Would really help if you told us which Pi and how fast the connection is and what sort of speeds you need? Pi’s are not great at OpenVPN as it’s a single threaded process, Pi’s earlier than the 3B+ really struggled due to the networking bus sharing bandwidth with the USB bus, the 3B+ fixed that and the 4 made things a lot better in terms of CPU/Networking, but you’ll still be limited to 100Mbit or so OpenVPN. If you want near gigabit speed, have you considered a provider who supports wireguard? Also is speed really the issue? A lot of the time people think it is, but realistically a 4Mbit stream is 4Mbit even if you have a gigabit WAN connection, stability and using an end point that’s low latency and not over subscribed tends to be more useful.

IkeV2 is not considered secure and hasn’t been for a long time. Depending on the reason for using a VPN this may or may not be an issue for you.

It's a 3b (don't think plus) 1gb.
My connection speed is 37mb or thereabout depends on sky at the time. I need about 25mbit min really for HD iptv.
Using Ikev2 on my phone, I'm getting nearer 30+, with UDP or TCP it's closer to 15.

Didn't realise Wireguard was a thing. I might look into that instead as I'm not tied into any VPN contracts and I have a trial sub for Mullvad. Thanks



Ps... Installed wireguard and connected it to Mullvad VPN and I'm getting my full connection speed @ around 37mbit. Very happy with that.
Thanks for the advice.
 
Last edited:
I've never gotten less than ~900Mbps on Mullvad, on any UK server I've tried. Nord is just as fast, but I wouldn't say it was faster. That's using WireGuard in all cases. Did you use something else? Just curious. I cancelled my Nord sub and got a refund. If the 100% cashback offer is still running I'll snag it (because why not?), but otherwise no biggie. I'm waiting for Proton to bring out WireGuard support, as that completes my wish list (secure, trusted company, WireGuard, Swiss location, Netflix/iPlayer/Amazon etc supported, 10 gig servers etc)... but I won't hold my breath.

Was with Nord for over 3 years prior and after I went to a 900MB fibre connection earlier this year, no matter what server or configuration I went to, it simply would not give me more than 70% of my connection speed, topped out around 600Mb on anything. I spent weeks trying to tease more out of it as the service had been excellent.

Gave Mullvad a go when Nord expired as I liked the idea of pure numbered account and BTC payment, we all want anonymity right ;) Mullvad has been at near constant max connection speed since day 1, even when using nearby foreign country servers. It is slightly more expensive than Nord but it just works and it works well.
 
Signed up to Mullvad. Within 10 mins it was deployed on a phone, a windows pc and a docker container. Very impressed with its ease of use and speed :cool:
 
I wasn't aware there was a full on VPN thread, thought I'd poke my head in and keep an eye out. I've recently taken a two year deal out with NordVPN. With cash back it's worked out really cheap. I'll have to see how it performs on FTTP once I move but so far it's exactly what I needed.
 
With the NordVPN Killswitch, do you still have access to via local LAN? I run NordVPN on a headless Linux server so I'd want to retain local LAN access.
 
I tried Nord twice and cancelled each time. for some reason, I couldn't keep my iPhone connection active and also couldn't connect to the same VPN servers with machines on the same network.
used PIA for 2 years with very few problems but have moved over to Surfshark for the unlimited licences. it's faster and better than PIA IMHO
 
With the NordVPN Killswitch, do you still have access to via local LAN? I run NordVPN on a headless Linux server so I'd want to retain local LAN access.

As I think I mentioned to you (might be mixing my peeps up!) the other day, you need to whitelist a CIDR/subnet higher for the Linux app - so a /24 gets whitelisted as a /16 etc. The killswitch doesn't interfere with LAN traffic.
 
My Nord subscription expired today. Any recommendations for a replacement around the same sort of price for what they offer? Main uses are P2P (socks 5 and the like), secure web browsing, streaming etc. Being able to access iPlayer, Netflix etc would be nice to have but not essential. I use ovpn files so a provider that offers same would be good and one with multiple connections so I can have it on multiple devices at same time (Nord offer 6). If I can get them on cashback then even better.

