What's new

OpenVPN and access to LAN from outside

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Can you send a screenshot of your policy rules table?

Sure see attached photos.

Please note that now I have changed to policy rules strict I can no longer access the modem ip when vpn is enabled:

ASUS Wireless Router RT-AC86U - OpenVPN Client Settings 2020-04-11 11-59-17.png
ASUS Wireless Router RT-AC86U - OpenVPN Client Settings 2020-04-11 12-03-42.png
 
On the 'modem' entry, you have the ip address in the wrong field. It needs to be in the destination ip (see my original screenshot and advice). So, to be clear, you need 0.0.0.0 in source IP and 192.168.8.1 in destination ip for the modem only
 
On the 'modem' entry, you have the ip address in the wrong field. It needs to be in the destination ip (see my original screenshot and advice). So, to be clear, you need 0.0.0.0 in source IP and 192.168.8.1 in destination ip for the modem only

You sir, are a beautiful man.

All working now and can access the modem when vpn is on.

Quick question as you are very knowledgeable on this subject: How does my vpn settings look, all works good currently but is there anything more I can do to speed up the VPN apart from removing encryption (cant change to 128 gcm from cbc as vpn does not support)?

Any notable changes that can be made the custom config?

I actually only use the VPN to change my location from France to UK using a private vpn server as I'm currently out of the UK for a bit - so not that fussed about privacy benefits, more so about speed.

Here are settings:
ASUS Wireless Router RT-AC86U - OpenVPN Client Settings 2020-04-11 11-59-17.png
ASUS Wireless Router RT-AC86U - OpenVPN Client Settings 2020-04-11 13-36-01.png
 
No worries, glad we got there in the end!

I'm really not that knowledgeable at all. The things that I know and am able to answer, I have learned either through experimentation or from using these wonderful forums.

The real experts may be able to advise further, but your settings look fine to me. You could increase the speeds by decreasing the encryption overhead, but it will depend on whether your VPN provider's server supports it. As for the custom config, again I would use the recommended settings from your provider. For the record, here is my config. I get about 95% of my true connection speed:

Code:
resolv-retry infinite
remote-random
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
remote-cert-tls server
pull
fast-io

Since you're using UDP, you could try adding the "fast-io" line. Also, you may have some success with tweaking the MTU values and the send/receive buffers. I believe the there are several write-ups on here of people sharing their configurations, that aim to maximize VPN throughput. Have a look around and see what you can find. Here is one to start:

https://www.snbforums.com/threads/vpn-speeds-with-rt-ac87u.46328/

Lastly, depending on which router you have, you may be limited by the capabilities of the CPU to decrypt the packets. To check that this is what is happening, if you can, install the VPN software from your provider on your laptop and see what speeds you get. If the speeds are significantly faster, then I'm afraid that your bottleneck is probably the router CPU.

Best of luck!
 
No worries, glad we got there in the end!

I'm really not that knowledgeable at all. The things that I know and am able to answer, I have learned either through experimentation or from using these wonderful forums.

The real experts may be able to advise further, but your settings look fine to me. You could increase the speeds by decreasing the encryption overhead, but it will depend on whether your VPN provider's server supports it. As for the custom config, again I would use the recommended settings from your provider. For the record, here is my config. I get about 95% of my true connection speed:

Code:
resolv-retry infinite
remote-random
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
remote-cert-tls server
pull
fast-io

Since you're using UDP, you could try adding the "fast-io" line. Also, you may have some success with tweaking the MTU values and the send/receive buffers. I believe the there are several write-ups on here of people sharing their configurations, that aim to maximize VPN throughput. Have a look around and see what you can find. Here is one to start:

https://www.snbforums.com/threads/vpn-speeds-with-rt-ac87u.46328/

Lastly, depending on which router you have, you may be limited by the capabilities of the CPU to decrypt the packets. To check that this is what is happening, if you can, install the VPN software from your provider on your laptop and see what speeds you get. If the speeds are significantly faster, then I'm afraid that your bottleneck is probably the router CPU.

Best of luck!

When you say decrease encryption you mean simply turn it off?

I already use 128-cbc and sha1, the only lower setting would surely be turning off encryption?

yeah I use ac86u so that wouldn’t be the bottleneck on my 100mbps line.

cheers for all the help again!
 
You can't simply turn encryption off. You are at the mercy of what the provider's VPN servers use. I also have the 86U on a 100mb line which gives me 95-96mb most of the time. The 86U is more than capable at those speeds.

Only things I could suggest in your case is trying a different server, tweaking your config as above, or speaking with your provider to see what options you have.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top