OpenVPN help!

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
jkells
DD-WRT Novice


Joined: 12 Oct 2017
Posts: 9

PostPosted: Thu Oct 12, 2017 23:44    Post subject: OpenVPN help! Reply with quote
Three things.

First: When I VPN through PIA, my speeds go from 350Mbs down to like 50Mbs. Is there any fix for this or is this just the pains of using a VPN?

Second: When trying to use the policy based routing option. You must specify which hosts on your network will go through the VPN. For example, if I want my desktop to go through, I would place in that field 192.168.15.100/32 to only enter my desktop. Any other device shouldn't go through the VPN. However, maybe it is configuration error on my part, it slows down or prevents whatever device(s) from accessing the internet.

Third: Netflix. Amazon. Hulu. You name it. For some ODD reason, they LOVE to block people coming from a proxy/vpn service. Are they any rules or custom scripts I can write to go directly through my home net rather than a VPN if I'm accessing those sites?


I'm running Netgear R9000 with DD-WRT.
Sponsor
spuriousoffspring
DD-WRT User


Joined: 05 Apr 2017
Posts: 321
Location: Louisiana, USA

PostPosted: Fri Oct 13, 2017 5:45    Post subject: Reply with quote
Not familiar with PIA, but here are some things to try.

Quote:
When I VPN through PIA, my speeds go from 350Mbs down to like 50Mbs. Is there any fix for this or is this just the pains of using a VPN?


Yes and No. A router's processor power is directly proportional to OpenVPN speeds.
Since you have literally the most powerful router on the market - your speeds shouldn't drop much or at all with OpenVPN Enabled.

*Make sure all your settings are correct such as NTP Server & Time Zone. Not just the VPN Settings.

I'm sure there is a way to configure it for much better speeds, but as I said I'm not familiar with PIA's setup.

You can try switching to port 443 and TCP and see if that helps.
*This may also possibly help with your Third concern.

Quote:
When trying to use the policy based routing option. You must specify which hosts on your network will go through the VPN. For example, if I want my desktop to go through, I would place in that field 192.168.15.100/32 to only enter my desktop. Any other device shouldn't go through the VPN. However, maybe it is configuration error on my part, it slows down or prevents whatever device(s) from accessing the internet.


Looks correct, but just to be sure - It's one IP Address per line.
*May possibly have to do with First issue.

Quote:
Netflix. Amazon. Hulu. You name it. For some ODD reason, they LOVE to block people coming from a proxy/vpn service. Are they any rules or custom scripts I can write to go directly through my home net rather than a VPN if I'm accessing those sites?


It is possible to mask the use of a VPN from some, but not many sites by using TCP Protocol on Port 443.
It will appear as regular SSL (https) traffic.
However, many sites & streaming services have got wise to VPN users and have 'blacklisted' VPN Provider's Servers.
If TCP 443 doesn't work - keep different servers. You may find one that works.

I did read a post awhile back where a Forum member had created a VPN bypass script for certain sites like Netflix & Amazon.
I'm sure a quick search of the Forum will locate it.

Also check out the 'Nighthawk X10 (R9000)' Topic in the Atheros Forum and see if anyone else has or had the same issue(s).

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=305025

*Try different settings and see what works best for your environment.
Almost always best speeds on the closest server to you.

You can try different DNS Servers:
https://www.lifewire.com/free-and-public-dns-servers-2626062


Hope this helps!

_________________
DD-WRT Installation & Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311117

IPVanish OpenVPN Client Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=308565

FIRMWARE: 05-2-2017 - r31924
MODEM: ARRIS SURFBoard SB8200
ROUTER: Linksys WRT1900AC_v1
USB NAS: Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
SERVICES: Samba Share + IPVanish OpenVPN Client
flakie
DD-WRT Novice


Joined: 23 Sep 2017
Posts: 40
Location: Swindon, UK

PostPosted: Fri Oct 13, 2017 8:08    Post subject: Re: OpenVPN help! Reply with quote
jkells wrote:
When trying to use the policy based routing option. You must specify which hosts on your network will go through the VPN. For example, if I want my desktop to go through, I would place in that field 192.168.15.100/32 to only enter my desktop. Any other device shouldn't go through the VPN. However, maybe it is configuration error on my part, it slows down or prevents whatever device(s) from accessing the internet.


PBR and SFE (Shortcut Forwarding Engine) do not play well together.
Disable SFE on the basic setup page if not already done so.

_________________
Router Model: Netgear R7800
Firmware Version: DD-WRT v3.0-r33525M kongat (10/16/17)
Modem: SuperHub 3
ISP: Virgin Media 100/6 Mbps
OpenVPN Client (IPVanish): 98/5.5 Mbps (best test result)
jkells
DD-WRT Novice


Joined: 12 Oct 2017
Posts: 9

PostPosted: Fri Oct 13, 2017 9:46    Post subject: Reply with quote
spuriousoffspring wrote:
Not familiar with PIA, but here are some things to try.

Quote:
When I VPN through PIA, my speeds go from 350Mbs down to like 50Mbs. Is there any fix for this or is this just the pains of using a VPN?


Yes and No. A router's processor power is directly proportional to OpenVPN speeds.
Since you have literally the most powerful router on the market - your speeds shouldn't drop much or at all with OpenVPN Enabled.

*Make sure all your settings are correct such as NTP Server & Time Zone. Not just the VPN Settings.

I'm sure there is a way to configure it for much better speeds, but as I said I'm not familiar with PIA's setup.

You can try switching to port 443 and TCP and see if that helps.
*This may also possibly help with your Third concern.

Quote:
When trying to use the policy based routing option. You must specify which hosts on your network will go through the VPN. For example, if I want my desktop to go through, I would place in that field 192.168.15.100/32 to only enter my desktop. Any other device shouldn't go through the VPN. However, maybe it is configuration error on my part, it slows down or prevents whatever device(s) from accessing the internet.


Looks correct, but just to be sure - It's one IP Address per line.
*May possibly have to do with First issue.

Quote:
Netflix. Amazon. Hulu. You name it. For some ODD reason, they LOVE to block people coming from a proxy/vpn service. Are they any rules or custom scripts I can write to go directly through my home net rather than a VPN if I'm accessing those sites?


It is possible to mask the use of a VPN from some, but not many sites by using TCP Protocol on Port 443.
It will appear as regular SSL (https) traffic.
However, many sites & streaming services have got wise to VPN users and have 'blacklisted' VPN Provider's Servers.
If TCP 443 doesn't work - keep different servers. You may find one that works.

I did read a post awhile back where a Forum member had created a VPN bypass script for certain sites like Netflix & Amazon.
I'm sure a quick search of the Forum will locate it.

Also check out the 'Nighthawk X10 (R9000)' Topic in the Atheros Forum and see if anyone else has or had the same issue(s).

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=305025

*Try different settings and see what works best for your environment.
Almost always best speeds on the closest server to you.

You can try different DNS Servers:
https://www.lifewire.com/free-and-public-dns-servers-2626062


Hope this helps!



I have tried to run over 443/TCP, however I keep getting a time wait error in the vpn status logs. Could be related to NTP server errors. And for PBR, I am putting it one IP/Octet per line, hopefully I can find a work around for that. And for the streaming sites, I'm wondering if there is a rule that i can write that makes any traffic intended for netflix/hulu/amazon that it is routed through home_net rather than the vpn.
jkells
DD-WRT Novice


Joined: 12 Oct 2017
Posts: 9

PostPosted: Fri Oct 13, 2017 9:49    Post subject: Re: OpenVPN help! Reply with quote
flakie wrote:

PBR and SFE (Shortcut Forwarding Engine) do not play well together.
Disable SFE on the basic setup page if not already done so.


I will have to look into SFE. That'd be great if that was the simple fix. I really don't like how it kills those devices that I specify in PBR. This would ultimately fix my Netflix/Amazon/Hulu issue because I would only have my PCs and smartphones on this for VPN usage. All of my streaming devices (xbox, firestick, smart tv) would just use the normal network connection.
flakie
DD-WRT Novice


Joined: 23 Sep 2017
Posts: 40
Location: Swindon, UK

PostPosted: Fri Oct 13, 2017 9:59    Post subject: Re: OpenVPN help! Reply with quote
jkells wrote:
I will have to look into SFE. That'd be great if that was the simple fix. I really don't like how it kills those devices that I specify in PBR. This would ultimately fix my Netflix/Amazon/Hulu issue because I would only have my PCs and smartphones on this for VPN usage. All of my streaming devices (xbox, firestick, smart tv) would just use the normal network connection.


Its exactly how I have mine setup. Works a treat Smile

_________________
Router Model: Netgear R7800
Firmware Version: DD-WRT v3.0-r33525M kongat (10/16/17)
Modem: SuperHub 3
ISP: Virgin Media 100/6 Mbps
OpenVPN Client (IPVanish): 98/5.5 Mbps (best test result)
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 960
Location: Netherlands

PostPosted: Fri Oct 13, 2017 10:06    Post subject: Reply with quote
When using PBR you have to disable SFE.
For PBR you can use CIDR notation to get a block of addresses see: https://www.ipaddressguide.com/cidr

Regarding speed a Netgear R9000 should do more than 350Mb/s over VPN because it has a powerfull CPU, but most PIA servers will not give you that speed.
When doing speed test use a server in your neigbourhoud for testing, use AES 128, use UDP and try different ports, but i doubt if PIA server will go over 100 Mb/s. So it is just a restriction on PIA's site.
IPVanish will give you perhaps faster speeds

_________________
Router Netgear R6400, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide see Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
jkells
DD-WRT Novice


Joined: 12 Oct 2017
Posts: 9

PostPosted: Fri Oct 13, 2017 10:19    Post subject: Reply with quote
egc wrote:
When using PBR you have to disable SFE.
For PBR you can use CIDR notation to get a block of addresses see: https://www.ipaddressguide.com/cidr

Regarding speed a Netgear R9000 should do more than 350Mb/s over VPN because it has a powerfull CPU, but most PIA servers will not give you that speed.
When doing speed test use a server in your neigbourhoud for testing, use AES 128, use UDP and try different ports, but i doubt if PIA server will go over 100 Mb/s. So it is just a restriction on PIA's site.
IPVanish will give you perhaps faster speeds


So I'm using a /32 CIDR notation to isolate it to that SPECIFIC host to use the VPN. Let's say 192.168.15.130/32. And I don't think it's an issue with PIA's servers. When selecting your server (https://www.privateinternetaccess.com/pages/network/) you can perform a speedtest on their site directly (through their own servers). And I will get a constant 350Mbs and sometimes over 400Mbs (amazing on Spectrum, lol), but when enabling my VPN it drops to 50Mbs. So I don't believe it is their server that is the issue. I believe it's configuration settings. And unless I can get PBR to work, I will have to use TCP/443 routing (well figure it out because I keep getting a 'CONNECTION-WAIT' error in the VPN logs) to access streaming sites like Netflix/Hulu/Amazon.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum