Specific IP via VPN Client and RAM

[Jonnny]

Hello everybody,

I'm new to this forum. Sorry in advance if this is not the right place to post these dumb questions.

First, thanks to Merlin for all the work and the community for their great support.

Router: ASUS-RT-AX88U
Firmware: 388.1

Here are the two questions:

_First_

I'm using the VPN Director option to direct traffic from a device on my lan network (192.168.XXX.XX) to a VPN Client (OpenVPN).

I need to access a website/ip through this device, but website/ip it is blocked in my location/country (so I use VPN Director to bypass).

So, it is possible to create a route for this device to access a specific site/ip over the VPN Client (OpenVPN), and the rest of the traffic to WAN?

Lan Device___> all traffic through WAN
|
|__________> site exception through VPN Client (OpenVPN)

_Second_

I have several IP cameras, recording video of every movement detected and sending these videos (FTP protocol) to an SSD disk connected to the router.

As the number of videos grows, the RAM available on the router decreases until it has 97/98% of RAM occupied.

In the previous router model (AC87U), this did not happen, so I ask if this is normal?

Thanks.

 

[Tech9]

Firmware: 388.1

Better Asuswrt base Asuswrt-Merlin 388.2 firmware is now available.

So, it is possible to create a route for this device to access a specific site/ip over the VPN Client

Experiment with this available custom script.

97/98% of RAM occupied

Taken by cache. May create some issues in a long run. I don't recommend using attached storage to the router. Routers are RPi like weak hardware with very limited RAM. SMB implementation is not the best in Asuswrt. Use a NAS instead if you value the data stored. Use the router as Router.

 

[Jonnny]

@Tech9,

Thanks for the answers.

Better Asuswrt base Asuswrt-Merlin 388.2 firmware is now available.

I know, but I'm waiting for more feedback. Because I see some VPN issues, ARP table, WiFi 5Ghz, etc. And right now I have the whole router setup working minimally well.

Experiment with this available custom script.

After reading a little more, I realized that in VPN Director, it can handle external IP's. So all I had to do was run the command nslookup to view all IP's and route them of site to the VPN Client, simple way.

But the ideal would be to put the name instead of the IP domain, as the script you mentioned, but for now it's working fine. Another detail is that it keeps the DNS defined in the router, not the VPN Client.

Forwarding only the necessary website traffic instead of all traffic, I notice faster loading from my PI streaming server (ex. create session cookies, session tokens, etc.).

Taken by cache. May create some issues in a long run. I don't recommend using attached storage to the router. Routers are RPi like weak hardware with very limited RAM. SMB implementation is not the best in Asuswrt. Use a NAS instead if you value the data stored. Use the router as Router.

I understand that the ideal would be a NAS, but for now the router serves the purpose, I don't want to spend more money (and noise, power consume, etc.). I only asked because I find it strange that the previous model didn't have this "cache issue".

Thanks again for your time and answers.

 

[Tech9]

the previous model didn't have this "cache issue"

Not exactly an issue - this is how it works. The RAM is limited and SMB takes whatever is available. When needed for something else it's used for something else. The real issue is you may see router instability with large NAS-like transfers. I don't know what's the stream bitrate and how many cameras you have, but constant writing doesn't sound like a good idea to me. Unfortunately, most folks realize it was a mistake only after they lose data.

 

[ColinTaylor]

I only asked because I find it strange that the previous model didn't have this "cache issue".

It did actually (and it's not an issue, it's normal). With your previous router you would have been running an older firmware version that cleared the cache every time you logged into the GUI. That gave the illusion that the memory wasn't being used. Recent firmware versions removed the clearing of the cache as it was a) pointless, and b) detrimental to performance.

 

[Jonnny]

Not exactly an issue - this is how it works. The RAM is limited and SMB takes whatever is available. When needed for something else it's used for something else. The real issue is you may see router instability with large NAS-like transfers. I don't know what's the stream bitrate and how many cameras you have, but constant writing doesn't sound like a good idea to me. Unfortunately, most folks realize it was a mistake only after they lose data.

They are videos with an individual size of 900KB (12 seconds). The bitrate/resolution in the recording is different from the live stream.

After all these years I've never lost any information, but even if lose it's not important (only use for camera records).

It did actually (and it's not an issue, it's normal). With your previous router you would have been running an older firmware version that cleared the cache every time you logged into the GUI. That gave the illusion that the memory wasn't being used. Recent firmware versions removed the clearing of the cache as it was a) pointless, and b) detrimental to performance.

Hi @ColinTaylor,

I finally understand something about the difference from the previous router's behavior regarding caching + SMB. Thank you for the explanation.

Note: I put cache issue in quotes

Previous router + firmware:
AC87U - 384.13_10

I'll try to see the best way to migrate the FTP/SMB service to PI (thus leaving all the RAM for the remaining router services = more stability).

(Like this)

Thank you both.

 

[Jonnny]

_______________________

UPDATE - 25.04.2023

I ended up migrating the FTP/SMB services to my Pi, and now the router in terms of RAM is very stable (various connected clients, VPN server, VPN clients, routes, etc.)

In fact, even having these options (FTP/SMB) available on the router, for average use it is not advisable. (@Tech9 )

The tutorial (OpenMediaVault) above, I couldn't do it, since it is intended for the Lite version of Raspbian (without graphical desktop).

So I used these as a guide (as reference):

FTP: vsftpd

SMB: SAMBA

Funny how well Pi handles more services than are already configured (currently playing 4 TV streams from different sources).

And with some video files already recorded, no problem with SMB caching.

Thanks.