Best VPN Solution?

[Rifte]

PureVPN has been good for me. The dedicated IP works like a charm across all of my devices (phone included).

In respect of speed, I don't really download heavily from it, I only use it to view content outside of the UK and to online gamble, so I haven't really tested it.

VyperVPN probably wont be ideal for a lot of people who don't like the 'big daddy' state because they do log unfortunately, and there are instances of people downloading torrents via it (obviously not condoning it) and they have still received warnings etc from their download activities. In short they do spill their guts when squeezed.

 

[StonedPenguin]

edit - nvm.

 

[ANDARIAL]

What vpn wireless router would you guys recommend?
To go with a SR102 .Getting best speeds with the 102 compared to all my other routers i have tried

 

[Rainmaker]

What vpn wireless router would you guys recommend?
To go with a SR102 .Getting best speeds with the 102 compared to all my other routers i have tried

Any little consumer plastic box is going to struggle with OpenVPN. Even a £200+ multi-antenna beastly looking thing still only often has a 500MHz CPU and 128MB RAM inside. They're trying to do everything in one box, and are mediocre at everything, relying on hardware packet filtering to keep the WAN > LAN speed acceptable, but failing miserably at everything else. OpenVPN is single threaded and CPU heavy, so they just drown.

If you really want to run VPN from your router (which is a good idea if it's to a UK node) then you're better off self-building. A 2.0 GHz quad core embedded fanless box - ideally supporting AES-NI - would be the ticket. I think that link is OK because OcUK don't sell them.

That would run pfSense or IPFire easily, especially as it has Intel NICs. I run a PC Engines APU2C4, though I haven't tried VPN through it yet (I run instances locally on the clients). I pass it through to a switch and have a Ubiquiti UAP AC PRO for wireless. Forget the little all in one boxes if you want to network properly. As someone on another forum says, and it always makes me chuckle, 'Friends don't let friends use consumer network equipment'.

 

[ANDARIAL]

Thanks for that info
Bit too expensive though
I was looking at some DDwrt capable routers earlier?
Are they no good either?

 

[Rainmaker]

Thanks for that info
Bit too expensive though
I was looking at some DDwrt capable routers earlier?
Are they no good either?

It's not the OS (DD-WRT / Open-WRT / pfSense / IPFire), it's the underlying hardware. Personally speaking ~£160 for a box that'll route gigabit symmetric with several hundred Mbps VPN is nothing, especially when a little consumer box that just... won't... can be £200 plus.

I suppose you could look on eBay etc for a cheap second hand PC with a decent dual core CPU and throw in a second hand dual port Intel NIC, but you're going to spend a lot more than £160 on electricity over even the first 12 months, it'll be loud, and it still won't be as powerful or efficient.

Unfortunately it's a case of either wanting a box to do the job and buying/building one, or going without. Wanting do get near line speed VPN without buying proper hardware is like wanting to play Crysis on a ten year old AGP card. It might be what's in budget, but that won't make it work!

If you're happy with 40-50Mbps you will get away with a cheaper consumer router (eg N56U upwards), but it'll be running flat out and your experience won't be great. Plus I'm not sure how long a box like that would hold out running at 100% CPU most of the time.

 

[ANDARIAL]

My internet connection is 4meg max on a good day

 

[Rainmaker]

My internet connection is 4meg max on a good day

Oh, I apologise. I must be mixing threads up, there's a few of these scattered around the forums since the Bill was passed. In that case happy days for you. Most routers will happily deal with that over VPN without breaking a sweat. DD-WRT will do fine.

 

[Armadillo]

Any little consumer plastic box is going to struggle with OpenVPN. Even a £200+ multi-antenna beastly looking thing still only often has a 500MHz CPU and 128MB RAM inside. They're trying to do everything in one box, and are mediocre at everything, relying on hardware packet filtering to keep the WAN > LAN speed acceptable, but failing miserably at everything else. OpenVPN is single threaded and CPU heavy, so they just drown.

If you really want to run VPN from your router (which is a good idea if it's to a UK node) then you're better off self-building. A 2.0 GHz quad core embedded fanless box - ideally supporting AES-NI - would be the ticket. I think that link is OK because OcUK don't sell them.

That would run pfSense or IPFire easily, especially as it has Intel NICs. I run a PC Engines APU2C4, though I haven't tried VPN through it yet (I run instances locally on the clients). I pass it through to a switch and have a Ubiquiti UAP AC PRO for wireless. Forget the little all in one boxes if you want to network properly. As someone on another forum says, and it always makes me chuckle, 'Friends don't let friends use consumer network equipment'.

£150 or so seems a decent price. Some of the higher end consumer routers run that. I did make a topic in servers about repurposing an old computer, but this seems a much nicer solution & far less power hungry.

Having no experiance at all with Pfsense or similar, I assume it's not too hard to setup? Something like this should max my connection over vpn fine (70/18.5 ish), on pc I get about 68/18 (which I'm lead to believe is normal because of encryption overhead).

I'm fine with the clients on pc, but it would be nice to just have vpn secured wireless and not worry about android clients etc.

Is it possible with something like this to only route some traffic through the vpn? For example, have everything through the vpn, except for X local ip. So I could still run the client on computer for ease of switching servers as needed or would it be all or nothing?

Thanks.

 

[Rainmaker]

£150 or so seems a decent price. Some of the higher end consumer routers run that. I did make a topic in servers about repurposing an old computer, but this seems a much nicer solution & far less power hungry.

Having no experiance at all with Pfsense or similar, I assume it's not too hard to setup? Something like this should max my connection over vpn fine (70/18.5 ish), on pc I get about 68/18 (which I'm lead to believe is normal because of encryption overhead).

I'm fine with the clients on pc, but it would be nice to just have vpn secured wireless and not worry about android clients etc.

Is it possible with something like this to only route some traffic through the vpn? For example, have everything through the vpn, except for X local ip. So I could still run the client on computer for ease of switching servers as needed or would it be all or nothing?

Thanks.

If you're a total noob and want hassle-free, then in some ways IPFire (Linux based) might be easier than pfSense (BSD based). Both do the same thing overall, and they are similar to use, but IPFire is just that bit 'cleaner' and more simply laid out. For example to tweak DNS servers in IPFire it's one change to one setting. On pfSense you need to set it up on the Gateway section then tell the DNS Resolver to forward DNS queries. Little things, but they add up and it's not as straightfoward if you don't know (and/or spend time on the excellent Wiki).

That said pfSense is nice, secure and has a great looking webUI. IPfire is very functional and in some ways has better features, but it looks more old-school. That said IPFire will give nice touches like breaking down firewall hits by country, and the logs have little country flags next to every entry so you can see at a glance who's being naughty.

To answer your question, yes it's easy enough to set up either as a VPN client. There are guides on the net and on many VPN providers' sites. IPFire is probably a tad easier, but again not much in it. A box like the one I linked should see you hit your full speed potential without issues, and yes with some appropriate firewall groups/rules it's easy to tunnel some IPs and not others. Again Google is your friend. Just remember that on a firewall distro you'll have WAN in and LAN out. Two ports. You'll need to pass your LAN to a cheap switch if you want wired clients, but they're hella cheap so why not.

 

[Armadillo]

If you're a total noob and want hassle-free, then in some ways IPFire (Linux based) might be easier than pfSense (BSD based). Both do the same thing overall, and they are similar to use, but IPFire is just that bit 'cleaner' and more simply laid out. For example to tweak DNS servers in IPFire it's one change to one setting. On pfSense you need to set it up on the Gateway section then tell the DNS Resolver to forward DNS queries. Little things, but they add up and it's not as straightfoward if you don't know (and/or spend time on the excellent Wiki).

That said pfSense is nice, secure and has a great looking webUI. IPfire is very functional and in some ways has better features, but it looks more old-school. That said IPFire will give nice touches like breaking down firewall hits by country, and the logs have little country flags next to every entry so you can see at a glance who's being naughty.

To answer your question, yes it's easy enough to set up either as a VPN client. There are guides on the net and on many VPN providers' sites. IPFire is probably a tad easier, but again not much in it. A box like the one I linked should see you hit your full speed potential without issues, and yes with some appropriate firewall groups/rules it's easy to tunnel some IPs and not others. Again Google is your friend. Just remember that on a firewall distro you'll have WAN in and LAN out. Two ports. You'll need to pass your LAN to a cheap switch if you want wired clients, but they're hella cheap so why not.

Ok thanks. Switch is no issue, my current setup is already wired to a switch (hh5 is away from most of my devices, so I just ran a single cable from it to a switch closer to most stuff, so I didn't have multiple cables trailing away from it).

 

[subbass]

What are the advantages (other than not needing to set it up) of using said VPN services than a getting a cheap cloud server with OpenVPN set up and installed?

 

[Rainmaker]

What are the advantages (other than not needing to set it up) of using said VPN services than a getting a cheap cloud server with OpenVPN set up and installed?

Privacy and anonymity, mostly. You can get a cloud server as cheap as you like, but (generally speaking) good luck getting one without ID or a payment that isn't traceable back to you. In other words, if someone comes snooping it's not hard to find out that you're the user behind the connection. Not a problem for most things, but in that case why use a VPN at all? It is, however, a problem for things like the copyright trolls if you accidentally download the wrong Linux ISO.

Also obfuscation. On a commercial VPN that's run properly (zero logging, RAM cache only, etc) you'll have anything from a dozen to a hundred other users sharing your dynamic IP at the VPN end. A really good supplier will also be running scripts to run constant random searches and load random websites, as well as false DNS traffic on their own self-hosted DNS servers, to further muddy the waters. In other words, your traffic is a drop in the (messy) ocean and it's impossible to separate users and traffic and say who did what. On your own server? Your server, your traffic.

Knock knock.
Who's there?
F.A.C.T.
????
Go to jail.



