VPN on Virgin

[mejinks]

I have a NAS at home that I would like to access remotely, so I have set up a Vigor router as an open vpn server and have also tried setting up as ssl vpn, none of these options allow me to connect to my home network at faster speeds then 3mbps.

Would I be right in saying that Virgin block or severely speed limit incoming VPN? If I view my cameras externally they take a very long time to connect also.

Im on the 250mb package currently. Has anyone else experienced this? Im getting very fed up with Virgin.

 

[Avalon]

TLDR: It's not Virgin, it's you.

Virgin have no intertest in limiting your upload below what you pay for, on 250 (264Mbit), that's 25Mbit up. OpenVPN is single threaded and really benefits from an FPU and even better, some hardware acceleration like AES-NI if you use a compatible encryption standard. Running OVPN on an SoC based router generally ends poorly, you'd be much better off using something more modern and efficient like Wireguard, but your router is unlikely to support that.

 

[visibleman]

Make sure it's latest firmware, QoS and bandwidth limits are disabled and acceleration is enabled. And i would try IPSEC/L2TP/PPTP/WireGuard and see what performance is like as OpenVPN and SSL on the majority of Draytek's isn't particularly great.

Out of interest what model do you have? And how are you testing the connection (remote, to VM/Draytek, connection etc)?

...you'd be much better off using something more modern and efficient like Wireguard, but your router is unlikely to support that.

Later Draytek models support WireGuard.

 

[Yaayuh!]

Real men punch a hole in their firewall and port forward to the NAS .


jk, do not do this!

 

[Rainmaker]

As usual, Avalon is spot on. You'd be better off running WireGuard on a local Raspberry Pi, your NAS or similar and connecting through that. When I was on VM I got 100Mbps consistently over WireGuard when connected remotely (i.e. the upstream was saturated no problem).

 

[Avalon]

Make sure it's latest firmware, QoS and bandwidth limits are disabled and acceleration is enabled. And i would try IPSEC/L2TP/PPTP/WireGuard and see what performance is like as OpenVPN and SSL on the majority of Draytek's isn't particularly great.

Out of interest what model do you have? And how are you testing the connection (remote, to VM/Draytek, connection etc)?


Later Draytek models support WireGuard.

Support is a very broad term, and Draytek are a very... niche provider at this point.

As usual, Avalon is spot on. You'd be better off running WireGuard on a local Raspberry Pi, your NAS or similar and connecting through that. When I was on VM I got 100Mbps consistently over WireGuard when connected remotely (i.e. the upstream was saturated no problem).

I did notice PiVPN has gone archive/read only as of yesterday, it'll still work for a long time, but it's not getting updated. Obviously yopu can do wg other ways and forks will likely pop up, but it's worth mentioning.

 

[mejinks]

TLDR: It's not Virgin, it's you.

Virgin have no intertest in limiting your upload below what you pay for, on 250 (264Mbit), that's 25Mbit up. OpenVPN is single threaded and really benefits from an FPU and even better, some hardware acceleration like AES-NI if you use a compatible encryption standard. Running OVPN on an SoC based router generally ends poorly, you'd be much better off using something more modern and efficient like Wireguard, but your router is unlikely to support that.

Cheers for the reply. I tried firstly with an old 2830, then a 2762. I've been looking to install and run Sophos XG home on an old box, but this is not installing. Raspberry pi is not something I had considered, so I will look into this. Thank you.

 

[Rainmaker]

I did notice PiVPN has gone archive/read only as of yesterday, it'll still work for a long time, but it's not getting updated. Obviously yopu can do wg other ways and forks will likely pop up, but it's worth mentioning.

Good spot mate. I didn't know that, I've always just set up WG manually.

 

[Avalon]

Cheers for the reply. I tried firstly with an old 2830, then a 2762. I've been looking to install and run Sophos XG home on an old box, but this is not installing. Raspberry pi is not something I had considered, so I will look into this. Thank you.

Also consider OpenWRT and OPNSense, XG tends to be well behind on versioning, at one point the OVPN side was a problem because they just refused to update it for 'reasons'. Untangle isn't a bad shout, and OVPN works accelerated on that 100% and the free version lets you use the tunnel feature/tag devices or specific port traffic/destinations to go via VPN easily.

Good spot mate. I didn't know that, I've always just set up WG manually.

Apparently the cool kids use Tailscale to make that easier... I wasn't aware it wasn't easy, but young'uns nowadays don't know how easy they have it!

 

[visibleman]

I tried firstly with an old 2830, then a 2762.

Off the top of my head, neither of those support Wireguard but i would give L2TP/IPSEC a whirl and see what you achieve. Arguably you would need to a 28/29/3XXX model to get Wireguard and better performance or look elsewhere if those Draytek's are you're only option.

Support is a very broad term, and Draytek are a very... niche provider at this point.

I see them in a lot of SMB's through work but i guess they're niche compared to the 'big boys'. Their WG implementation isn't amazing but it's not completely dire, i can regularly pull 90-100Mbps on a lowly 2927 (single tunnel; 200Mb circuits either end).

 

[Avalon]

Off the top of my head, neither of those support Wireguard but i would give L2TP/IPSEC a whirl and see what you achieve. Arguably you would need to a 28/29/3XXX model to get Wireguard and better performance or look elsewhere if those Draytek's are you're only option.


I see them in a lot of SMB's through work but i guess their niche compared to the 'big boys'. Their WG implementation isn't amazing but it's not completely dire, i can regularly pull 90-100Mbps on a lowly 2927 (single tunnel; 200Mb circuits either end).

I wouldn't be using L2TP/IPSEC at this point, that's just not a good choice. You see Draytek in small business and things like branch offices because they are seen a safe and dependable option with decent documentation, that's it's niche, not adding extra features or setting records in performance/value, though given the timeline on LTS I wouldn't argue they are bad value.