Posted: Thu Oct 12, 2017 23:44 Post subject: OpenVPN help!
Three things.
First: When I VPN through PIA, my speeds go from 350Mbs down to like 50Mbs. Is there any fix for this or is this just the pains of using a VPN?
Second: When trying to use the policy based routing option. You must specify which hosts on your network will go through the VPN. For example, if I want my desktop to go through, I would place in that field 192.168.15.100/32 to only enter my desktop. Any other device shouldn't go through the VPN. However, maybe it is configuration error on my part, it slows down or prevents whatever device(s) from accessing the internet.
Third: Netflix. Amazon. Hulu. You name it. For some ODD reason, they LOVE to block people coming from a proxy/vpn service. Are they any rules or custom scripts I can write to go directly through my home net rather than a VPN if I'm accessing those sites?
Joined: 05 Apr 2017 Posts: 981 Location: Louisiana, USA
Posted: Fri Oct 13, 2017 5:45 Post subject:
Not familiar with PIA, but here are some things to try.
Quote:
When I VPN through PIA, my speeds go from 350Mbs down to like 50Mbs. Is there any fix for this or is this just the pains of using a VPN?
Yes and No. A router's processor power is directly proportional to OpenVPN speeds.
Since you have literally the most powerful router on the market - your speeds shouldn't drop much or at all with OpenVPN Enabled.
*Make sure all your settings are correct such as NTP Server & Time Zone. Not just the VPN Settings.
I'm sure there is a way to configure it for much better speeds, but as I said I'm not familiar with PIA's setup.
You can try switching to port 443 and TCP and see if that helps.
*This may also possibly help with your Third concern.
Quote:
When trying to use the policy based routing option. You must specify which hosts on your network will go through the VPN. For example, if I want my desktop to go through, I would place in that field 192.168.15.100/32 to only enter my desktop. Any other device shouldn't go through the VPN. However, maybe it is configuration error on my part, it slows down or prevents whatever device(s) from accessing the internet.
Looks correct, but just to be sure - It's one IP Address per line.
*May possibly have to do with First issue.
Quote:
Netflix. Amazon. Hulu. You name it. For some ODD reason, they LOVE to block people coming from a proxy/vpn service. Are they any rules or custom scripts I can write to go directly through my home net rather than a VPN if I'm accessing those sites?
It is possible to mask the use of a VPN from some, but not many sites by using TCP Protocol on Port 443.
It will appear as regular SSL (https) traffic.
However, many sites & streaming services have got wise to VPN users and have 'blacklisted' VPN Provider's Servers.
If TCP 443 doesn't work - keep different servers. You may find one that works.
I did read a post awhile back where a Forum member had created a VPN bypass script for certain sites like Netflix & Amazon.
I'm sure a quick search of the Forum will locate it.
Also check out the 'Nighthawk X10 (R9000)' Topic in the Atheros Forum and see if anyone else has or had the same issue(s).
FIRMWARE:OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33) MODEM:ARRIS SURFBoard SB8200 ROUTER:Linksys WRT32X USB NAS:Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
Joined: 23 Sep 2017 Posts: 229 Location: Swindon, UK
Posted: Fri Oct 13, 2017 8:08 Post subject: Re: OpenVPN help!
jkells wrote:
When trying to use the policy based routing option. You must specify which hosts on your network will go through the VPN. For example, if I want my desktop to go through, I would place in that field 192.168.15.100/32 to only enter my desktop. Any other device shouldn't go through the VPN. However, maybe it is configuration error on my part, it slows down or prevents whatever device(s) from accessing the internet.
PBR and SFE (Shortcut Forwarding Engine) do not play well together.
Disable SFE on the basic setup page if not already done so. _________________ Router Model: Netgear R8000
Firmware: DD-WRT v3.0-r41813 std (12/29/19)
Modem: Super Hub 3.0
ISP: Virgin Media 350/35 Mbps
Not familiar with PIA, but here are some things to try.
Quote:
When I VPN through PIA, my speeds go from 350Mbs down to like 50Mbs. Is there any fix for this or is this just the pains of using a VPN?
Yes and No. A router's processor power is directly proportional to OpenVPN speeds.
Since you have literally the most powerful router on the market - your speeds shouldn't drop much or at all with OpenVPN Enabled.
*Make sure all your settings are correct such as NTP Server & Time Zone. Not just the VPN Settings.
I'm sure there is a way to configure it for much better speeds, but as I said I'm not familiar with PIA's setup.
You can try switching to port 443 and TCP and see if that helps.
*This may also possibly help with your Third concern.
Quote:
When trying to use the policy based routing option. You must specify which hosts on your network will go through the VPN. For example, if I want my desktop to go through, I would place in that field 192.168.15.100/32 to only enter my desktop. Any other device shouldn't go through the VPN. However, maybe it is configuration error on my part, it slows down or prevents whatever device(s) from accessing the internet.
Looks correct, but just to be sure - It's one IP Address per line.
*May possibly have to do with First issue.
Quote:
Netflix. Amazon. Hulu. You name it. For some ODD reason, they LOVE to block people coming from a proxy/vpn service. Are they any rules or custom scripts I can write to go directly through my home net rather than a VPN if I'm accessing those sites?
It is possible to mask the use of a VPN from some, but not many sites by using TCP Protocol on Port 443.
It will appear as regular SSL (https) traffic.
However, many sites & streaming services have got wise to VPN users and have 'blacklisted' VPN Provider's Servers.
If TCP 443 doesn't work - keep different servers. You may find one that works.
I did read a post awhile back where a Forum member had created a VPN bypass script for certain sites like Netflix & Amazon.
I'm sure a quick search of the Forum will locate it.
Also check out the 'Nighthawk X10 (R9000)' Topic in the Atheros Forum and see if anyone else has or had the same issue(s).
I have tried to run over 443/TCP, however I keep getting a time wait error in the vpn status logs. Could be related to NTP server errors. And for PBR, I am putting it one IP/Octet per line, hopefully I can find a work around for that. And for the streaming sites, I'm wondering if there is a rule that i can write that makes any traffic intended for netflix/hulu/amazon that it is routed through home_net rather than the vpn.
Posted: Fri Oct 13, 2017 9:49 Post subject: Re: OpenVPN help!
flakie wrote:
PBR and SFE (Shortcut Forwarding Engine) do not play well together.
Disable SFE on the basic setup page if not already done so.
I will have to look into SFE. That'd be great if that was the simple fix. I really don't like how it kills those devices that I specify in PBR. This would ultimately fix my Netflix/Amazon/Hulu issue because I would only have my PCs and smartphones on this for VPN usage. All of my streaming devices (xbox, firestick, smart tv) would just use the normal network connection.
Joined: 23 Sep 2017 Posts: 229 Location: Swindon, UK
Posted: Fri Oct 13, 2017 9:59 Post subject: Re: OpenVPN help!
jkells wrote:
I will have to look into SFE. That'd be great if that was the simple fix. I really don't like how it kills those devices that I specify in PBR. This would ultimately fix my Netflix/Amazon/Hulu issue because I would only have my PCs and smartphones on this for VPN usage. All of my streaming devices (xbox, firestick, smart tv) would just use the normal network connection.
Its exactly how I have mine setup. Works a treat _________________ Router Model: Netgear R8000
Firmware: DD-WRT v3.0-r41813 std (12/29/19)
Modem: Super Hub 3.0
ISP: Virgin Media 350/35 Mbps
Joined: 18 Mar 2014 Posts: 12922 Location: Netherlands
Posted: Fri Oct 13, 2017 10:06 Post subject:
When using PBR you have to disable SFE.
For PBR you can use CIDR notation to get a block of addresses see: https://www.ipaddressguide.com/cidr
Regarding speed a Netgear R9000 should do more than 350Mb/s over VPN because it has a powerfull CPU, but most PIA servers will not give you that speed.
When doing speed test use a server in your neigbourhoud for testing, use AES 128, use UDP and try different ports, but i doubt if PIA server will go over 100 Mb/s. So it is just a restriction on PIA's site.
IPVanish will give you perhaps faster speeds _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
When using PBR you have to disable SFE.
For PBR you can use CIDR notation to get a block of addresses see: https://www.ipaddressguide.com/cidr
Regarding speed a Netgear R9000 should do more than 350Mb/s over VPN because it has a powerfull CPU, but most PIA servers will not give you that speed.
When doing speed test use a server in your neigbourhoud for testing, use AES 128, use UDP and try different ports, but i doubt if PIA server will go over 100 Mb/s. So it is just a restriction on PIA's site.
IPVanish will give you perhaps faster speeds
So I'm using a /32 CIDR notation to isolate it to that SPECIFIC host to use the VPN. Let's say 192.168.15.130/32. And I don't think it's an issue with PIA's servers. When selecting your server (https://www.privateinternetaccess.com/pages/network/) you can perform a speedtest on their site directly (through their own servers). And I will get a constant 350Mbs and sometimes over 400Mbs (amazing on Spectrum, lol), but when enabling my VPN it drops to 50Mbs. So I don't believe it is their server that is the issue. I believe it's configuration settings. And unless I can get PBR to work, I will have to use TCP/443 routing (well figure it out because I keep getting a 'CONNECTION-WAIT' error in the VPN logs) to access streaming sites like Netflix/Hulu/Amazon.