How best to utilize my VPN service

[diehardbattery]

So in light of the stuff going on in the US, I decided that now is the time to get a VPN service. I've settled on Nord VPN. The problem though is that it has a 6 device connection limit. Also the software doesn't seem to automatically start when booting (be it Windows, Android, or iOS).

At any time, there are at least 30 devices connected to the router (most are wifi). I have a Linksys EA9500 for a router. My ISP is AT&T Gigabit with 1GB/1GB service. I am wondering for the best performance, should I try setting up the connection to the router or should I maybe consider a pfSense box? If a pfSense box, what should I get or build? I don't have the option of building a rack.

I also want to use OpenNIC for the DNS.

 

[CaptainSTX]

If you are running the VPN client on your router it counts as one connection only regardless of how many devices are connected to the router and using the VPN.

Running your VPN on a SOHO router will result in your download speed being restricted by the load a VPN places on the router. As an example running a VPN Client on my ASUS AC1900P, which has a 1400 Mhz processor, results in my downlad speed being reduced from 180Mbps to 55 Mbps.

That speed is good enough for many devices such as tablets and smartphones but my newest PC which has a fast I7 processor I choose to run my VPN providers app directly on the PC. By running it on the PC I get 170 Mbps downloads which isn't a significant slow down from the 180 Mbps I get when connected directly to my ISP.

To get the speeds you want with your very fast connection you will have to run pfsense on a box with a fast processor.

 

[diehardbattery]

To get the speeds you want with your very fast connection you will have to run pfsense on a box with a fast processor.

Okay.. so what am I looking at for a setup? I currently have a Lenovo Ideacentre K410 that I could possibly repurpose... it's my current desktop, but if building a pfsense box is cheaper I might lean towards that.

Also, how would the EA9500 be used? To put it in AP only mode seems a bit overkill considering the cost LOL. Plus I do utilize 7 out of the 8 ports. I have an 8 port Netgear gs108 switch.. maybe i need to go to 16?

 

[CaptainSTX]

Okay.. so what am I looking at for a setup? I currently have a Lenovo Ideacentre K410 that I could possibly repurpose... it's my current desktop, but if building a pfsense box is cheaper I might lean towards that.

Also, how would the EA9500 be used? To put it in AP only mode seems a bit overkill considering the cost LOL. Plus I do utilize 7 out of the 8 ports. I have an 8 port Netgear gs108 switch.. maybe i need to go to 16?

You first have to determine how much speed it is possible to get from your VPN provider. It is unlikely that they have a big enough pipe to give you your full gig. Start by running their VPN app on your computer and see what speeds you can get. Try with diffrent server locations and diffrent times of day. Once you have a good idea of what the max VPN download speed you can acheive you can start planning on how much processing power you need.

You also may want to test other VPN providers. Some are better and faster than others.

 

[diehardbattery]

You first have to determine how much speed it is possible to get from your VPN provider. It is unlikely that they have a big enough pipe to give you your full gig. Start by running their VPN app on your computer and see what speeds you can get. Try with diffrent server locations and diffrent times of day. Once you have a good idea of what the max VPN download speed you can acheive you can start planning on how much processing power you need.

You also may want to test other VPN providers. Some are better and faster than others.

My research showed that NordVPN is one of the best. There are servers that are only a couple hundred miles away (in the US) and they seem to have worked work well thus far. But I've been experiencing that when a server is about beyond 85% load, it will slow down. Connecting to a server with a lighter load seems to improve that.

With that said, I have not done any "formal" testing, but the best I have seen so far is anywhere between 100-200 down/up while connected to the VPN. I can't imagine it could get a lot higher than that due to overhead, and as you said earlier, not many VPN services (if any at all) would be able to support the full speed of my connection.

 

[doczenith1]

I also have gigabit ISP service and did some testing a while back that may help you with some reference numbers on throughput. These are my speeds using the OpenVPN Client on two different ASUS routers. Both routers running Asuswrt-Merlin 380.64 firmware. Using the VPN client to connect through PIA VPN servers.

AC3100 (1.4 Ghz dual core)
CTF (Cut Through Forwarding NAT Acceleration)
DL: 61 Mbps with core 1 at 25%, core 2 at 75% (*74 Mbps core 1 at 30%, core 2 at 85% with mods)
UL: 84 Mbps with core 1 at 35%, core 2 at 100%

AC68U (1.0 Ghz dual core)
CTF enabled
DL: 44 Mbps with core 1 at 30%, core 2 at 80%
UL: 58 Mbps with core 1 at 40%, core 2 at 100%

For reference, when using the same PIA VPN server with a windows client I'm able to attain 250 Mbps down and 350 Mbps up on the same DSLReports HTML5 speed test.

The speed tests were conducted over a wired connection from the computer to the router.

Data encryption: AES-128
Data authentication: SHA1
Handshake: RSA-2048

*Adding the following lines to the custom configuration bumped the DL speeds to 74 Mbps.
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"

 

[diehardbattery]

I also have gigabit ISP service and did some testing a while back that may help you with some reference numbers on throughput. These are my speeds using the OpenVPN Client on two different ASUS routers. Both routers running Asuswrt-Merlin 380.64 firmware. Using the VPN client to connect through PIA VPN servers.

AC3100 (1.4 Ghz dual core)
CTF (Cut Through Forwarding NAT Acceleration)
DL: 61 Mbps with core 1 at 25%, core 2 at 75% (*74 Mbps core 1 at 30%, core 2 at 85% with mods)
UL: 84 Mbps with core 1 at 35%, core 2 at 100%

AC68U (1.0 Ghz dual core)
CTF enabled
DL: 44 Mbps with core 1 at 30%, core 2 at 80%
UL: 58 Mbps with core 1 at 40%, core 2 at 100%

For reference, when using the same PIA VPN server with a windows client I'm able to attain 250 Mbps down and 350 Mbps up on the same DSLReports HTML5 speed test.

The speed tests were conducted over a wired connection from the computer to the router.

Data encryption: AES-128
Data authentication: SHA1
Handshake: RSA-2048

*Adding the following lines to the custom configuration bumped the DL speeds to 74 Mbps.
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"

I'm relatively new to how a VPN works in terms of performance. Your speeds on your routers seem like a huge waste? Is that because most home setups aren't adequately equipped to handle it? This is why I am thinking of going the pfSense route. It also does not look like the EA9500 will support OpenVPN anytime soon. I don't have the time required to fiddle around with something like OpenWRT either unfortunately. One could argue the same could be said for pfSense, and I'm guessing it would be correct...

 

[CaptainSTX]

I'm relatively new to how a VPN works in terms of performance. Your speeds on your routers seem like a huge waste? Is that because most home setups aren't adequately equipped to handle it? This is why I am thinking of going the pfSense route. It also does not look like the EA9500 will support OpenVPN anytime soon. I don't have the time required to fiddle around with something like OpenWRT either unfortunately. One could argue the same could be said for pfSense, and I'm guessing it would be correct...

Your assumption is correct based on the data people our reporting. No off the shelf SOHO router on the market today has the processing power to handle a VPN client and the faster the base ISP connection is the harder it is for the router's processor needs to work and it seems to bog down.

With a VPN client application running on an I7 processor running at 2.8 Ghz I can get 170 down 22 UP from Astrill and 165 down 22 UP from SaferVPN which is approximately 95% of my raw speed from my local ISP.

Using my VPN accelerator which has an Atom Processor at 1.8Ghz my VPN speed tops out at 65 down or 36% of my raw speed.

Based on the results posted above you need a processor capable of 2.4 Ghz to get at least 100 Mbps down and for higher download speeds you will need a router with a faster and more powerful processor which means building a box with pfsense or some other OS and seeing what it can do.

Hopefully someone will do that and let everyone on the forum know what they accomplished.