Jump to content
Not connected, Your IP: 3.137.162.107
AirSpider

Virgin Media + OpenVPN = Fail?

Recommended Posts

I tried that VPNwatcher its ok for some reason I could not get it to work it jus refused to start...

 

VPNcheck is another one and I know when i tried the trial it worked pretty good also has a prevent leak dns button and you can add programs which will close unless it detects its connected to the VPN tunnel it checks the connection every 0.5 sec so its instant.

 

info and good read with links here:

http://torrentfreak.com/how-to-make-vpns-even-more-secure-120419/

 

I would still suggest pfsense firewall with openvpn inbuilt client on a dedicated pc is the best way forward, no ip/dns or connection leaks once set up correctly or once you followed the guide here and you may max out your speeds since other virgin customers have done this and put that poor quality modem into modem only mode and with pfsense and got full speeds also, rainmaker above same but with IPfire which looks like another similar firewall software like pfsense and he maxxed out this speeds. think the trick is to move to dedicated firewalls and set modems to modem mode so its direct

Share this post


Link to post

I tried that VPNwatcher its ok for some reason I could not get it to work it jus refused to start...

 

VPNcheck is another one and I know when i tried the trial it worked pretty good also has a prevent leak dns button and you can add programs which will close unless it detects its connected to the VPN tunnel it checks the connection every 0.5 sec so its instant.

 

info and good read with links here:

http://torrentfreak.com/how-to-make-vpns-even-more-secure-120419/

 

I would still suggest pfsense firewall with openvpn inbuilt client on a dedicated pc is the best way forward, no ip/dns or connection leaks once set up correctly or once you followed the guide here and you may max out your speeds since other virgin customers have done this and put that poor quality modem into modem only mode and with pfsense and got full speeds also, rainmaker above same but with IPfire which looks like another similar firewall software like pfsense and he maxxed out this speeds. think the trick is to move to dedicated firewalls and set modems to modem mode so its direct

 

Absolutely this. I actually prefer the pfSense GUI and setup, but IPFire is Linux (rather than FreeBSD) based. As such it has huge support for wireless cards in comparison to *BSD/pfSense, though once pfSense v2.2 is out and my TL-WDN4800 is supported I'll be moving over. Either way though, putting VM's paltry offering into modem only mode and using a dedicated x86 hardware router/firewall is the way to go. My box is actually an 'old' Dell with a Core2Duo E7600 and 2GB RAM so it's nothing amazing, but it definitely does the job until I can build something purposefully.

Share this post


Link to post

I agree with both you guys that taking ownership of your own routing set up is the way to go.

 

I recently gave an old PC I had sitting here gathering dust to a family member for them to play with,now I'm thinking I could have used that so I will be keeping my eyes open for a cheap old set up to play with.

 

Thanks for your inputs on this thread.


One thing that concerns me a little is if I minimise the vpn watcher to the tray whenever I maximise it to have a look it always opens with Chinese text in the bottom of the window.

Share this post


Link to post

I tried that VPNwatcher its ok for some reason I could not get it to work it jus refused to start...

 

VPNcheck is another one and I know when i tried the trial it worked pretty good also has a prevent leak dns button and you can add programs which will close unless it detects its connected to the VPN tunnel it checks the connection every 0.5 sec so its instant.

 

info and good read with links here:

http://torrentfreak.com/how-to-make-vpns-even-more-secure-120419/

 

I would still suggest pfsense firewall with openvpn inbuilt client on a dedicated pc is the best way forward, no ip/dns or connection leaks once set up correctly or once you followed the guide here and you may max out your speeds since other virgin customers have done this and put that poor quality modem into modem only mode and with pfsense and got full speeds also, rainmaker above same but with IPfire which looks like another similar firewall software like pfsense and he maxxed out this speeds. think the trick is to move to dedicated firewalls and set modems to modem mode so its direct

I tried VPNetMon first but it wouldn't work off the bat for me

Share this post


Link to post

not that brilliant I reckon, once you factor into shipping cost etc

 

check here:

 

https://airvpn.org/topic/11422-recommended-specs-for-air-and-pfsense/

 

some specs to look over I still think look about on ebay for some desktop machines even 2nd hand ones you do sadly have to spend a good £200-300 to get a fairly good spec up (new build) and running that price factors in a 4 port intel nic or you could get a 2 port intel nic which is cheaper. I know its more money but spending £100-150 on a router that will still be slower overall is even worse.

