OpenVPN help!

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
jkells
DD-WRT Novice


Joined: 12 Oct 2017
Posts: 14

PostPosted: Thu Oct 12, 2017 23:44    Post subject: OpenVPN help! Reply with quote
Three things.

First: When I VPN through PIA, my speeds go from 350Mbs down to like 50Mbs. Is there any fix for this or is this just the pains of using a VPN?

Second: When trying to use the policy based routing option. You must specify which hosts on your network will go through the VPN. For example, if I want my desktop to go through, I would place in that field 192.168.15.100/32 to only enter my desktop. Any other device shouldn't go through the VPN. However, maybe it is configuration error on my part, it slows down or prevents whatever device(s) from accessing the internet.

Third: Netflix. Amazon. Hulu. You name it. For some ODD reason, they LOVE to block people coming from a proxy/vpn service. Are they any rules or custom scripts I can write to go directly through my home net rather than a VPN if I'm accessing those sites?


I'm running Netgear R9000 with DD-WRT.
Sponsor
spuriousoffspring
DD-WRT Guru


Joined: 05 Apr 2017
Posts: 981
Location: Louisiana, USA

PostPosted: Fri Oct 13, 2017 5:45    Post subject: Reply with quote
Not familiar with PIA, but here are some things to try.

Quote:
When I VPN through PIA, my speeds go from 350Mbs down to like 50Mbs. Is there any fix for this or is this just the pains of using a VPN?


Yes and No. A router's processor power is directly proportional to OpenVPN speeds.
Since you have literally the most powerful router on the market - your speeds shouldn't drop much or at all with OpenVPN Enabled.

*Make sure all your settings are correct such as NTP Server & Time Zone. Not just the VPN Settings.

I'm sure there is a way to configure it for much better speeds, but as I said I'm not familiar with PIA's setup.

You can try switching to port 443 and TCP and see if that helps.
*This may also possibly help with your Third concern.

Quote:
When trying to use the policy based routing option. You must specify which hosts on your network will go through the VPN. For example, if I want my desktop to go through, I would place in that field 192.168.15.100/32 to only enter my desktop. Any other device shouldn't go through the VPN. However, maybe it is configuration error on my part, it slows down or prevents whatever device(s) from accessing the internet.


Looks correct, but just to be sure - It's one IP Address per line.
*May possibly have to do with First issue.

Quote:
Netflix. Amazon. Hulu. You name it. For some ODD reason, they LOVE to block people coming from a proxy/vpn service. Are they any rules or custom scripts I can write to go directly through my home net rather than a VPN if I'm accessing those sites?


It is possible to mask the use of a VPN from some, but not many sites by using TCP Protocol on Port 443.
It will appear as regular SSL (https) traffic.
However, many sites & streaming services have got wise to VPN users and have 'blacklisted' VPN Provider's Servers.
If TCP 443 doesn't work - keep different servers. You may find one that works.

I did read a post awhile back where a Forum member had created a VPN bypass script for certain sites like Netflix & Amazon.
I'm sure a quick search of the Forum will locate it.

Also check out the 'Nighthawk X10 (R9000)' Topic in the Atheros Forum and see if anyone else has or had the same issue(s).

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=305025

*Try different settings and see what works best for your environment.
Almost always best speeds on the closest server to you.

You can try different DNS Servers:
https://www.lifewire.com/free-and-public-dns-servers-2626062


Hope this helps!

_________________
DD-WRT Installation & Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311117

WRT32X DD-WRT Installation Procedure
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=315569

IPVanish OpenVPN Client Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=308565

FIRMWARE: OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33)
MODEM: ARRIS SURFBoard SB8200
ROUTER: Linksys WRT32X
USB NAS: Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
flakie
DD-WRT User


Joined: 23 Sep 2017
Posts: 229
Location: Swindon, UK

PostPosted: Fri Oct 13, 2017 8:08    Post subject: Re: OpenVPN help! Reply with quote
jkells wrote:
When trying to use the policy based routing option. You must specify which hosts on your network will go through the VPN. For example, if I want my desktop to go through, I would place in that field 192.168.15.100/32 to only enter my desktop. Any other device shouldn't go through the VPN. However, maybe it is configuration error on my part, it slows down or prevents whatever device(s) from accessing the internet.


PBR and SFE (Shortcut Forwarding Engine) do not play well together.
Disable SFE on the basic setup page if not already done so.

_________________
Router Model: Netgear R8000
Firmware: DD-WRT v3.0-r41813 std (12/29/19)
Modem: Super Hub 3.0
ISP: Virgin Media 350/35 Mbps

jkells
DD-WRT Novice


Joined: 12 Oct 2017
Posts: 14

PostPosted: Fri Oct 13, 2017 9:46    Post subject: Reply with quote
spuriousoffspring wrote:
Not familiar with PIA, but here are some things to try.

Quote:
When I VPN through PIA, my speeds go from 350Mbs down to like 50Mbs. Is there any fix for this or is this just the pains of using a VPN?


Yes and No. A router's processor power is directly proportional to OpenVPN speeds.
Since you have literally the most powerful router on the market - your speeds shouldn't drop much or at all with OpenVPN Enabled.

*Make sure all your settings are correct such as NTP Server & Time Zone. Not just the VPN Settings.

I'm sure there is a way to configure it for much better speeds, but as I said I'm not familiar with PIA's setup.

You can try switching to port 443 and TCP and see if that helps.
*This may also possibly help with your Third concern.

