Building a decent PC for VPN - Is this any good ?

[FatherLandDescendant]

There is no way to achieve the same speed with VPN as without VPN. If that is your goal you're wasting your money. There is always going to be VPN overhead no matter how fast the processor.

Please re-read my post, that is not my goal at all.

 

[BarQ]

There is no way to achieve the same speed with VPN as without VPN. If that is your goal you're wasting your money. There is always going to be VPN overhead no matter how fast the processor.

To squeeze the best results in terms of speeds, it's good idea to get a supported hardware. In general, VPN takes away ~40% to 30% of your speed away so I'm aware of that fact.

 

[Xentrk]

I need to do some more tinkering with it, I think I have something configured wrong, CRON looks like it is stuck in updating on the update tab, my CPU usage has spiked from under 20%+- with no network load and 30%+- with an active torrent, to staying at a consistent 60% with no load and when I have an active torrent it hits 100%. Is this normal? Since I put this package in it has affected my speed test results too cutting them in half. I have PIA set up on this gateway as well as Snort, but even with just those two my speed test readings were around 116Mbps down, now they are 60ish Mbps. I even have it disabled and CRON is still spinning on the update tab???

On the Update tab, there is a "View: button you have to select to see the output of the job. You have to then select "End View" before you can navigate out of the page. I have not seen any issues with performance when the job is running. Although, I have seen, on several occasions, times when I am unable to load web pages when it is running. This is frustrating. I have not followed up on the issue on the pfSense forums though but need to

 

[sfx2000]

There is no way to achieve the same speed with VPN as without VPN. If that is your goal you're wasting your money. There is always going to be VPN overhead no matter how fast the processor.

OpenVPN is probably one of the least efficient VPN's out there - but it's popular...

L2TP is fairly fast, as it PPTP (now not recommended), Wireguard is interesting but not widely available.

Properly configured and with enough resources behind it, can get very close to wire speed.

 

[FatherLandDescendant]

I have not seen any issues with performance when the job is running.

I removed the package until I have more time to mess with it and my CPU usage went from 60%+- back to roughly 11%+- with no load, and that's running Open VPN and Snort. With it being that heavy on the CPU it slows things down, drastically. I'll get back to it this weekend after class work is done, maybe I can figure out where I had things configured wrong. Thanks for the links, and fixing the one.

 

[BarQ]

pfSense has a lot of benefits, but if the ONLY reason your doing a PC/pfSense router over a standard router is to get faster VPN speeds you could go cheaper with a $200 ASUS RT-AC86U. It has hardware encryption in the CPU (aes-ni). I recently purchased one and I get great VPN speeds.

No VPN - 118mbps
PIA VPN - 114mbps
NordVPN - 114mbps
ExpressVPN - 65mbps

All three VPN services would be faster than the 50mbps you are looking for.

ASUS RT-AC86U - Merlin 382.2_beta2

Does ASUS RT-AC86U supports VLAN ? Also I have checked Google and it appears that there is no DD-WRT for it ?

 

[Xentrk]

Does ASUS RT-AC86U supports VLAN ? Also I have checked Google and it appears that there is no DD-WRT for it ?

No support for VLANs.

AC86U is too new for DD-WRT. I would stay away from DD-WRT if I had an Asus router. Best to stick with Asuswrt-Merlin. Have to be very careful how you flash. I have bricked my D-Link and had to recover using the serial flash method. No VLAN support

 

[BarQ]

No support for VLANs.

AC86U is too new for DD-WRT. I would stay away from DD-WRT if I had an Asus router. Best to stick with Asuswrt-Merlin. Have to be very careful how you flash. I have bricked my D-Link and had to recover using the serial flash method. No VLAN support

I just don't understand what's the difference between ASUSWRT-Merlin and DD-WRT ? Isn't Merlin firmware like a closed source version of DD-WRT ?
I have another question regarding VLans in PfSense, is there a possibility to put a machine on the Network or SMB Share and give access to it only for selected VLans ? Let's just say you want to have a SMB Share with Project Files and only want group of computers to have access to it in the VLan 1, VLan 3 , VLan 5, how would you make it work under PfSense ?

 

[Xentrk]

I just don't understand what's the difference between ASUSWRT-Merlin and DD-WRT ? Isn't Merlin firmware like a closed source version of DD-WRT ?
I have another question regarding VLans in PfSense, is there a possibility to put a machine on the Network or SMB Share and give access to it only for selected VLans ? Let's just say you want to have a SMB Share with Project Files and only want group of computers to have access to it in the VLan 1, VLan 3 , VLan 5, how would you make it work under PfSense ?

OpenWRT is the open source firmware that many others were based on. DD-WRT was forked from OpenWRT. Tomato was originally released by Jonathan Zarate in 2008, building on the code of HyperWRT. AsusWRT was originally based on Tomato, and got extensively modified by Asus over the years as they added their own features to it.

The purpose of VLANS is as your describe, segregate LAN clients and resources from each other, such as SMB Share. There are many tutorials on the web on how to setup VLANS in pfSense. What most of them lack are the steps needed on the managed switch to completed the configuration. Luckily, my friends at Lawrence Systems gifted us with a Christmas present last month that explains this.

