Leaderboard

Thank you for your answer. I understand how it works now. I tried to reach my mediaserver with the VPN turned off and it didnt work aswell so I figured out something was wrong with my local port forwarding. Got it to work now.

If you are able to find a used Netgear R7800 (X4S Nighthawk) at a reasonable price (new ones are pricey), that is pretty universally agreed in the dd-wrt forums these days to be the least troublesome router with solid speed for use with dd-wrt. Supposedly it runs OpenVPN at around 100 Mbps, and there are flashing instructions in the forum at https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614. The AirVPN setup how-to is at https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321856, though note it has not been updated yet for OpenVPN 2.5. Find general dd-wrt OpenVPN guidance, including notes on changes needed for OpenVPN 2.5, at https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398. You'll need to register as a forum user and be logged in to download the pdfs. The forum that discusses the R7800 and related routers is at https://forum.dd-wrt.com/phpBB2/viewforum.php?f=28, and it's important to check the new-build thread there for any build you are considering flashing, just to make sure R7800 owners are not having trouble with it. There is a dd-wrt router database that is referenced in a million online how-to articles outside the dd-wrt forums. Ignore it. Its build recommendations are poor, sometimes disastrously so. Usually the latest build is the right one for that router. Re solutions other than dd-wrt, I do know that those Asus routers running AsusWRT offer OpenVPN, though they use Broadcom wifi hardware rather than the generally preferred Atheros wifi hardware. If you go that way, pick a model that is supported by (with many users) AsusWRT-Merlin (see https://www.asuswrt-merlin.net/), so that you will have the option of eventually upgrading your firmware to it. AsusWRT-Merlin is much less aggressive than dd-wrt with adding exotic features. It fixes bugs in the original AsusWRT and extends router capabilities in certain areas in a relatively gentle way. I believe I remember that OpenVPN Policy Based Routing (routing some but not all clients through the VPN) is one of its additional features. You'll either want PBR or two routers, one for VPN and one for bypassing it, in any practical router-VPN setup. I know little about other options so will let others comment. Good luck.

I can confirm it is coming. Even though wg matured a bit, it's still got technical and privacy caveats Staff will make very clear when the first experimental servers hit the scene. However, I cannot say when. Stay tuned for more info on the Announcements forum.

If you decide to start over with a new router, look at a Netgear R7800 with dd-wrt and AirVPN. (The R7800 has by far the best dd-wrt support.) The relevant guides: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321856

https://restoreprivacy.com/wireguard/ AirVPN has also chimed in over WireGuard’s implications for anonymity, as explained in their forum: Wireguard, in its current state, not only is dangerous because it lacks basic features and is an experimental software, but it also weakens dangerously the anonymity layer. Our service aims to provide some anonymity layer, therefore we can’t take into consideration something that weakens it so deeply. We will gladly take Wireguard into consideration when it reaches a stable release AND offers at least the most basic options which OpenVPN has been able to offer since 15 years ago. The infrastructure can be adapted, our mission can’t. In their forums, AirVPN further explained why WireGuard simply does not meet their requirements: Wireguard lacks dynamic IP address management. The client needs to be assigned in advance a pre-defined VPN IP address uniquely linked to its key on each VPN server. The impact on the anonymity layer is catastrophic; Wireguard client does not verify the server identity (a feature so essential that it will be surely implemented when Wireguard will be no more an experimental sofware); the impact on security caused by this flaw is very high; TCP support is missing (third party or anyway additional code is required to use TCP as the tunneling protocol, as you suggest, and that’s a horrible regression when compared to OpenVPN); there is no support to connect Wireguard to a VPN server over some proxy with a variety of authentication methods. Despite these concerns, many VPN services are already rolling out full WireGuard support. Other VPNs are watching the project and are interested in implementing WireGuard after it has been thoroughly audited and improved. In the meantime, however, as AirVPN stated in their forum: “We will not use our customers as testers.”