How does VPN work? And how should it be set up?

[dikkiedirk]

When I want to use a VPN service as protection against the prying eyes from the authorities when downloading with usenet or torrent clien how should it be set up?

Does any computer, server or NAS be configured to use this VPN or should my router be configured to use this VPN and be done with it? Does it influence speed when browsing and downloading? What is the best service for use in the Netherlands/Europe? 

[tdallen]

If you want all your traffic to go out via VPN and your router supports it, you could simply configure your router with the VPN.  As an alternative, you can use Dockers like the ones offered by binhex (deluge, sab, etc) which have built in VPN support.  In that case you're being selective about what uses the VPN.  Finally you could use something like pfsense for your router, I believe you can get very selective there.  In my experience VPN speeds vary but it does tend to slow things down, at least a little and sometimes moderately.

[uldise]

what speeds are you expecting? to achieve 100+Mbit/s if you go router path, you need very capable hardware to encrypt/decrypt data. if you choose application path then this power is needed in application - like tdallen mentioned, deluge, sab, etc or virtual router like pfsense. i'm using virtual router from Mikrotik(Cloud host router) for site-to-site vpn and it works very well.

[carolyn6]

Hmm, what about Raspberry Pi? I think it is a good option for the EU. As far as I know, it is a cost-effective option. Did you consider it?

[CHBMB]

Raspberry Pi will severely hinder your speed.

There's some articles about pfsense on our website that you may find useful.

[unevent]

1 hour ago, CHBMB said:

Raspberry Pi will severely hinder your speed.

There's some articles about pfsense on our website that you may find useful.

 

Raspberry Pi has dedicated hardware for crypto and can perform quite well depending on the throughput needed.  Which Pi you use and the software plays a big role.

Edited September 22, 2017 by unevent

[HellDiverUK]

The Pi only has a 100Mb NIC, which sort of slows stuff down.

 

I run OpenVPN on my router (top of the range TPLink), but it's pretty slow - the router's CPU is a bit crap.  It ran much better on my old Asus RT-AC87U.  Shame the Asus freaked out and corrupted it's 5GHz firmware.

I used to run the VPN on a cheap TPLink pocket router, which I installed OpenWRT on to.  It seemed to run the VPN far quicker - the little Broadcom in the pocket router must have had dedicated hardware for the VPN.

[unevent]

2 hours ago, HellDiverUK said:

The Pi only has a 100Mb NIC, which sort of slows stuff down.

 

I run OpenVPN on my router (top of the range TPLink), but it's pretty slow - the router's CPU is a bit crap.  It ran much better on my old Asus RT-AC87U.  Shame the Asus freaked out and corrupted it's 5GHz firmware.

I used to run the VPN on a cheap TPLink pocket router, which I installed OpenWRT on to.  It seemed to run the VPN far quicker - the little Broadcom in the pocket router must have had dedicated hardware for the VPN.

 

If you are saturating a 100Mbit WAN connection 'Captian Obvious' should have kicked in long before in the hardware selection process.

 

For your Asus, they moved to Qualcomm vs Broadcomm for that model and the 5GHz was limp.  Look into Merlin firmware for that model, there are some improvements over stock.

[ijuarez]

I stick to pfSense, of course i'm biased.

[unevent]

1 hour ago, ijuarez said:

I stick to pfSense, of course i'm biased.

 

+1

[HellDiverUK]

4 hours ago, unevent said:

For your Asus, they moved to Qualcomm vs Broadcomm for that model and the 5GHz was limp.  Look into Merlin firmware for that model, there are some improvements over stock.

 

Quantenna, but you were close.

 

I've been running Merlin firmware on my various Asus routers from Merlin started releasing firmwares. 

 

The issue is the firmware on the Quantenna gets corrupt and then can't talk to the SOC any more - game over for the 5GHz.  Shame, it was a brilliant router until it curled it's toes up and died.

[unevent]

48 minutes ago, HellDiverUK said:

 

Quantenna, but you were close.

 

I've been running Merlin firmware on my various Asus routers from Merlin started releasing firmwares. 

 

The issue is the firmware on the Quantenna gets corrupt and then can't talk to the SOC any more - game over for the 5GHz.  Shame, it was a brilliant router until it curled it's toes up and died.

 

Yep Quantenna, thanks for the clarification.

[carolyn6]

I have checked several articles about Raspberry Pi as a VPN, I think this one describes all its functions the best. As far as I can see, it has three main advantages: First, it requires relatively little power for long-term operation as a server (mentioned in the article). Secondly, it is a safe option and lastly, it is cost-effective. Of course, it depends on the throughput, as it has been mentioned in the previous posts. Anyway, I hope it will help you to choose the right option.
If you decide to set up Rasberry Pi, there are setup instructions in the article.

[unevent]

To throw another option out, look at the ASRock J3355B-ITX.  It has an embedded Celeron J3355 which is dual core 2.0GHz, w/AES-NI and 10W TDP.  In the US it goes for around $55.

Edited October 13, 2017 by unevent

[charleslam]

pfsense for the win.  i use an amd quad-core in mine.  low power, at most hits 30 watts.  typically at 20 watts.  those micro-itx boards work well for this sort of thing.  i have mine with a mellanox connectx-2 fiber card in it and added the driver for pfsense to see it.  i know mine is overkill but its future proof.