Voxel [R7800] suggestions/experiences about best supported VPN providers (kamoj users are very welcome)

[wireless82]

Hi everybody,
I'm the new kid in town , a new-owner of netgear r7800. I've got a gigabit fiber line and reach about 500Mbit down, 180 up.
I've installed last Voxel firmware and I'm going to use the kamoj add on.
In the following days probably there will be some special offers for VPN: usually 2 or 3 years contract are bargains, but this cause you have to choose carefully (do or do not, there no try!).
So I'd like to know if someone of you have experiences with providers.
Actually I'm evaluating:

1. nordVPN: little bit more expansive but faster than the number 2 (based on online chart I've found); it doesn't support port forwarding if you would like to use the vpn tunnel to access from internet to your home (my very future project). In this case, port forwarding can only obtained by buying a cheap VPS (lot of offers now around)
2. privateInternetAccessVPN: cheaper and a little bit slower, but support port forwarding, so may simplify future projects and costs.

I also would like to evaluate "stability&compatibility" parameter: I mean, if you-know-who-VPN is more rock solid with r7800, I can accept spending more - or go slower.
Thanks a lot for reporting any experiences!

 

[R. Gerrits]

Be advised that using a VPN on the R7800 you will never get the full speed of your Fiber line.

I'm using IPvanish VPN on my my R7800 -> this will only give about 35-40 Mbps download (over a 250 Mbps line).
(whereas IPvanish on a desktop reaches a higher speed. So it looks like IPvanish is using some server side settings that are not optimal for R7800)
But I recall seeing some posts also some people getting speeds of over 70 Mbps with other VPN providers.

So if speed is important, perhaps first try a trail subscription and test it out.

As for the port-forwarding point:
I'm only routing specific internal IP-addresses throught the VPN tunnel.
The stuff that I exposed via portforwarding thus uses my real public IP-address.

 

[kamoj]

Make sure to use "AES-256-CBC" instead of "AES-256-GCM".
Many VPN-providers push the (for the R7800) slower GCM to the router making it some 10-20% slower - if I remember correctly.
My add-on use AES-256-CBC, but too many providers decide to "do better"...

Be advised that using a VPN on the R7800 you will never get the full speed of your Fiber line.

I'm using IPvanish VPN on my my R7800 -> this will only give about 35-40 Mbps download (over a 250 Mbps line).
(whereas IPvanish on a desktop reaches a higher speed. So it looks like IPvanish is using some server side settings that are not optimal for R7800)
But I recall seeing some posts also some people getting speeds of over 70 Mbps with other VPN providers.

So if speed is important, perhaps first try a trail subscription and test it out.

 

[R. Gerrits]

Make sure to use "AES-256-CBC" instead of "AES-256-GCM".
Many VPN-providers push the (for the R7800) slower GCM to the router making it some 10-20% slower - if I remember correctly.
My add-on use AES-256-CBC, but too many providers decide to "do better"...

Ah that explains it. I initially blamed the smaller rcvbuf & sndbuf that IPvanish is pushing. But indeed it also pushes the cipher AES-256-GCM:

(PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 493216,sndbuf 493216,explicit-exit-notify 5,comp-lzo no,route-gateway 172.21.22.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.xx.xxx 255.255.254.0,peer-id 6,cipher AES-256-GCM')

 

[kamoj]

I use a local VPN-provider and consistently get about 100 Mbps, with the highest ever 122 Mbps - when running speedtest.sh program in the router.
Running tests from my Windows 10 computer, I get consistently 80-90 Mbps.

I have tried many other providers and ExpressVPN was the fastest at about 100 Mbps.

Also without the add-on support to find the "best" server helps a lot to connect to the fastest server.

I agree that it's absolutely best to run a trial subscription.

Be advised that using a VPN on the R7800 you will never get the full speed of your Fiber line.
..
But I recall seeing some posts also some people getting speeds of over 70 Mbps with other VPN providers.

So if speed is important, perhaps first try a trail subscription and test it out.
..

 

[kamoj]

That is true, the buffer sizes is the most efficient way to speed up the OpenVPN client.

A year or two ago, most VPN providers suddenly started to refuse the optimal settings,
that I had spent man-weeks to tune for the different providers.

I wish there was a way to force "my" buffer sizes!

(Maybe there is, but I don't know???)

Ah that explains it. I initially blamed the smaller rcvbuf & sndbuf that IPvanish is pushing. But indeed it also pushes the cipher AES-256-GCM:

(PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 493216,sndbuf 493216,explicit-exit-notify 5,comp-lzo no,route-gateway 172.21.22.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.xx.xxx 255.255.254.0,peer-id 6,cipher AES-256-GCM')

 

[wireless82]

Be advised that using a VPN on the R7800 you will never get the full speed of your Fiber line.

I'm using IPvanish VPN on my my R7800 -> this will only give about 35-40 Mbps download (over a 250 Mbps line).
(whereas IPvanish on a desktop reaches a higher speed. So it looks like IPvanish is using some server side settings that are not optimal for R7800)
But I recall seeing some posts also some people getting speeds of over 70 Mbps with other VPN providers.

I know, just a further question: the speed is for the device (laptop, smatphone...), or the sum? If I have 3 devices, each of them can download a 35-40Mbps (for example) or that is the maximum speed reachable by the router, so for 2 devices it will be the half?

So if speed is important, perhaps first try a trail subscription and test it out.

I know, I would take a good offer for the black friday but I could risk to not catch it. It seems not easy choose the right one ... https://www.safetydetectives.com/best-vpns/

As for the port-forwarding point:
I'm only routing specific internal IP-addresses throught the VPN tunnel.

that's it what I would try to do, mainly

The stuff that I exposed via portforwarding thus uses my real public IP-address.

I've just asked to my ISP if I can have it. So, do you use this approach? It's ok?
A collegue of mine suggest to buy a very cheap VPS, connect a device of mine to it via SSH and configure on the VPS itself an SSH port forwarding, so when I connect to the right port of the VPS I - after several "boink" - reach my home device(s).

 

[R. Gerrits]

The bandwidth is the total maximum. So if you'd start the speedtest on 2 laptops simultaneously, then they'd both probably get half of that. (although I never tested this).

I'm not sure about that VPS setup.
You are saying you want to open an SSH session from your router to your VPS. And then expose some local ports via that ssh-tunnel to that VPS. And then on the VPS do portforwarding?
It sounds complex. And not even sure if it will work.

I'd either use a VPN provider that does port-forwarding (easiest to configure, but does require you to do the portforwarding both in the VPN provider and on your router).
Or indeed (if you get a public IP from your ISP, and it doesn't block the ports you want to open) do the port-forwardings via your ISP connection. (requires some changes in VPN bypass)

 

[wireless82]

Just config mullvadVPN with openVPN via kamoj addon (what a job, man!), I reach about 35-40 Mbps. I read somewhere that openVPN is better than Wireguard with this router... Why? Generally, everyone says the opposite. I will try, by the way.

 

[wireless82]

...cut...

I'm not sure about that VPS setup.
You are saying you want to open an SSH session from your router to your VPS. And then expose some local ports via that ssh-tunnel to that VPS. And then on the VPS do portforwarding?
It sounds complex. And not even sure if it will work.

I'd either use a VPN provider that does port-forwarding (easiest to configure, but does require you to do the portforwarding both in the VPN provider and on your router).
Or indeed (if you get a public IP from your ISP, and it doesn't block the ports you want to open) do the port-forwardings via your ISP connection. (requires some changes in VPN bypass)

No, I have not explained well, sorry.
A friend of mine tell me that he has a config that do not involve the VPN, just a VPS where both a device from in and out of my network can connect to; the VPS just forwards traffic received to external to internal. Maybe we may open a different topic about it.

Said that, if VPN provider allows port fowarding I have seen, like u say, that I can do the same without a VPS but using VPN itself. Not all VPN offers this (mullvad does).

 

[wireless82]

Just config mullvadVPN with openVPN via kamoj addon (what a job, man!), I reach about 35-40 Mbps. I read somewhere that openVPN is better than Wireguard with this router... Why? Generally, everyone says the opposite. I will try, by the way.

Answering by myself, Voxel explains in other thread that this is due to kernel constraint that cannot be avoid because of netgear... dawn! config the vpn on the device I can reach almost 150Mbps via wireguard.
Why netgear, why you dont help!?!?

 

[jrbmw]

Ive run PIA,Nord .mullvad and express vpn. My maximum speed for my internet provider is 65 Mbps. Used Wireguard on mullvad and much slower.
Nord pia and express give me an average of 50 Mbps. The speeds are similar but Ive found Express to be more consistent and if you want to watch netflix in different countries express is the one to go for.
I would say pia is the best value for money and works well. Express is probanly the most expensive.

 

[wireless82]

Just tried mullvad with wireguard via desktop app, ive reached 200 Mbps right now.
It seems that choosing the right vpn could not be so easy, you know this site? https://www.safetydetectives.com/best-vpns/
I'm only interested in privacy and reasonable speed compared with no vpn, I dont want local isp know everything about me.