VPN solution for my home network?? - recommendation [HELP]

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Goto page 1, 2  Next
Author Message
royitoroy
DD-WRT User


Joined: 07 Jun 2007
Posts: 244
Location: La Paz, Bolivia

PostPosted: Sat Dec 18, 2021 0:07    Post subject: VPN solution for my home network?? - recommendation [HELP] Reply with quote
Hello friends, I want to install a vpn in my house because I have been using zerotier on my computers and I have had good results but now I want something more... 'robust better and more scalable and easy'

some of the things i have thought that it must have is this...

1st: have better security of my devices including my cell phones.
2nd: avoid the security or blocking rules that different pages have in my country (bolivia) mostly of xchanges for my tradings, using an external IP from another country (example usa)
3rd: have connected all my devices, my local network in my house and those off my local network and my workteam in other countries; all of that as if it were in a local network to use the shared folders and printers, share devices, fast and safely (like a tunnel network)
4th: a solution with android clients for my cell phones and tablets and other devices when I am on the street or outside the local network
5th: quick and easy to install on my DDWRT router (netgear R9000) avoiding having to install and configure a client on each device and that any new device connected to my local network through my DDWRT router is automatically within my VPN network
6th: good nice and cheap


with zerotier I only have the points 3 and 4 partially covered

I have seen some like
XpressVpn
NordVpn
OpenVpn

What do you think? can you advise me on one according to experience?

_________________

Fiber Modem/Router: ZTE-ZXHN F670L ►►►►►► Internet 1
2G,3G,4G Modem: Amplimax FIT Elsys EPRL18 ►► Internet 2
(failover)

MAINROUTER:
Raspberry PI 4 ►► OpenWrt 19.07.8

Load Balancer, Failover, Vlans, QoS, DHCP.

AP 1:
NETGEAR NIGTHAWK R9000 ►► DD-WRT v3.0-r47510 std

Vanilla, 2.4Ghz, 5Ghz, WPA2, Sharing USB Printer, Wired OpenMediaVault Data Server.
AP 2:
TP-LINK ARCHER AC1750 C7 v2 ►► DD-WRT v3.0-r47225 std
AP 3 & 4
TP-LINK ARCHER AC1750 A7 v5.6 ►► DD-WRT v3.0-r47282 std


Tutorials & WikisDownload FirmwaresBest Wifi SettingsComplete Guide Wifi
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Sat Dec 18, 2021 11:34    Post subject: Reply with quote
I use PIA, they have great deals, security is excellent level as well no logs , most of the servers support chachapoly20 cypher, easy to set client on R9000, they have lots of servers world wide and they are quite flexible on options, have torrenting, port forward option and support up to 5 devices at same time, that could be an extra...they also have Wireguard support, but i haven't seen it down to router level yet...but its close to mind they will implement a guide soon...

I did a bit of research, among the other VPN's and choose them by that time...of course you will hear a lots of drama on their address and so on...so far im satisfied...

Down side is, their first password is on plain text over your email, than you have to change it immediately, also their customer service is a bit of a Russian roulette, not always that helpful due to a different level of knowledge among those they provide it... Their DDWRT set up guide is outdated...but egc did a great guide that still works...as well i can help you too...

The other VPN i was keen about, was https://www.ivpn.net/, but by that time PIA had a better price offer..and we had a forum members that used PIA too...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
royitoroy
DD-WRT User


Joined: 07 Jun 2007
Posts: 244
Location: La Paz, Bolivia

PostPosted: Sat Dec 18, 2021 14:00    Post subject: Reply with quote
ok I have been looking for information and I have seen that there is a new protocol based on wireguard in the 2 'most' important VPNs such as NordVpn and ExpressVpn















i think i'll get the nordvpn for their
double vpn,
split tunneling,
private ip, and
and its wireguard nordlynx protocol that frankly I have not yet been able to see and be sure if that NORDLYNX protocol can be configured in the ddwrt router and it would help me if someone with that vpn could get me out of my doubts

However, surfshark catches my attention because of all of them I have seen that it has the best performance in upload speeds and that is important to me because I do a lot of streaming with OBS and I don't want it to lower my upload speed, which is already a little low (7mbs) bscare what other things this VPN has and if it supports ddwrt

_________________

Fiber Modem/Router: ZTE-ZXHN F670L ►►►►►► Internet 1
2G,3G,4G Modem: Amplimax FIT Elsys EPRL18 ►► Internet 2
(failover)

MAINROUTER:
Raspberry PI 4 ►► OpenWrt 19.07.8

Load Balancer, Failover, Vlans, QoS, DHCP.

