Help with a new modem and VPN

[3dice]

Hi guys,

New on here, was wondering if anyone could help.

Basically I have a virginmedia super hub 100meg and use VPN software to switch on and off whenever I need (via the VPN providers software), my PC/phone etc are connected wireless and my TV receiver, console, blu ray player are wired (Ethernet). I have been reading up and seen that you can set your super hub into modem mode > connect it to a router that has been flashed with dd-wrt and install VPN on the modem. I believe there is instructions how to set up your VPN on their site. However I want some of my devices for example my TV receiver, console and maybe a phone to be free of VPN. I have seen some posts on this and could not really understand as it was not in laymans terms, also some posts were old and maybe this could be easier to perform now? I think I read something about policy based routing? So I was thinking:

1) what's a reasonable router/s that's good for a budget and would have the best and latest firmware that could let me bypass select devices (some connected VPN some bypassing it)
2) could I not use the superhub for the non VPN also? As I seen this tutorial? http://youtu.be/n7JNnyXtygQ Or am I getting mixed up.
3) and is this all safe and secure? Would any of this leave my network vulnerable. And I know you can brick your modem setting and installing this, are the YouTube tutorials easy enough to install dd-wrt or is there a UK provider of flashed modems?

Sorry for all the questions but thought I would explain all I could, as for why,I have seen more products like smart TVs and android sticks cannot have VPN on them and don't really want to use a smart DNS.

Cheer guys

 

[APM]

You'd need a pretty good spec level of kit,maybe a Mikrotik could do it but you'd have a learning curve ahead of you to get it working how you want.

 

[3dice]

Cheers for the reply mate, yeah I have looked into it and it seems hard work, it looks like there's a lot of interest in this but no difinitave answers, I don't know if it would work but in an ideal world, have my vm hub on as normal and another router connected to that with just VPN. that way any extra devices I choose to go to VPN wired or wireless are connected to that and the rest on my vm hub. I heard that it's either tomato/dd-wrt for this.

I have read that either its:

1) switch the vm hub to modem mode port 1 > wan of router with one of the firmwares above, create the VPN account on router but you can then tell certain devices to pass through the VPN to your isp. think this is policy based routing?

Or 2) think people have said you can use your vm hub as normal and connect your router to Ethernet > wan and have two ip's but don't know to much about that, only thing I could really find on that is the YouTube clip in the first post. http://youtu.be/n7JNnyXtygQ

 

[Rainmaker]

Using a VPN you really do need the superhub in modem only mode, no matter what. The hubs are crippled (either intentionally or through a bug) and don't deliver full speed when you're connected to a VPN. I get 3MB/sec in router mode and 18MB/sec (virtually my full 152Mbps) in modem only mode. This is a SH2 but the others are the same afaik.

To do what you want, as above you'd need proper networking kit. A consumer router (even a 'good' one at £100+) would only manage at best about 50Mbps throughput, and that's at 100% CPU usage constantly. Best way ('easiest' and cheapest) would be to build a decent box yourself with a good CPU possessing AES-NI capability and at least 8GB RAM. You can get Intel Pro dual or quad NIC cards on auction sites cheap enough, and even use certain wifi cards to turn it into a wireless router. A card would be required for each band, so if you want 2.4GHz and 5GHz you'd need 2x wifi cards.

Install pfSense on it and set the VPN up on pfSense so that it's the default gateway, with firewall rules to only allow WAN (ISP) to connect to the VPN IPs, and everything else forced through the VPN interface/gateway.

It's complicated but guides exist (e.g. on AirVPN's forum). Good luck. Meanwhile if you want full speed reliably on your various devices then throw the SH into modem mode anyway and bridge it to a decent router. Even an Asus 56u is cheap enough now and works great with Padavan firmware. Again, it won't run openvpn natively at any kind of speed, but it'll allow you to run the SH in modem modem and have VPN clients installed on your various devices until you sort out some 'real' network gear.