Posted: Tue Oct 29, 2019 16:25 Post subject: newbie questions about VPN and OpenDNS
If a VPN service such as ExpressVPN or IPVanish is added to the ddwrt router, each client then accesses the internet masqueraded behind the VPN service? If so, does this mean kids could access adult sites? If so, can OpenDNS be used simultaneously with VPN to prevent kids from accessing inappropriate sites while using a VPN?
I now have VPN working. IPVanish has instructions on their site to add it to ddwrt. The instructions worked perfectly. However, according to speed checker in ddwrt , my speed has drastically fallen and I can tell the difference when streaming via Hulu. Here are the before and after tests. Should this be happening?
Depends what your router is. And encryption level to some degree.
So that may be about right.
More CPU speed = more VPN speed.
R7800 at 1700MHz may do around 90Mb/s.
I am using an R7000 which has a 1.0 GHz dual-core processor. Look at the speed before VPN. It was greater than 100 Mbps. That's an 80% reduction in speed! That's too large of a reduction just because VPN was added isn't it?
I think I will remove VPN and just use IPVanish on my computer when I want to use it. Out here in the rural area where I live 100Mbps (which is what I was getting before installing VPN) is a proud-possession. No one in the house wants to go back to our days when we only received 20Mbps!
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Wed Oct 30, 2019 7:52 Post subject:
yep VPN on R7000 (depends from encryption) you will get
around 40Mbit max....
Bett use VPN on PC level instead...
Once you feel more confident with DDWRT, you can click on the red link in my sig to harden DNS over TLS..... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
The best bet would be a subscription to OpenDNS or Cisco Umbrella which would allow you to block specific site categories via DNS. The challenge here is that in order to apply the policy that you have specifically configured, this is normally achieved via verifying your public IP address. Therefore you may wish to use a VPN service that will allow you to pick a static IP address, for example PIA. Or use an OpenDNS/Umbrella subscription that supports the roaming client - which will tunnel your DNS traffic to Umbrella regardless of external IP presented.
Should have gone with a VPN provider that supports wireguard client running on a router.
Even from a R7000 it will run pretty fast giving you a good throughput.
Be aware that you can only get supported geolocation services through the VPN if you use there DNS or the services will detect a DNS leak. E.g. BBC iPlayer or say DAZN, FuboTV etc etc etc.
Hope this helps _________________ Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
No one can build you the bridge on which you, and only you, must cross the river of life!