AP 1:
NETGEAR NIGTHAWK R9000 ►► DD-WRT v3.0-r47510 std

Vanilla, 2.4Ghz, 5Ghz, WPA2, Sharing USB Printer, Wired OpenMediaVault Data Server.
AP 2:
TP-LINK ARCHER AC1750 C7 v2 ►► DD-WRT v3.0-r47225 std
AP 3 & 4
TP-LINK ARCHER AC1750 A7 v5.6 ►► DD-WRT v3.0-r47282 std


Tutorials & WikisDownload FirmwaresBest Wifi SettingsComplete Guide Wifi
royitoroy
DD-WRT User


Joined: 07 Jun 2007
Posts: 244
Location: La Paz, Bolivia

PostPosted: Sat Dec 18, 2021 14:06    Post subject: Reply with quote
Alozaros wrote:
I use PIA, they have great deals, security is excellent level as well no logs , most of the servers support chachapoly20 cypher, easy to set client on R9000, they have lots of servers world wide and they are quite flexible on options, have torrenting, port forward option and support up to 5 devices at same time, that could be an extra...they also have Wireguard support, but i haven't seen it down to router level yet...but its close to mind they will implement a guide soon...


ok i will check it up because my list of vpn to consider currently is 1st nordvpn, 2nd expressvpn, 3rd surfshark and now PIA thanks for the recommendation However, I am looking for it to have support for ddwrt to avoid having to configure all my computers on my local network and other countries for that

_________________

Fiber Modem/Router: ZTE-ZXHN F670L ►►►►►► Internet 1
2G,3G,4G Modem: Amplimax FIT Elsys EPRL18 ►► Internet 2
(failover)

MAINROUTER:
Raspberry PI 4 ►► OpenWrt 19.07.8

Load Balancer, Failover, Vlans, QoS, DHCP.

AP 1:
NETGEAR NIGTHAWK R9000 ►► DD-WRT v3.0-r47510 std

Vanilla, 2.4Ghz, 5Ghz, WPA2, Sharing USB Printer, Wired OpenMediaVault Data Server.
AP 2:
TP-LINK ARCHER AC1750 C7 v2 ►► DD-WRT v3.0-r47225 std
AP 3 & 4
TP-LINK ARCHER AC1750 A7 v5.6 ►► DD-WRT v3.0-r47282 std


Tutorials & WikisDownload FirmwaresBest Wifi SettingsComplete Guide Wifi
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Sat Dec 18, 2021 14:24    Post subject: Reply with quote
Be sure to check if they support WG on the router (NordVPN does not, it can probably be done with a lot of trickery).

Note using a VPN provider, be it using WG or OpenVPN only gets you a connection to that provider it cannot be used to connect networks e.g. with your remote office.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Sat Dec 18, 2021 15:10    Post subject: Reply with quote
Mullvad supports WireGuard on the router, so worth adding to a comparison list.
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1444
Location: Appalachian mountains, USA

PostPosted: Sat Dec 18, 2021 16:50    Post subject: Reply with quote
And don't get too excited about all the VPN-comparison sites online. The top-rated VPNs are top rated because they pay, one way or another, for those ratings. Most of the actual online evaluations, including of speeds, are borderline incompetent and include many errors. At best they can compare features advertised on the provider sites, but sometimes the numbers in the comparisons, for example the numbers of allowed simultaneous connections or countries or servers, are out of date. Don't be impressed by huge numbers of servers. It's simply not important.

If your upload speeds are now 7 Mbps, you don't need to search for a fast VPN to maintain that speed. Any provider can handle that speed.

Be sure you review the dd-wrt OpenVPN and wireguard guides, especially the ones specific to certain providers, in the stickies at the top of the Advanced Networking forum. If you want to set up the VPN on your router, having a recent guide from the dd-wrt community for that specific provider is perhaps your most important consideration.