 

As is with the above link finding a cpu with AES support and 2ghz+ helps.

Share this post


Link to post

I think I recall some tried this but sadly for openvpn you really do need a beefy and powerful cpu like 2ghz+ if you can find any intel or amd cpu 2ghz+ and with AES instructions then your in business.

 

I understand the £200-300 is costly but there are plenty of people out there that will inform you and myself included you can never put a price on your privacy and security, at least with Air your with the best VPN  provider going it just requires that extra bit and effort.

 

Oh I will add try Airs new beta Client and see if that improves your performance with your Virgin issue? worth a long shot also

 

I spotted on ebay some guys sometimes selling intel core i5 and even Core i5 or xeon E3-1220 desktops for £150-200 roughly price tags, lots of choices are arriving I noticed even AMD released these new kambini AM1 2.05ghz quad cpus for £41 (has AES instructions also which helps )and the motherboards are cheap you maybe better saving the £100-150 or sourcing cheap 2nd hand parts ie case+p/s and ram/hdd and just building it.

 

Spending £30 or £60 or £80 on a router or anything else is just a waste of time and money and I know since I did exactly the same thing few months ago on a DDRT Router waste of $100 router since it was too slow for openvpn and my speeds suffered.

 

Certainly better off looking on ebay for a 2nd hand PC with 2ghz+ see some even go for £30-50 or $60-80 all the time

Share this post


Link to post

 

 

I think I recall some tried this but sadly for openvpn you really do need a beefy and powerful cpu like 2ghz+ if you can find any intel or amd cpu 2ghz+ and with AES instructions then your in business.

 

I understand the £200-300 is costly but there are plenty of people out there that will inform you and myself included you can never put a price on your privacy and security, at least with Air your with the best VPN  provider going it just requires that extra bit and effort.

 

Oh I will add try Airs new beta Client and see if that improves your performance with your Virgin issue? worth a long shot also

 

I spotted on ebay some guys sometimes selling intel core i5 and even Core i5 or xeon E3-1220 desktops for £150-200 roughly price tags, lots of choices are arriving I noticed even AMD released these new kambini AM1 2.05ghz quad cpus for £41 (has AES instructions also which helps )and the motherboards are cheap you maybe better saving the £100-150 or sourcing cheap 2nd hand parts ie case+p/s and ram/hdd and just building it.

 

Spending £30 or £60 or £80 on a router or anything else is just a waste of time and money and I know since I did exactly the same thing few months ago on a DDRT Router waste of $100 router since it was too slow for openvpn and my speeds suffered.

 

Certainly better off looking on ebay for a 2nd hand PC with 2ghz+ see some even go for £30-50 or $60-80 all the time 

 

I just typed out a thorough reply to this, and then accidentally refreshed the page and lost it all. D'oh! 

 

Sorry but it's too much to re-type so in summary: 

 

I agree with the above, and as said earlier in the thread I run an old re-purposed Dell Inspiron with a Core2Duo E7600 2.53GHz and 2GB DDR2 RAM. I was running IPFire on it (a Linux distro similar to pfSense, forked from IPCop), but for whatever reason my supported wifi card was only able to run at 2.4GHz as an access point. Trying to run on the 5GHz spectrum just crashed hostapd even though my card is on the hardware compatibility list for the distro. Weird. 

 

So I've switched over to pfSense 2.2 alpha in the last few days (it's the only release to support my TP-Link WN-4800 pci-e 450Mbps 3 antennae card). It's not as noob friendly as IPFire, but with years of Linux under my belt I soon got the swing of it (basics anyway) and set up my router/firewall/WAP working perfectly in 5GHz mode. I've run through pfSenseFan's AirVPN on pfSense tutorial in a virtual machine but I wouldn't trust myself to attempt to deploy it on my bare metal just yet as I'm not 100% confident I understand all the steps should anything go wrong. I like to be able to fix my messes from CLI without losing precious uptime lol

 

Contemporaneously with the switch to pfSense I also ditched OpenSUSE 13.1 x64, after a week or two of use and went back to Fedora 20. Ubuntu lost me with Unity, and Mint 16 is buggy with my multi-drive setup on my desktop. To call the latest release of Ubuntu 14.04 an enterprise ready LTS is a joke imho, with so many major bugs. Even OpenVPN's import is broken. So, Fedora it was. I like Fedora and have used it from versions Core 3 through 9; but KDE 4.13 is a little buggy still (bleeding edge for you). In the end I compromised and installed the bare bones of Fedora 20 CLI/network install, then pulled the MATE desktop and customised it from the ground up. Now it works how I like and is nice and light to boot. 

