBps (Megabytes per secound) or 125 KBps (kilobytes per second)

Share this post


Link to post

What I would like to accomplish is to set a VPN client on my main PC which would be as a host (so all the encyption would take place via PC's processor which is I7-2600K so I wouldn't get all this bottlenecking - it provides enough power to encypt VPN encryption) and share this connection around all other wireless devices I use in home. In the end all devices would share host's connection to a VPN server. One thing which I don't know how to set up is how wirelessly share this connection beetween host and those other devices - can it be done through a router (just simple host's connection sharing)?. If yes I would use my current router which is Tp-Link Mr 3420 v.2 but I don't know how to set up all this. I think it is possible to share it via onboard PC wifi card but wouldn't router be faster for such a setup. Please help if you can.

Share this post


Link to post

Hello,

 

you might also like to evaluate a solution which is potentially simpler, i.e. configuring one computer as a host (sharing Internet connection). The host connects to a VPN server, and accepts connections from the other devices in your network. The guests will have their traffic tunneled transparently. The host needs to have two NICs: one network card is used to connect to the VPN server, while the other accepts connections from the guests. In this way you'll need to run only one OpenVPN instance on the host and you will not need to run on it an OpenVPN server.

 

Kind regards

Above I checked and underlined a part which I don't understand how it would be connected. In such a scenario 1st NIC is connected to a VPN (but how I mean I stick my cable ISP cable into it? and what about 2nd NIC - what i connect to it? and how it accept connections from guests ? through onboard PC wifi card aor can I use my router for it?

Share this post


Link to post

I just realized something. 2nd NIC should be with wifi function to work in such a 2 NIC setup? Or is it enough to buy additional NIC with  port RJ-45  connect a router to it and it should share my connection via such a setup (through router).

Share this post


Link to post

I see it this way:

Cable modem directly connected to 1st NIC at host PC where I establish VPN client and connection,then

2nd NIC connected to a router which receives and sends connections from other devices to hosts PC shared established VPN tunnel.

What I don't know is how to set up router, in which mode it should be set up?

Share this post


Link to post

@bizel

 

No router specific configuration is required.

 

For example, let's assume that the candidate host has two NICs, one Ethernet card and one WiFi card (a common setup for most desktop and laptop computers).

 

The host connects via OpenVPN to an Air VPN server via the virtual tun/tap card and the physical Ethernet card (physically the cable goes to your router). It also shares Internet connection, necessarily via the WiFi card on the tun/tap adapter. The guests whose traffic must be tunneled connect to the host just like they do with any WiFi hot-spot. Other devices (if any), whose traffic you don't want to be tunneled, connect instead to the router. OpenVPN runs only on the host computer, therefore you need only one Air account.

 

Kind regards

Share this post


Link to post

FYI, the max VPN connection speed through the RT-N16 is 7-8 Mbps. Exactly what you're seeing. That's the limitation of the CPU's power. If you want to operate at 15+ Mbps then you'll have to configure another relatively recent computer (minimum i3) to operate as your router. You have no other options, other than paying thousands of bucks for a commercial router.

 

The results of connection tests that determined my bottleneck was the Router are as follows.

 

Without VPN

15 - 16.5 Mbps

VPN From Computer

10 - 11.5 Mbps

VPN through Router

5 - 7.5 Mbps

 

If your max connection speed is less then 5 Mbps then you wont have a bottleneck.

FYI: 1 Mbps (Megabits per secound) = 0.125 MBps (Megabytes per secound) or 125 KBps (kilobytes per second)

Share this post


Link to post

 

FYI, the max VPN connection speed through the RT-N16 is 7-8 Mbps. Exactly what you're seeing. That's the limitation of the CPU's power. If you want to operate at 15+ Mbps then you'll have to configure another relatively recent computer (minimum i3) to operate as your router. You have no other options, other than paying thousands of bucks for a commercial router.

 

The results of connection tests that determined my bottleneck was the Router are as follows.

 

Without VPN

15 - 16.5 Mbps

VPN From Computer

10 - 11.5 Mbps

VPN through Router

5 - 7.5 Mbps

 

If your max connection speed is less then 5 Mbps then you wont have a bottleneck.

FYI: 1 Mbps (Megabits per secound) = 0.125 MBps (Megabytes per secound) or 125 KBps (kilobytes per second)

 

Hello,

 

old CPUs like Intel P4 2.6 GHz can encrypt/decrypt at least 15 AES-256-CBC Mbit/s. Some time ago it was reported on this forum that an AMD C-60 (a dual core processor from 2010 normally mounted on laptop and netbook computers) running DD-WRT x86 could handle 24 Mbit/s

 

https://airvpn.org/topic/5553-x86-dd-wrt-build/?do=findComment&comment=5575

 

Kind regards

Share this post


Link to post

I found a solution for all this bottlenecking issue. I installed a program called Connectify and thank to it I'm able to share VPN tunnel without any bandtwith limits. Sad it works only on SSTP protocol (I can't figure it out how to make it work with OpenVPN - devices connected to a tunnel but they haven't got internet access). This way my router is currently useless as I share internet over USB Wifi NIC. Is there any way I could set up my router as an access point for a virtual router (connectify's network adapter)?

Share this post


Link to post

ok I have obtained another NIC card for my server. Can you please provide step by step instructions on how to do this "share internet connection" via the command line as my server does not have Xorg or any other GUI.

Share this post


Link to post

ok I have obtained another NIC card for my server. Can you please provide step by step instructions on how to do this "share internet connection" via the command line as my server does not have Xorg or any other GUI.

 

Hello,

 

this guide is quick and effective and it should be easily applicable to a wide variety of Linux installations.

http://xmodulo.com/internet-connection-sharing-iptables-linux.html

 

Kind regards

Share this post


Link to post

old CPUs like Intel P4 2.6 GHz can encrypt/decrypt at least 15 AES-256-CBC Mbit/s. Some time ago it was reported on this forum that an AMD C-60 (a dual core processor from 2010 normally mounted on laptop and netbook computers) running DD-WRT x86 could handle 24 Mbit/s

 

https://airvpn.org/topic/5553-x86-dd-wrt-build/?do=findComment&comment=5575

 

Kind regards

 

Sorry for digging up an oldie, but I would be really interested to buy a new machine for that purpose. Is there any well-known benchmark that I should check or any CPU review which tests the CPU performance on this specific encryption ? Also, what's the encryption used by AirVPN eddie client?

Share this post


Link to post

I don't know of any accurate benches. I'm sure there are a few around though. Might find them with a forum search.

 

New hardware wise - if you can hold off a little bit until the intel N3000 celery or the pentium N3700 are available on embedded motherboards that would be the route to take imo.

 

N3700 4 cores @ 1.6ghz - 2.4ghz = 6W TDP + AES

N3000 2 cores @ 1ghz - 2ghz = 4W TDP + AES

 

I have a few J1900 "asrock Q1900M Embedded" based setups atm with 10w tdp and have no issues running openvpn on them. But the J1900 has no AES. Got emm for around $50 each mobo+cpu. One is a openbsd based firewall and pulls 7-9w from the wall. Both run fanless. The new N series should be even better with aes and such.

Share this post


Link to post

Just wonted to post out, My TP-Link TL-WDR3600 v1 @ 560MHz is only pushing out 15Mb DL even with both TCP and UDP. My ISP is not throttle any ports etc its just a case if i upload so much bandwidth.

 

CPU, Model Atheros AR9344 v1
CPU Cores 1 
CPU Clock 560 MHz
Wifi supports both 2.4GHz, 5GHz
Load Average 7% 0.08, 0.05, 0.07 (1 PC, 1 Xbox One connected)
 
Speedtest with OpenVPN with LAN connection
42%  0.68, 0.37, 0.21 = 13Mb DL

 

DD-WRT v3.0-r29409 std (04/05/16) ftp://ftp.dd-wrt.com/betas/2016/04-05-2016-r29409/tplink_tl-wdr3600v1/

Kernel Version Linux 3.10.101 #20258 Tue Apr 5 02:39:47 CEST 2016 mips

OpenVPN 2.3.10 http://svn.dd-wrt.com/changeset/29170

 

However builds before this build ftp://ftp.dd-wrt.com/betas/2016/02-23-2016-r29147 is the last of OpenVPN 2.3.8 so i have no idea on speed wise....Will have to compare.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...