I did look at Proton which has the connections I need which at £8 a month is on the pricey side but drops to £6 if done over 2 years.
 
As I think I mentioned to you (might be mixing my peeps up!) the other day, you need to whitelist a CIDR/subnet higher for the Linux app - so a /24 gets whitelisted as a /16 etc. The killswitch doesn't interfere with LAN traffic.
Cheers, current settings:

Code:
(1:487)# nordvpn settings
Technology: OpenVPN
Protocol: UDP
Firewall: enabled
Kill Switch: enabled
CyberSec: disabled
Obfuscate: disabled
Notify: disabled
Auto-connect: enabled
DNS: 192.168.1.252, 192.168.1.253
Whitelisted subnets:
        192.168.1.0/24
        172.16.72.0/24

I use both those networks at home and it seems to be fine with /24 and the kill switch is working as expected.

Edit, I sometimes get an issue where after a reboot DNS resolution doesn't work. I have to disconnect and reconnect the VPN. Any idea why it might be behaving like that?
 
My Nord subscription expired today. Any recommendations for a replacement around the same sort of price for what they offer? Main uses are P2P (socks 5 and the like), secure web browsing, streaming etc. Being able to access iPlayer, Netflix etc would be nice to have but not essential. I use ovpn files so a provider that offers same would be good and one with multiple connections so I can have it on multiple devices at same time (Nord offer 6). If I can get them on cashback then even better.

I did look at Proton which has the connections I need which at £8 a month is on the pricey side but drops to £6 if done over 2 years.

Quidco + Nord .... it’s been effectively free for two years on and off for ages now. Same with PIA.
 
Quidco + Nord .... it’s been effectively free for two years on and off for ages now. Same with PIA.

I can see a 64% offer for Nord on quidco so deals must differ over time. Have PIA improved over the years? I used them before switching to Nord. I did have reasons for leaving Nord (I could never get geo locking to work on android TV and didn't find their customer service the best at times) but looking elsewhere they seem hard to beat for the price for the number of connections and that's a decent saving to go back to them.

Been considering Mullvad but doesn't seem very user friendly, for me at least, having read their socks guide as I'd be using it on a headless linux server. Surfshark are an option too and they're also on cashback websites.
 
I can see a 64% offer for Nord on quidco so deals must differ over time. Have PIA improved over the years? I used them before switching to Nord. I did have reasons for leaving Nord (I could never get geo locking to work on android TV and didn't find their customer service the best at times) but looking elsewhere they seem hard to beat for the price for the number of connections and that's a decent saving to go back to them.

Been considering Mullvad but doesn't seem very user friendly, for me at least, having read their socks guide as I'd be using it on a headless linux server. Surfshark are an option too and they're also on cashback websites.

The Nord/PIA offers change regularly, they have been as high as 104% cashback, it just depends on when you check. In terms of is x better than y, it really depends on the context and how much history you care about. Nord for example don’t always own the servers they use, while a minor thing for some, it’s a red flag for others, they also have a perception problem resting to incidents, largely due to applying a little spin and playing down issues. PIA employ an idiot/thief (which depends on if you believe he was as inept as he claims), but either way not someone I want involved in my VPN provider as CTO, they also had an ownership change that puts them in the hands of a known malware slinger. As general purpose VPN providers they are in better standing than the really crappy ones and the track record on being able to provide logs has hasn’t been problematic, but nobody is perfect.

You mention number of connections, surely if you are running a header less box, you are routing other local clients through it? That only uses one connection per end point. For geo restricted VoD services, Nord is reasonably good, but tbh it sounds like you aren’t running your VPN set-up the way I would. For example everything going to mydomain.com on my lan routes over a VPN tunnel, the same way that all traffic on certain ports routes over a tunnel. I have other devices that will never route unencrypted for anything, but the point is that my desire for security on those shouldn’t impact the rest of the houses freedom to use other services.
 
The Nord/PIA offers change regularly, they have been as high as 104% cashback, it just depends on when you check. In terms of is x better than y, it really depends on the context and how much history you care about. Nord for example don’t always own the servers they use, while a minor thing for some, it’s a red flag for others, they also have a perception problem resting to incidents, largely due to applying a little spin and playing down issues. PIA employ an idiot/thief (which depends on if you believe he was as inept as he claims), but either way not someone I want involved in my VPN provider as CTO, they also had an ownership change that puts them in the hands of a known malware slinger. As general purpose VPN providers they are in better standing than the really crappy ones and the track record on being able to provide logs has hasn’t been problematic, but nobody is perfect.

You mention number of connections, surely if you are running a header less box, you are routing other local clients through it? That only uses one connection per end point. For geo restricted VoD services, Nord is reasonably good, but tbh it sounds like you aren’t running your VPN set-up the way I would. For example everything going to mydomain.com on my lan routes over a VPN tunnel, the same way that all traffic on certain ports routes over a tunnel. I have other devices that will never route unencrypted for anything, but the point is that my desire for security on those shouldn’t impact the rest of the houses freedom to use other services.

Thanks for the advice. I know Nord had one of their servers hacked but whilst they said nothing had been compromised I know that people left because of how they handled it. You can probably find good and bad reviews for every VPN out there, just like you do for other things.

Networking is an area I lack some knowledge in so I probably am doing things wrong. I think my reasoning behind needing so many connections is that I have a micro server running multiple headless linux servers, each running one particular role rather than having one headless box and hosting multiple things with my logic being if the VM host goes down all my hosted servers go down with it. So for example lets say I have a headless Plex server and a headless Deluge server as two of my linux servers. In my example scenario I would be using a VPN for both plex and deluge at the same time which would then use two of however many connections I have which many on here may say is probably the wrong way to go about it. I probably need some help doing what I'm doing at home. As for outside the home I would just need a single connection for when I'm out and about using public wifi etc.
 
Edit, I sometimes get an issue where after a reboot DNS resolution doesn't work. I have to disconnect and reconnect the VPN. Any idea why it might be behaving like that?

Sorry for the delay, I had a spell in hospital. Double pneumonia and long COVID (when you didn't know you'd even had COVID!) ftw... :-/ I haven't experienced that with DNS, so I have no ideas sorry. It may be a bug in the nord cli app (broken iptables chain/rule, bad whitelisting etc) so it'd be worth dropping them a line to ask.
 
I’m looking for advice as the best VPN to use on my home network/devices for some additional privacy.

My main usage would be general browsing, streaming services and usenet.
 
I've got an Asus Router running Merlin, using Nord VPN.

Added a filter table for specific devices to the router to be permanently routed then added streaming devices to other tables that have vpns set in random other countries, that way I can just turn them on to say hit the US or Canada or Japan etc..

Also have Nord loaded on my mobile (Android) set to my pull down menu again super convenient to turn on and off, I also have a secondary VPN on my mobile that uses a tap emulator which connects to my open VPN (also set up on my Asus Router) for add free browsing or if I want to log in to my server remotely using remote desktop.

Hope that helps.
 
I've got an Asus Router running Merlin, using Nord VPN.

Added a filter table for specific devices to the router to be permanently routed then added streaming devices to other tables that have vpns set in random other countries, that way I can just turn them on to say hit the US or Canada or Japan etc..

Also have Nord loaded on my mobile (Android) set to my pull down menu again super convenient to turn on and off, I also have a secondary VPN on my mobile that uses a tap emulator which connects to my open VPN (also set up on my Asus Router) for add free browsing or if I want to log in to my server remotely using remote desktop.

Hope that helps.
Quick question on the routing. Is that done through the VPN Director tab in the VPN section or have you entered the config manually?
 
Quick question on the routing. Is that done through the VPN Director tab in the VPN section or have you entered the config manually?
Set each VPN tunnel through the VPN client tab, then set up a router based tunnel VPN on the VPN server page.

I used the VPN director section on each client tab to set up routing along with killswitches if required.

Also don't forget to manually configure ip addresses, I just let DHCP sort it out then locked the Mac address to the ip.
 
Back
Top Bottom