 

My VM 152Mbps connection is running flawlessly through Fedora 20 > pfSense 2.2 > cable modem ((AirVPN)) >> Internet. Even with the VPN connected I'm still getting a solid 152Mbps thanks to VM giving customers the overheads on the connections. Here's a speedtest screenshot from last night as I was downloading an Ubuntu torrent to test the throughput: 

 

B7XgR.png

 

Smack bang on 152Mbps as you can see. Anyone still having issues on VM, I'd strongly suggest you try modem mode on the SuperHub (as previously discussed in the thread), but to also boot your wired desktop with a Linux live CD to rule out Windows issues. While it's a decent enough consumer OS overall (NSA issues aside), Linux and BSD will happily chew through even gigabit connections where Windows is still coughing miles behind. So booting from a good Linux CD and preferably throwing a pfSense or IPFire router into the middle will help maximise your throughput. Just make sure, as refresh says, that it's on a decent enough box to not CPU bottleneck your speeds. 

Share this post


Link to post

pfSenseFan's AirVPN guide is excellent I have it running fine on basic hardware also his tutorial has linked a DNS benchmark and leak test can be done to make sure it works fine, guess one can even stop/pause openvpn client to confirm it works and nothing goes out or any real ip or dns leaks which does not I am happy to report

 

Core 2 duo desktops on ebay I see sometimes for £60-80 even perhaps chuck in a £20-30 dual intel nic and you got a good pfsense starter box, course spending that extra bit gets you AES supported cpus and better performance but for 50mb broadband should be fine.

Share this post


Link to post

pfSenseFan's AirVPN guide is excellent I have it running fine on basic hardware also his tutorial has linked a DNS benchmark and leak test can be done to make sure it works fine, guess one can even stop/pause openvpn client to confirm it works and nothing goes out or any real ip or dns leaks which does not I am happy to report

 

Core 2 duo desktops on ebay I see sometimes for £60-80 even perhaps chuck in a £20-30 dual intel nic and you got a good pfsense starter box, course spending that extra bit gets you AES supported cpus and better performance but for 50mb broadband should be fine.

 

Exactly the reason (power use aside) that I'm upgrading ASAP . With a better chip - even the £25+ Kabini chips - you get full AES support which the E7600 lacks. As my screenshot above shows, though, it still runs 152Mbps perfectly with barely 1% CPU usage. I'd also highly recommend people grab proper Intel Pro NICs if they're not buying Rangeley or similar Intel motherboards. When I moved my pfSense box to Intel Pro 1000PT (dual WAN card) and my desktop to an Intel Pro 1000MT NIC my throughput was much more consistent. Realtek NICs are widespread in consumer boxes but they're not the best ime.

Share this post


Link to post

I found a cracking thread about building a pfsense router but it looks like I've lost that tab now.

 

Apparently Intel Atom is a good platform for low power usage for such a system.

Share this post


Link to post

Those intel atoms are nice however the older ones did not support AES.

 

The newer ones aimed more at servers and workstations and business class do have AES although worth googling the cpu and specs to make 100% sure.

 

We have the new baytrail cpus also but the ones being launched from what I can tell do not support aes.

 

When you look at these nice small and tiny systems they look good but as suggested its nicer and better if you can get a cpu with AES and also use Intel network cards. So it falls back to slightly bigger ATX desktops sadly, you can also get 4 port Intel nics with lower profile brackets for about £50 off ebay so you could install that in a smaller mini atx or mico atx system.

Share this post


Link to post

Why not just add the networking capability to an existing PC?

 

Is there a defined list of reasons why it's better to use a stand alone unit?

Share this post


Link to post

That is what most folk have done if you got a 2ghz+ system you could easily add a 2 or 4 port intel nic.

