Associate
I've just been trying to use the 3 year codes and they all go to Nord's site with the 2 year deal in effect. I've asked Nord support and they confirm the best deal they offer at the moment is the 2 year deal.
*** VPN Thread ***
- Thread starter kPATm
- Start date
I've just been trying to use the 3 year codes and they all go to Nord's site with the 2 year deal in effect. I've asked Nord support and they confirm the best deal they offer at the moment is the 2 year deal.
Man of Honour
How challenging was that? I tried following a few guides but couldn't quite get it working.
Getting it to work network wide was easy (I did take a backup of my config, just in case), the NordVPN guide was OK. Now I'm trying to get it to send specific devices through the VPN and others just use normal Internet, I can get it to allow the devices through the VPN OK but other devices don't work 
Also want to set up a connection to multiple VPN servers and balance the load. Learning how to use Pfsense as I go.
Also want to set up a connection to multiple VPN servers and balance the load. Learning how to use Pfsense as I go.
Getting it to work network wide was easy (I did take a backup of my config, just in case), the NordVPN guide was OK. Now I'm trying to get it to send specific devices through the VPN and others just use normal Internet, I can get it to allow the devices through the VPN OK but other devices don't work
Also want to set up a connection to multiple VPN servers and balance the load. Learning how to use Pfsense as I go.
To route specific devices do the following:
- Ensure your devices are assigned reserved IP addresses by your pfSense DHCP server
- Create an alias for each group of devices you want and add their reserved IP addresses to the alias. Let’s call these aliases VPNDEVICES and NOVPNDEVICES
- Add a rule at the top of your firewall rules that routes source IP = VPNDEVICES to the interface you defined for your Nord connection
- Everything else will route via your default WAN interface
Also not sure what you are trying to achieve by load balancing between different VPN interfaces. Given they all have to go out over your WAN you’re not really load balancing anything (unless you have multiple WANs)
Associate
- Joined
- 8 Oct 2010
- Posts
- 1,179
I think he means setting up a gateway group with multiple VPN clients. I do this on pfSense. It means that if one VPN connection goes down, the other will route the traffic out instead.
So failover rather than load balancing? Is Nord pretty good at reconnecting? I find with PIA on my pfSense box that while it stays up for long periods, if it drops it always requires manual intervention to reconnect. If I had a failover gateway group of multiple VPN gateways all it would do is prolong the period up to which I’d need to intervene.
Associate
- Joined
- 8 Oct 2010
- Posts
- 1,179
Which servers do you use? I have a gateway group to PIA Manchester and London and neither drop.
Hi @BigT thanks for the instructions, I'll try again over the weekend.
@Steve_bullockuk thanks, that's what I meant. I saw this post in Virgin Media thread which got me thinking of trying to setup a connection to multiple VPN servers.
LOLVirginMedia. Everyone knows their routing is crap verging on insane, but this takes the cake. My 'internet experience' has been getting worse and worse this last year, despite a large head-end uplift and upgrade, new segments added, new CMTS etc. Every peak time traffic would start to slow down, I'd lose packets, websites loaded slowly (obviously using self-hosted DNS not VM's) and it was just awful. Then, having used Unix (BSD, Linux etc) for 15-20 years and VPNs for more than half that, I decided to do something about it. As I briefly mentioned in an earlier post a while ago, my setup is as follows:
I had been running VPNs on various local devices individually but got sick of load balancing, swapping connections/servers/locations between them (especially for family member devices). So in between attending the OcUK Motors meet, I spent the weekend playing with FreeBSD 11.1 p10 and getting my hands dirty.Now all devices route through my home made router as usual, but the VPNs (plural) have been moved off the local devices and on to that box. I now have interfaces as follows:
With manually set outbound NAT - plus hairpin NAT and proxy helper for self-hosted domain resolution due to the VPNs - each gateway (vpn.ac, NordVPN, AirVPN, PIA) has its own route to the 'real' WAN to maintain a connection 24/7. Extra locations and servers can be added trivially if or when the need arises. Originally I was running a single VPN and didn't know much about how to add (or even load balance between) a second or more. As I said, though, I've been busy playing with FreeBSD (11.1p10, Mate Desktop) for a few days though and digging around in ports and the networking stuff. Now I have it set so that all VPNs idle 24/7, all have NAT routes out via the main WAN gateway, and LAN access (or even individual client access) is controlled by pf rules like this:
LAN
* Pass, Source: LAN NET, Destination: ANY, Gateway: 'desired VPN or WAN gateway'
* Block, Source: ANY, Destination: ANY, Gateway: VM WAN
The second rule makes it impossible for the VPN to leak, as if the local clients can't resolve via the desired VPN gateway (chosen in rule 1), by default they would fall back to the 'normal' VM Gateway. With rule 2 in place, they now simply have all their packets dropped until I fix it again. For those who don't know, firewall rules (certainly in pf, ipfw, iptables etc) are read and used in order from top to bottom.
DNS is resolved separately per interface (VPN DNS per VPN interface, SecureDNS with DNSSEC over TLS for WAN). I noticed the TiVO v6 box didn't like this (the Netflix and YouTube apps would no longer work), so I set the DHCP daemon to provide the V6 with VM DNS servers as well as a static IP, while keeping the rest of the LAN devices 'clean' (encrypted with proper DNS). The TiVO still fetches its traffic over the VPN interfaces however, as does everything else LAN-side. Policy based routing FTW. The end result?
Using the bare naked VM350 connection (speedtest.net app to Vispa server):
Two clicks (Edit allow LAN rule, change output gateway from VM to VPN > Save):
Using my preferred VPN gateway (speedtest.net app, to the same Vispa server a moment apart from the first test):
Yes, you read that correctly. Yes, it was 'peak time' when the tests were undertaken. No, I haven't made a mistake with the labels (check the source network in the images for proof).
With the VPN enabled (AES-128-GCM) my pings to the same server from the same LAN machine (desktop PC, specs in sig) have gone down by 66%.Jitter is improved by 50%. Speed is barely impacted outside of margin of error. No leaks, DNS working properly, policy based routing pushing everything to the right place both LAN and WAN side. Job's a good un... Until I decide to tweak something else.
Edited to add: For those who don't know, VPNs are 'supposed' to slow down your connection compared to the 'bare' ISP link. They're also 'supposed' to increase latency / make pings worse. They're also 'supposed' to make your routing more complicated. In this case, VM's is so poor my VPN actually fixed it. I'll spare you all the traceroute printouts, but suffice to say a trace from my desktop to a server now has five less hops, missing all the VM-node-28237 steps with abysmal response times and convoluted routing. I now go direct from desktop PC > VPN server > destination in less than 6 hops. Win!
From memory one of the London servers. To be fair the long periods have been getting longer and longer since the new FTTC cabinet arrived and my internet moved into the 21st century. It might be to the point that perhaps it doesn't go down at all now and I just don't recall. Certainly not true of the VPN Unlimited subscription I have though which is a PoS
Soldato
Hey guys, i am looking into getting a vpn.
Am i able to use it for an Android box, Smart TV and my PC?
I assume it will have to be setup on my router to allow all these devices to use it?
Currently on BT Fibre with a Home Hub 6.
Having had a quick scan of the thread, is Nordvpn the go to vpn atm?
As a friend has recommended me to use Purevpn
Am i able to use it for an Android box, Smart TV and my PC?
I assume it will have to be setup on my router to allow all these devices to use it?
Currently on BT Fibre with a Home Hub 6.
Having had a quick scan of the thread, is Nordvpn the go to vpn atm?
As a friend has recommended me to use Purevpn
Think very carefully before putting a VPN on your router to provide network wide coverage. Things like iPlayer and Netflix may stop working. Also not all routers support acting as a VPN client. What make and model router do you have? Note if it is a consumer model it is unlikely to be powerful enough to maintain a high speed with the VPN connected.
As an alternative many providers let you have multiple connections and so you can put the client on your devices (Smart TV aside) and selectively put them behind a VPN as you please.
Edit: I see you said homehub 6. You won’t be able to put a VPN client on that to provide network wide coverage in any case so most of my first paragraph is moot unles you’re going to change router.
As an alternative many providers let you have multiple connections and so you can put the client on your devices (Smart TV aside) and selectively put them behind a VPN as you please.
Edit: I see you said homehub 6. You won’t be able to put a VPN client on that to provide network wide coverage in any case so most of my first paragraph is moot unles you’re going to change router.
Soldato
Thx BigT,
So basically i need to get a better router for network wide coverage, if i go that route.
My main reason i want to use a VPN is, i use smart IPTV app on my smart tv and it looks like i may be needing a VPN soon going by what i am reading lol.
I also use a certain streaming media centre on my pc (unsure if i am allowed to mention it here) so i dont want anything restricted in the future.
What would you or anyone else recommend?
So basically i need to get a better router for network wide coverage, if i go that route.
My main reason i want to use a VPN is, i use smart IPTV app on my smart tv and it looks like i may be needing a VPN soon going by what i am reading lol.
I also use a certain streaming media centre on my pc (unsure if i am allowed to mention it here) so i dont want anything restricted in the future.
What would you or anyone else recommend?
Soldato
- Joined
- 20 Oct 2008
- Posts
- 12,082
So all of the evidence of your streaming activities is already out there. It's a bit late to be worrying.
Not necessarily. You can add a device on your network and route traffic through that before it goes out via the homehub. I’ve not used it, but from what I read a Raspberry Pi and this would work for you and tell your Smart TV to route through it. http://www.pivpn.io/
I’m guessing that rather than privacy it’s about bypassing certain restrictions the major ISPs are now starting to invoke at 3pm on a Saturday.
Soldato
Thx again BigT,
Funnily enough i dont have any problems on a 3pm Saturdays, but i dont watch much of that these days.
Its mainly for Privacy.
Re. the Pi, i was considering getting a better router before all this, as the Wifi upstairs is patchy at best, so its probably better in my case to just get a better router
Cool. Just do your research first. Put everything behind a VPN on a consumer router and you might only get 20Mbps at most. Poor WiFi is generally a problem not solved so well by replacing an all in one with another all in one. A dedicated better placed access point or a mesh system are better solutions. I’d hate for you to spend a lot of money and have slow access behind a VPN, non-working iPlayer and Netflix and WiFi that isn’t much better.
Oh and for what it’s worth my own solution at home has a pfSense appliance and a few Ubiquiti access points. There’s not much I can’t do with IPTV boxes behind a VPN, newsgroup traffic behind a VPN, multiple geographical exit points for some streaming applications, IoT gear on a separate VLAN and the ability to VPN in to my home from anywhere in the world. Not cheap though. £80 per access point and I think £300 for a mini PC with 6 Ethernet ports and an AES-NI compatible CPU for the pfSense appliance.