 

[Xentrk]

Regarding DD-WRT, here is a picture of a DD-WRT flash that went bad and bricked the router. I had to perform a serial recovery.

I soldered pin headers on my serial connections though.

USB to TTL Cable
Soldered PINS to serial board
Gnd----> Gnd
Tx(1)----> Rx(1)
Rx(1)---> Tx(1)
3.3Vcc---> Connection not required
Connect via MobaXterm serial interface
Baud: 115200
Data bits: 8 Stop
Bits: 1
Parity: none
No Flow control
Hit madly Cntrl-C upon session start and after a few seconds got the cfe> prompt
Issue nvram clear command
Router rebooted with last installed firmware

 

[sfx2000]

DD-WRT was forked from OpenWRT

IIRC - DD-WRT was spawned from the Linksys WRT54G GPL drop... some of the package stuff for embedded - goes back to the Linksys NSLU2 GPL drop.

All the *WRT's, and most of the optware/entware stuff eventually goes back to Linksys...

Would probably be a fun project to map out those family trees - there's quite a bit of crossover in code across all of them, forks and merges... a lot of stuff there - infighting, inbreeding, and incestuous relationships...

 

[sfx2000]

Regarding DD-WRT, here is a picture of a DD-WRT flash that went bad and bricked the router. I had to perform a serial recovery.
View attachment 11660

I soldered pin headers on my serial connections though.
View attachment 11661
USB to TTL Cable

I would just solder pins onto the board - it's easy enough, even for a recovering systems guy like me

Good source for USB-TTL cables

https://www.adafruit.com/product/954

Just keep in mind they're 3.3V, some hackboards - the pins are 1.8V, so double check the specs on the board lest one releases the magic smoke...

 

[Xentrk]

IIRC - DD-WRT was spawned from the Linksys WRT54G GPL drop... some of the package stuff for embedded - goes back to the Linksys NSLU2 GPL drop.

All the *WRT's, and most of the optware/entware stuff eventually goes back to Linksys...

Would probably be a fun project to map out those family trees - there's quite a bit of crossover in code across all of them, forks and merges... a lot of stuff there - infighting, inbreeding, and incestuous relationships...

Thanks for the correction. I had researched this topic briefly a few months back for a discussion at my computer club meeting and obviously my source was wrong. When I looked into this, I learned about even more forks and branches of firmware I had never heard of. Keeping my eye on how OpenSense evolves. I saw a recent YouTube video which demonstrated that there is still a lot of work left to do. Nice to know we have options.

 

[Xentrk]

I would just solder pins onto the board - it's easy enough, even for a recovering systems guy like me

Good source for USB-TTL cables

https://www.adafruit.com/product/954

Just keep in mind they're 3.3V, some hackboards - the pins are 1.8V, so double check the specs on the board lest one releases the magic smoke...

View attachment 11662

I did solder pins to my board. The photo was from another user. I wish I would have taken photos of it when I was done. It was a D-Link 880 in my signature. It is regulated to AP duties for my pfSense box.

 

[Xentrk]

I did solder pins to my board. The photo was from another user. I wish I would have taken photos of it when I was done. It was a D-Link 880 in my signature. It is regulated to AP duties for my pfSense box. The other one is still a router at a site I support. It I should on the short list for replacement.

 

[RMerlin]

IIRC - DD-WRT was spawned from the Linksys WRT54G GPL drop... some of the package stuff for embedded - goes back to the Linksys NSLU2 GPL drop.

The original DD-WRT was based on Talisman/Alchemy, which was based on the WRT54G drop. (lots of drama surrounding this back in the day. Basically, DD-WRT was started as an answer to Sveasoft's weird interpretation of the GPL.)

With V22 or V23, DD-WRT was rebased on top of OpenWRT.

 

[heysoundude]

Wireguard is interesting but not widely available.

AzireVPN has opened the Wireguard beta, and I've been using it all afternoon on my main desktop. It's been brilliant and snappy, and ab-solution etc still seem to be working on my router by blocking what I've set it to block on my Merlin-flashed router.
short experience with it so far, but I'll be looking for a router I can run it on.

 

[Xentrk]

Glad to see a commercial VPN service rolling out WireGuard. The numbers are impressive. This is from https://imgur.com/a/RXXZ7

My provider told me they are working on it. I let them know I was highly interested and that AzireVPN had rolled out a beta.

 

[heysoundude]

Glad to see a commercial VPN service rolling out WireGuard. The numbers are impressive. This is from https://imgur.com/a/RXXZ7

View attachment 12324
My provider told me they are working on it. I let them know I was highly interested and that AzireVPN had rolled out a beta.

Based on my experience, I would have to concur with that chart.

I’ll keep using it to see if my perspective changes; I certainly hope it doesn’t next week when everyone is back on their server after March Break...

 

[sfx2000]

Glad to see a commercial VPN service rolling out WireGuard. The numbers are impressive.

SDWAN is fun... see ZeroTier...

https://www.zerotier.com/blog/2017-04-20-benchmarks.shtml