 

AES cpus are just a nice touch but certainly not required they basicly reduce the overhead of work done so lets say your CPU maybe working at 30% usage, on an AES cpu it maybe 15-20% usage or even less.

 

Many guys have actually just done pfsense on an intel P4 desktop or old computer and its still fine. As a stepping stone its perhaps just an idea to start small especially if funds are lacking right now, once your pfsense is installed and set up you just have that added happy feeling knowing your IP and DNS are not leaking and you can still hit your 50meg or 100meg speeds..... even off a 2ghz+ old desktop you got from ebay for a few bucks or quids

 

I would if i was you try that new air client beta and see if it improves your performance, newer builds will contain leak protection.... for the casual net user I guess its ok but as I suggest you can never put a price on your privacy!

Share this post


Link to post

 

Why not just add the networking capability to an existing PC?

 

Is there a defined list of reasons why it's better to use a stand alone unit?

 

There are countless reasons why its better. One that hit home for me was last year when the TOR browser was compromised. If you were behind openvpn on pfsense, even if it exposed your "IP address" it sent home the 10.4.0.X ip address assigned by the VPN and not your ISP. If you used a consumer router... exposed. TOR + OpenVPN on WIndows? Would have been exposed. That's just one reason. There are many security reasons, is it isn't compromised by other software on the system. There are performance reasons, if you care about that too.

 

That's not even mentioning that it is a REAL firewall, not a false sense of security consumer routers are.

 

It really comes down to whether one cares about taking all precautions in security and privacy. If you intend to take it seriously there is no questions, you are leaps and bounds better off with a dedicated appliance.

 

But if one is going to go that route, it needs to be taken seriously. You need good equipment to use it proper. Fast memory, good (Intel) NICs, and a 2+ ghz processor with AES and in that order of importance. I don't care what you read elsewhere, I can take screenshots of how much resources it actually takes to utilize the features you need to be secure and private. I'm using 9 gigs of memory using Snort and pfblocker. If I set up snort for another VPN connection I might be up to 13 gigs of memory.

 

Now if you have an old pc around and all parts required to get started, sure why not use it and learn. I just will never recomend buying second hand unless it is currrent generation equipment at a deal.

 

Just my 2 cents.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

Thank you guys,I'm just trying to get a sense and feel of the job before I jump in and your inputs are valued.

 

I would be interested in seeing the screenshots of the resources being used of course.

 

Share this post


Link to post

I was looking at micro and mini atx cases last night but of course I need to factor in the number of expansion slots I may need in the future if I want to create a piece of equipment that I can update and future proof a little.

 

Any suggestions trom you guys?

 

Or,if you were making a shopping list to build the ideal system what would you get?

Share this post


Link to post

Thank you guys,I'm just trying to get a sense and feel of the job before I jump in and your inputs are valued.

 

I would be interested in seeing the screenshots of the resources being used of course.

 

At the time of this screenshot it was using just shy of 8 gigs of RAM. A far cry from what you read around the net. I wasted money on a previous build because of such info. Some people define anything that turns on as "working". It's a far cry from working well though.

 

0858f43d7848aff82967128fd25db73c.jpg


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

I was looking at micro and mini atx cases last night but of course I need to factor in the number of expansion slots I may need in the future if I want to create a piece of equipment that I can update and future proof a little.

 

Any suggestions trom you guys?

 

Or,if you were making a shopping list to build the ideal system what would you get?

Ideal is in the eye of the beholder. DO you use VOIP, Gaming, do heavy downloading? How willing are you to learn about serious security? Do you want to be as secure as possible?

 

If you read any post where this comes up, the first thing i say is get a rangely board. Preferably the octo core, but the quad core will suffice for most users. Those boards have top of the line intel NICs, AES, low power and a feature called quickassist which things like Snort will use in the near future. They simply are the ideal build right now. If you wanted some more single thread horsepower, you could use a Haswell Xeon for about $100 more. It's really up to what you want to be ale to do with it.

 

My choice came down to I didn't want to find out I couldn't do something.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

I've been looking at old Dell Optiplex 755 PC's and I think that may be the way in for me,they look like a reasonable platform to enter into the world of pfsense and start to learn about configurations and all the other possibilities.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...