You'll want to make sure your provider is running bare metal servers on their own dedicated hardware. It's no good having a VPN with eleventy hundred servers in a billion countries if they're all shared VPS instances easily accessible or loggable at the datacentre end (i.e. the people the VPN company rent the VPS' from). That is - unfortunately - most VPN companies. The good ones have their own hardware in locked rooms (or at worse, locked racks) running solely in RAM with even the openvpn daemon and linux kernel itself not logging anything to disk.

There have, in the past, been a couple of cases of datacentres tapping VPN company VPS' to satisfy warrants or weed out copyright infringers. You can't do that if the server is set up right, and owned directly by the company. In that latter case, the DC would see only an ocean of traffic coming into the machine (with no clue as to which user requested it) and then encrypted traffic going out. On a VPS they can tap it to gain virtual access to see what's going on inside it (hint: that's bad). My tip, ask your VPN company if all their servers are dedicated and what their opsec policy is. Also ask whether they run their own DNS servers (you'd be amazed how many forward you to Google DNS or similar!). If they don't reply, or don't satisfy you when they do, move company.

 

[Type_R]

I use ExpressVPN. Costs about £80/year..superb speeds and loads of servers Worldwide.

 

[Armadillo]

Been meaning to ask, & thought I'd ask here rather than a new thread.

I assume it's ok to do online shopping etc through the vpn? It's SSL anyway and I figure even without the vpn you go through multiple servers anyway, so should be fine, but thought I'd ask anyway.

Other random question, just for curiosity. What does the isp/logging system actually see when using a vpn. Obviously they can't see the website and the data is encrpted, but do they see the connection to the vpns ip, every time you make a request, same as they would a proxy or only when you intially open the tunnel.

It doesn't matter either way, but just something I was curious about.

Thanks.

 

[hawky525]

I use ExpressVPN. Costs about £80/year..superb speeds and loads of servers Worldwide.

These or PIA are well thought of.
Here's a good site to compare all aspects of VPN providers - https://thatoneprivacysite.net/vpn-comparison-chart/.

 

[pc-guy]

Any little consumer plastic box is going to struggle with OpenVPN. Even a £200+ multi-antenna beastly looking thing still only often has a 500MHz CPU and 128MB RAM inside. They're trying to do everything in one box, and are mediocre at everything, relying on hardware packet filtering to keep the WAN > LAN speed acceptable, but failing miserably at everything else. OpenVPN is single threaded and CPU heavy, so they just drown.

If you really want to run VPN from your router (which is a good idea if it's to a UK node) then you're better off self-building. A 2.0 GHz quad core embedded fanless box - ideally supporting AES-NI - would be the ticket. I think that link is OK because OcUK don't sell them.

That would run pfSense or IPFire easily, especially as it has Intel NICs. I run a PC Engines APU2C4, though I haven't tried VPN through it yet (I run instances locally on the clients). I pass it through to a switch and have a Ubiquiti UAP AC PRO for wireless. Forget the little all in one boxes if you want to network properly. As someone on another forum says, and it always makes me chuckle, 'Friends don't let friends use consumer network equipment'.

I am looking at this option instead of AC68U etc. any chance you can point me to some links how to set up such systems?

that little box looks like what i need.

basically i want to keep my VR900 as a wireless repeater or AP if the wireless on the box doesn't give better and link VR900 to this box which will be the router connecting my media/backup HDDs to that

 

[pc-guy]

btw since this morning's post I have been doing a bit of research on VPNs etc,

it turns out OpenVPN with AES-128 encryption seems to be the standard and most secure VPN there is. IPsec/PPTP/L2TP can be vulnerable apparently https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs-sstp-vs-ikev2/

so looks like OpenVPN protocol is a good way to go...this means consumer based routers AC56U/AC68U/AC87U/AC88U, nighthawk etc won't cut the mustard as the processors in the unit don't have AES instruction set.

so really need to build a router to implement router level VPN running OpenVPN with AES-128 or even 256 if you are super paranoid. OpenVPN is single thread operation that's why all of the ARM chips inside the routers will be falling over with our the AES optimisation built into the chip's architecture. https://en.wikipedia.org/wiki/AES_instruction_set

I managed to find a barebone box that has a celeron processor that has AES chipset - Zotac ZBOX nano. it has dual lan and a celeron N3150 so perfectly good to run pfSense and reported can do over 100mbps+ VPN link without breaking a sweat.

 

[jamjar]

I have used Newshosting for 4 years and had no problems ,can,t ever think of a time when my download is bad ,always get around 7 to 8 mb download cost me £80 per year on there special offer link ,and i also get a free VPN with this which i use to watch French T.V and its great they also have a free software browser you can use to download stuff which is very good They have been going since 1999 and know what there doing ,just another one to take a look at

 

[Energize]

I've just renewed with ExpressVPN. Excellent speeds and totally unlimited. Doesn't come cheap though - about £80 for the year.

Yeah shame they are based in UK jurisdiction though.