@blkt mentioned mullvad above. I have a lot of respect for their operation. Unlike the ones you named, mullvad (mullvad.net) appears to invest more in their network than in marketing efforts. Personally I use AirVPN (airvpn.org), in my routers. They do not advertise or pay for placement in comparison guides. But my AirVPN setup guide for dd-wrt is out of date. My guide is for older dd-wrt builds that use OpenVPN version 2.4, but dd-wrt now uses OpenVPN 2.5, and some things have changed. @egc's OpenVPN guide (Advanced Networking sticky) offers some guidance on what those changes are. My guide's discussion of the MTU and mssfix settings are also a bit weak.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
royitoroy
DD-WRT User


Joined: 07 Jun 2007
Posts: 244
Location: La Paz, Bolivia

PostPosted: Sat Dec 18, 2021 17:26    Post subject: Reply with quote
egc wrote:
Be sure to check if they support WG on the router (NordVPN does not, it can probably be done with a lot of trickery).

Note using a VPN provider, be it using WG or OpenVPN only gets you a connection to that provider it cannot be used to connect networks e.g. with your remote office.


Shocked let me see if I can understand you well, you mean that with these VPNs I could not connect my computers in another country and make a kind of 'private virtual local network' to share folders, drives, servers, printers etc as if we were all in the same room ? ...

Im looking for a VPN solution for my routers with standard/ddwrt/openwrt firmware to configure the vpn with the login passw etc in each router and have this scenario:

place 1 Bolivia
ddwrt firmw - 20 devices, 12 shared folders, 2 printers

place 2 Venezuela
tplink standard firmw - 4 devices, 4 shared folders, 1 printer

place 3 Pakistan
openwrt firmw - 3 devices, 2 shared folders

place 4 Mexico
ddwrt firmw - 5 devices, 4 Shared Folders

i want it all in the same network or subnet (currently I have it like this with zerotier but it's not very good)


and if nordVpn does not give access to his nordlynx on the router, it would be a great disappointment, hurts and pain, hopefully someone has been able to configure it on the router with their wineguard or nordlynx and has documented how to do it ... hopefully

_________________

Fiber Modem/Router: ZTE-ZXHN F670L ►►►►►► Internet 1
2G,3G,4G Modem: Amplimax FIT Elsys EPRL18 ►► Internet 2
(failover)

MAINROUTER:
Raspberry PI 4 ►► OpenWrt 19.07.8

Load Balancer, Failover, Vlans, QoS, DHCP.

AP 1:
NETGEAR NIGTHAWK R9000 ►► DD-WRT v3.0-r47510 std

Vanilla, 2.4Ghz, 5Ghz, WPA2, Sharing USB Printer, Wired OpenMediaVault Data Server.
AP 2:
TP-LINK ARCHER AC1750 C7 v2 ►► DD-WRT v3.0-r47225 std
AP 3 & 4
TP-LINK ARCHER AC1750 A7 v5.6 ►► DD-WRT v3.0-r47282 std


Tutorials & WikisDownload FirmwaresBest Wifi SettingsComplete Guide Wifi
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Sat Dec 18, 2021 21:04    Post subject: Reply with quote
well..Tailscale works like Zerotier on router level so you can do some stiff like that..i did make a quick guide for Tailscale and posted in DDWRT but lost the link and abandon it as i don't need it that often, you need to find it..if you want to give it a try...i successfully connected my router to another router and to my phone and PC and another PC with it and was able to open SSH on the other router and update its firmware via Tailscale.....The thing is i don't know is how safe and sound is Tailscale to be used on router level, as Tailscale run's a process and opens ports that stay open and listen/advertise although communication is encrypted.. Razz

About VPN's PIA supports port forwarding, but you have to set up a server form your router side...and this thing you want, to connect all those places in one Virtual Network, you probably have to stick to another solution...you rather need a PC running server and some private WG or your own VPN server, but to route those networks to it its a bit of a task...But im not very acquainted in how to connect all those networks in one VPN server and make it possible to share stuff with DDWRT....in the way you want...

Those public VPN's are for general use and don't provide great flexibility on options...as well WG has far less options than OpenVPN, where WG is a touch better on speed...only...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
royitoroy
DD-WRT User


Joined: 07 Jun 2007
Posts: 244
Location: La Paz, Bolivia

PostPosted: Sat Dec 18, 2021 21:46    Post subject: Reply with quote
Alozaros wrote:
...About VPN's to connect all those places in one Virtual Network, you probably have to stick to another solution...you rather need a PC running server and some private WG or your own VPN server, but to route those networks to it its a bit of a task...


ok ... then I think I'll look for a solution in fivver Sad thanks to all

I thought I could do it myself but I think it seems to be more advanced ...

_________________

Fiber Modem/Router: ZTE-ZXHN F670L ►►►►►► Internet 1
2G,3G,4G Modem: Amplimax FIT Elsys EPRL18 ►► Internet 2
(failover)

MAINROUTER:
Raspberry PI 4 ►► OpenWrt 19.07.8

Load Balancer, Failover, Vlans, QoS, DHCP.

AP 1:
NETGEAR NIGTHAWK R9000 ►► DD-WRT v3.0-r47510 std

Vanilla, 2.4Ghz, 5Ghz, WPA2, Sharing USB Printer, Wired OpenMediaVault Data Server.
AP 2:
TP-LINK ARCHER AC1750 C7 v2 ►► DD-WRT v3.0-r47225 std
AP 3 & 4
TP-LINK ARCHER AC1750 A7 v5.6 ►► DD-WRT v3.0-r47282 std


Tutorials & WikisDownload FirmwaresBest Wifi SettingsComplete Guide Wifi
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6856
Location: Romerike, Norway

PostPosted: Sun Dec 19, 2021 11:00    Post subject: Reply with quote
royitoroy wrote:


Shocked let me see if I can understand you well, you mean that with these VPNs I could not connect my computers in another country and make a kind of 'private virtual local network' to share folders, drives, servers, printers etc as if we were all in the same room ? ...

Im looking for a VPN solution for my routers with standard/ddwrt/openwrt firmware to configure the vpn with the login passw etc in each router and have this scenario:


You don't need a provider for Site-site VPN. Configure Server at one end and client at the other.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Sun Dec 19, 2021 13:19    Post subject: Reply with quote
Per Yngve Berg wrote:
royitoroy wrote:


Shocked let me see if I can understand you well, you mean that with these VPNs I could not connect my computers in another country and make a kind of 'private virtual local network' to share folders, drives, servers, printers etc as if we were all in the same room ? ...

Im looking for a VPN solution for my routers with standard/ddwrt/openwrt firmware to configure the vpn with the login passw etc in each router and have this scenario:


You don't need a provider for Site-site VPN. Configure Server at one end and client at the other.


As my knowledge is not going that far....and there could be some obstacles....as you may not have a direct connection to certain networks (IP's)...Per Yngve Berg, how do you route those trough the VPN server/client...?
For example networks in UK do not see directly a networks in Greece and if i trace those networks they have a quite of a number of hops...

(out of the blue those didn't need routing with tailscale) ...

I really want to learn how to do this VPN server/client option for those type of networks too.....any guidance...???

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Sun Dec 19, 2021 13:32    Post subject: Reply with quote
We are going slightly off-topic but a site-site setup both for WireGuard and OpenVPN are in the docs.

For WireGuard in the Advanced setup guide even between 3 sites (works the same as for OpenVPN) but that needs a lot of setup/maintenance and you must have one central server (If I would have to do it I would setup a central server in the cloud)

But the OP wanted a simple solution.

In his case I would use tailscale or zerotier.
Entware has a zerotier and tailscale package available to setup on the router

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Sun Dec 19, 2021 15:14    Post subject: Reply with quote
egc wrote:
We are going slightly off-topic but a site-site setup both for WireGuard and OpenVPN are in the docs.

For WireGuard in the Advanced setup guide even between 3 sites (works the same as for OpenVPN) but that needs a lot of setup/maintenance and you must have one central server (If I would have to do it I would setup a central server in the cloud)

But the OP wanted a simple solution.

In his case I would use tailscale or zerotier.
Entware has a zerotier and tailscale package available to setup on the router


yep thanks to your great guides, i managed to luch a VPN server and use client to connect...however in the OP and one of my scenarios where i had networks that are not directly visible...i didn't make it that far...i need to have a deep look again...

and once again with that guide i posted, tailscale works ok on DDWRT......while for zerotier all my attempts to run it router level ware 'nada'...and not much info about it..well, by that time i tried...

for tailscale
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=330217

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
DWCruiser
DD-WRT User


Joined: 15 Aug 2016
Posts: 223
Location: Melbourne, Australia

PostPosted: Tue Dec 21, 2021 2:46    Post subject: Reply with quote
place 1 Bolivia

place 2 Venezuela

place 3 Pakistan

place 4 Mexico

Can't help but thinking the common denominator of those four places is being on a transit route for drug trafficking! Very Happy

Sorry for being off-topic but a good laugh is needed in time of the pandemic with new restrictions under the Omicron variant.

Take care and have a safe & warm Christmas, everyone.

_________________
Life is a journey; travel alone makes it less enjoyable and lonely.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum