Possible silly question about setting up VPN on a router

mrochester · 16 Apr 2017 at 11:24

Hi all

I have just bought access to a VPN (PIA) and I would like to set up access to this on my router. Do you need a specific router running specific software to do this or can you pretty much configure any router for this purpose?

I have a TP-Link Archer VR900.

Best wishes

M.

Sparx · 16 Apr 2017 at 15:55

The VR900 doesn't have VPN support unfortunately.

I have the same router, another thread here as well on it. You think it could for the price!!

https://forums.overclockers.co.uk/threads/tp-link-vr900-and-vpn.18759931/

APM · 16 Apr 2017 at 15:59

Having had a quick google of the stats not if you want to use OpenVPN,

http://uk.tp-link.com/products/details/Archer-VR900.html#specifications

ScoobyDoo · 16 Apr 2017 at 22:16

VPN via a router wont give you very good throughput, depends on what speed your internet access is and what you want the VPN for.
Using the pia application on your pc will give you far better speed

pc-guy · 16 Apr 2017 at 22:36

Router based VPN implementation is good as it offers convenience such that connected computers and devices don't need to install apps to have VPN on. it also makes sense as these paid VPN run on number of devices connected. so if you have multiple PC and tablets/phones that will be on at the same time then router implementation is certainly the most economical way of getting around that.

but you need routers that are capable of running VPN - openVPN specifically as this is the most commonly used protocol.

there are consumer graded routers that are capable of having OpenVPN running in client mode - the ones you need are the ones with custom rom such as the asus RT-AC series routers. None of the modem-router (routers with built-in modem) can support custom rom that is capable of openVPN client.

with router such as the rt-ac68u or even ac88u, the max speed achievable is about 50mbps, this is due to the limiting CPU power as openVPN runs very heavy encryption. the implementation of openVPN on these routers are extremely simple - type in server address and password and user name etc. so in your case, you need to use the VR900 as a modem and disable the DHCP in the router option and let the new router does the DHCP handling and routing.

the alternative route is a soho type router or selfbuilt router which basically is a computer running a firewall fireware such as pfsense. but i suspect this is not something for you.

APM · 16 Apr 2017 at 23:07

I got an Asus RT N66-U recently and I'm sure I saw an option for OpenVPN in the Merlin firmware I put on it,will check tomorrow and update.

haveaniceday · 17 Apr 2017 at 09:35

https://www.dd-wrt.com/wiki/index.php/TP_Link_Archer_C9
Archer VR900 dose support DD-WRT FIRMWARE

APM · 17 Apr 2017 at 18:33

The RT-N66U has very good options for setting up OpenVPN if you're so inclined to go that way.

russ9898 · 17 Apr 2017 at 20:37

APM said:
The RT-N66U has very good options for setting up OpenVPN if you're so inclined to go that way.

It does indeed, especially with Merlin firmware however as mentioned earlier, the routers limited cpu power will see any VPN traffic limited to a speed of approx 10mbit.

APM · 17 Apr 2017 at 20:42

russ9898 said:
It does indeed, especially with Merlin firmware however as mentioned earlier, the routers limited cpu power will see any VPN traffic limited to a speed of approx 10mbit.

Software based it is then.

DJMK4 · 17 Apr 2017 at 22:19

Unless you can pick up a good deal on a decent brand router /firewall off the bay

APM · 17 Apr 2017 at 22:33

DJMK4 said:
Unless you can pick up a good deal on a decent brand router /firewall off the bay

What would you recommend?

DJMK4 · 18 Apr 2017 at 09:34

APM said:
What would you recommend?

Depends how much you have to spend?

I see people spending over £100 on a home router, when you could pick up something like a small Cisco ASA 5505 firewall or a little Juniper SRX firewall off ebay. All depends on what you want out of it, if you dont mind having a modem or router in WAN only mode infront and seperate wifi.

Or you could buy something like a Cisco 887 VA.

Depends on what technology you are interested in I guess and how much you have to spend.

I thought some Draytek routers are capable of RAS and Site to Site VPN?

pc-guy · 18 Apr 2017 at 15:01

haveaniceday said:
https://www.dd-wrt.com/wiki/index.php/TP_Link_Archer_C9
Archer VR900 dose support DD-WRT FIRMWARE

that's C9 a completely different router. C9 is a router not a router modem.

The OP has VR900. I got the same router modem and it doesn't support DD-WRT. As far as I am aware there is no custom firmware support for any routers with built in modem.

Steve_bullockuk · 19 Apr 2017 at 11:37

pc-guy said:
As far as I am aware there is no custom firmware support for any routers with built in modem.

This. I had a VR900 and switched to pfSense for this very reason.

Vimes · 19 Apr 2017 at 12:53

Some info that I found on router capability with running a VPN client.....

[AC3100 (same as AC88U minus 4 ethernet ports)
CTF enabled
DL: 61 Mbps with core 1 at 25%, core 2 at 75%
UL: 84 Mbps with core 1 at 35%, core 2 at 100%

AC68U
CTF + FA enabled
DL: 43 Mbps with core 1 at 25%, core 2 at 80%
UL: 60 Mbps with core 1 at 35%, core 2 at 100%

AC68U
CTF enabled
DL: 44 Mbps with core 1 at 30%, core 2 at 80%
UL: 58 Mbps with core 1 at 40%, core 2 at 100%

That is using AES-128 encryption.

My R7000 flashed with a Asus-WRT Merlin firmware and using a dual core 1ghz CPU tops out alive 40Mb..
If overclocked it does better.

That is with AES-256 CBC encryption.

It does allow policy based routing. That is very useful.

It is very different when using a pfsense box with AES instruction capable CPU but that can be difficult to setup.