Quote:
When trying to use the policy based routing option. You must specify which hosts on your network will go through the VPN. For example, if I want my desktop to go through, I would place in that field 192.168.15.100/32 to only enter my desktop. Any other device shouldn't go through the VPN. However, maybe it is configuration error on my part, it slows down or prevents whatever device(s) from accessing the internet.


Looks correct, but just to be sure - It's one IP Address per line.
*May possibly have to do with First issue.

Quote:
Netflix. Amazon. Hulu. You name it. For some ODD reason, they LOVE to block people coming from a proxy/vpn service. Are they any rules or custom scripts I can write to go directly through my home net rather than a VPN if I'm accessing those sites?


It is possible to mask the use of a VPN from some, but not many sites by using TCP Protocol on Port 443.
It will appear as regular SSL (https) traffic.
However, many sites & streaming services have got wise to VPN users and have 'blacklisted' VPN Provider's Servers.
If TCP 443 doesn't work - keep different servers. You may find one that works.

I did read a post awhile back where a Forum member had created a VPN bypass script for certain sites like Netflix & Amazon.
I'm sure a quick search of the Forum will locate it.

Also check out the 'Nighthawk X10 (R9000)' Topic in the Atheros Forum and see if anyone else has or had the same issue(s).

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=305025

*Try different settings and see what works best for your environment.
Almost always best speeds on the closest server to you.

You can try different DNS Servers:
https://www.lifewire.com/free-and-public-dns-servers-2626062


Hope this helps!



I have tried to run over 443/TCP, however I keep getting a time wait error in the vpn status logs. Could be related to NTP server errors. And for PBR, I am putting it one IP/Octet per line, hopefully I can find a work around for that. And for the streaming sites, I'm wondering if there is a rule that i can write that makes any traffic intended for netflix/hulu/amazon that it is routed through home_net rather than the vpn.
jkells
DD-WRT Novice


Joined: 12 Oct 2017
Posts: 14

PostPosted: Fri Oct 13, 2017 9:49    Post subject: Re: OpenVPN help! Reply with quote
flakie wrote:

PBR and SFE (Shortcut Forwarding Engine) do not play well together.
Disable SFE on the basic setup page if not already done so.


I will have to look into SFE. That'd be great if that was the simple fix. I really don't like how it kills those devices that I specify in PBR. This would ultimately fix my Netflix/Amazon/Hulu issue because I would only have my PCs and smartphones on this for VPN usage. All of my streaming devices (xbox, firestick, smart tv) would just use the normal network connection.
flakie
DD-WRT User


Joined: 23 Sep 2017
Posts: 229
Location: Swindon, UK

PostPosted: Fri Oct 13, 2017 9:59    Post subject: Re: OpenVPN help! Reply with quote
jkells wrote:
I will have to look into SFE. That'd be great if that was the simple fix. I really don't like how it kills those devices that I specify in PBR. This would ultimately fix my Netflix/Amazon/Hulu issue because I would only have my PCs and smartphones on this for VPN usage. All of my streaming devices (xbox, firestick, smart tv) would just use the normal network connection.


Its exactly how I have mine setup. Works a treat Smile

_________________
Router Model: Netgear R8000
Firmware: DD-WRT v3.0-r41813 std (12/29/19)
Modem: Super Hub 3.0
ISP: Virgin Media 350/35 Mbps

egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Fri Oct 13, 2017 10:06    Post subject: Reply with quote
When using PBR you have to disable SFE.
For PBR you can use CIDR notation to get a block of addresses see: https://www.ipaddressguide.com/cidr

Regarding speed a Netgear R9000 should do more than 350Mb/s over VPN because it has a powerfull CPU, but most PIA servers will not give you that speed.
When doing speed test use a server in your neigbourhoud for testing, use AES 128, use UDP and try different ports, but i doubt if PIA server will go over 100 Mb/s. So it is just a restriction on PIA's site.
IPVanish will give you perhaps faster speeds

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
jkells
DD-WRT Novice


Joined: 12 Oct 2017
Posts: 14

PostPosted: Fri Oct 13, 2017 10:19    Post subject: Reply with quote
egc wrote:
When using PBR you have to disable SFE.
For PBR you can use CIDR notation to get a block of addresses see: https://www.ipaddressguide.com/cidr

Regarding speed a Netgear R9000 should do more than 350Mb/s over VPN because it has a powerfull CPU, but most PIA servers will not give you that speed.
When doing speed test use a server in your neigbourhoud for testing, use AES 128, use UDP and try different ports, but i doubt if PIA server will go over 100 Mb/s. So it is just a restriction on PIA's site.
IPVanish will give you perhaps faster speeds


So I'm using a /32 CIDR notation to isolate it to that SPECIFIC host to use the VPN. Let's say 192.168.15.130/32. And I don't think it's an issue with PIA's servers. When selecting your server (https://www.privateinternetaccess.com/pages/network/) you can perform a speedtest on their site directly (through their own servers). And I will get a constant 350Mbs and sometimes over 400Mbs (amazing on Spectrum, lol), but when enabling my VPN it drops to 50Mbs. So I don't believe it is their server that is the issue. I believe it's configuration settings. And unless I can get PBR to work, I will have to use TCP/443 routing (well figure it out because I keep getting a 'CONNECTION-WAIT' error in the VPN logs) to access streaming sites like Netflix/Hulu/Amazon.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum