What's new

VPN setup with ASUS, QNAP and SOPHOS

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


New Around Here
Hi all, I'm new here and after a bit of advice on a pretty complex question which could have a few possible solutions.

I have Virgin fibre on their 1GB service which comes through the hub 5 in modem mode. I then have a QNAP TVS-128T3 that has 2 x 10gb ports and 4 x 1gb ports. I am running various virtual machines on the QNAP and one of them is Sophos home firewall. I also have 2 x ASUS XT8 which I am using for wireless. I will try to give you as much information as possible to try and give you a full overview of how things are set up. I understand that the set-up is probably not optimal!!

Virgin HUB 2.5gb port > 10gb port on QNAP - second 10gb port on QNAP goes to internal LAN on a 10 port 10gb switch. 2 x ASUS XT8s doing WiFi, first has WAN port plugged into 10gb switch, second unit has WAN port plugged into first XT8 with Ethernet backhaul - I think at one point I did have them both plugged directly into the 10gb switch but I did a firmware update and one of the units kept disconnecting and flashing red, the only way I could get it to work in a stable was plugged directly into the other XT8 (that is another issue but feel free to solve that too for me!!)

My ultimate goal is to streamline the whole set-up to a degree and not loose all my bandwith at the same time.

I was using CyberGhost as VPN on my firestick when using PTP, when my subscription ran out they wanted me to pay the same amount for 1 year as I had paid for 2 years so I decided to switch. I had a look around and thought I would try ExpressVPN. I also thought whilst I was at it I would protect the whole network at once. I did a bit of research and found I could set it up using OPENVPN on the QNAP in QVPN. I did this and set the QVPN to be the default gateway for the NAS. But when I go on the internet and look to whatismyip it doesn't give the VPN IP, it gives the External IP of the Sophos firewallk even though that is going out on the interface of the QNAP that should be going out on the VPN?

I thought of a workaround, set OPENVPN up on the XT8, anything I really want to protect is running wireless, my standalone PC I can just install the ExpressVPN app. I tried this and the speed is dire, I was only getting 40mb. I did some more research and found out that this is due to lack of hardware acceleration. (just to add that on a good day I can get 900mb down and 100mb up - this is on my laptop over WiFi out through the Sophos virtual firewall) This is obviously not acceptable.

As a test I pointed my laptop direct at the QNAP as my gateway, not the internal IP of the Sophos firewall, it picked up the VPN IP when I tested it on whatismyip and I got 340mb down and 90mb up - not amazing but far better than I was getting!!

So I realise there will be loads of possible solutions to this and I am prepared to spend a bit of cash to get the best solution but I don't have unlimited funds!!

I presume the VPN tunnel has to be ideally that last link in the chain as close to the modem and then funnel everything through that. I would ideally like to keep the Sophos in the mix as it is pretty solid and is also free. I should also add that I have failover internet using one of the other 1gb port in the QNAP, this is set up in Sophos as WAN failover, I did have it set up originally on the XT8 but I though it was a bit daft when I could use the QNAP to do more. I thought about getting a new router, I will more to WiFi 7 at some point eventually, but the cost is pretty extreme at the moment. Ideally it would be great if it was possible to get the Sophos to route out over the VPN. Oh, I also thought is ExpressVPN the best option and would NordVPN be better, is OPENVPN also a bottleneck and would WireGuard be a better option?

Sorry this is such a long post and really confusing, I would appreciate any thoughts on the best way of approaching this! Cheers. Also I wasn't sure where best to post this either.
Welcome to the forums @MimiC808.

I would not be using my NAS for VPN use.

Either use a dedicated router to provide VPN connections to your wireless clients, or DIY a used box of parts to provide that (if your router's hardware isn't powerful enough).

But creating a direct connection to your NAS from the outside world is asking for trouble you can't even imagine right now.

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!