Joined: 07 Jun 2007 Posts: 244 Location: La Paz, Bolivia
Posted: Sat Dec 18, 2021 0:07 Post subject: VPN solution for my home network?? - recommendation [HELP]
Hello friends, I want to install a vpn in my house because I have been using zerotier on my computers and I have had good results but now I want something more... 'robust better and more scalable and easy'
some of the things i have thought that it must have is this...
1st: have better security of my devices including my cell phones.
2nd: avoid the security or blocking rules that different pages have in my country (bolivia) mostly of xchanges for my tradings, using an external IP from another country (example usa)
3rd: have connected all my devices, my local network in my house and those off my local network and my workteam in other countries; all of that as if it were in a local network to use the shared folders and printers, share devices, fast and safely (like a tunnel network)
4th: a solution with android clients for my cell phones and tablets and other devices when I am on the street or outside the local network
5th: quick and easy to install on my DDWRT router (netgear R9000) avoiding having to install and configure a client on each device and that any new device connected to my local network through my DDWRT router is automatically within my VPN network
6th: good nice and cheap
with zerotier I only have the points 3 and 4 partially covered
I have seen some like
XpressVpn
NordVpn
OpenVpn
What do you think? can you advise me on one according to experience? _________________ Fiber Modem/Router: ZTE-ZXHN F670L ►►►►►► Internet 1
2G,3G,4G Modem: Amplimax FIT Elsys EPRL18 ►► Internet 2 (failover)
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sat Dec 18, 2021 11:34 Post subject:
I use PIA, they have great deals, security is excellent level as well no logs , most of the servers support chachapoly20 cypher, easy to set client on R9000, they have lots of servers world wide and they are quite flexible on options, have torrenting, port forward option and support up to 5 devices at same time, that could be an extra...they also have Wireguard support, but i haven't seen it down to router level yet...but its close to mind they will implement a guide soon...
I did a bit of research, among the other VPN's and choose them by that time...of course you will hear a lots of drama on their address and so on...so far im satisfied...
Down side is, their first password is on plain text over your email, than you have to change it immediately, also their customer service is a bit of a Russian roulette, not always that helpful due to a different level of knowledge among those they provide it... Their DDWRT set up guide is outdated...but egc did a great guide that still works...as well i can help you too...
The other VPN i was keen about, was https://www.ivpn.net/, but by that time PIA had a better price offer..and we had a forum members that used PIA too... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 07 Jun 2007 Posts: 244 Location: La Paz, Bolivia
Posted: Sat Dec 18, 2021 14:00 Post subject:
ok I have been looking for information and I have seen that there is a new protocol based on wireguard in the 2 'most' important VPNs such as NordVpn and ExpressVpn
i think i'll get the nordvpn for their
double vpn,
split tunneling,
private ip, and
and its wireguard nordlynx protocol that frankly I have not yet been able to see and be sure if that NORDLYNX protocol can be configured in the ddwrt router and it would help me if someone with that vpn could get me out of my doubts
However, surfshark catches my attention because of all of them I have seen that it has the best performance in upload speeds and that is important to me because I do a lot of streaming with OBS and I don't want it to lower my upload speed, which is already a little low (7mbs) bscare what other things this VPN has and if it supports ddwrt _________________ Fiber Modem/Router: ZTE-ZXHN F670L ►►►►►► Internet 1
2G,3G,4G Modem: Amplimax FIT Elsys EPRL18 ►► Internet 2 (failover)
Joined: 07 Jun 2007 Posts: 244 Location: La Paz, Bolivia
Posted: Sat Dec 18, 2021 14:06 Post subject:
Alozaros wrote:
I use PIA, they have great deals, security is excellent level as well no logs , most of the servers support chachapoly20 cypher, easy to set client on R9000, they have lots of servers world wide and they are quite flexible on options, have torrenting, port forward option and support up to 5 devices at same time, that could be an extra...they also have Wireguard support, but i haven't seen it down to router level yet...but its close to mind they will implement a guide soon...
ok i will check it up because my list of vpn to consider currently is 1st nordvpn, 2nd expressvpn, 3rd surfshark and now PIA thanks for the recommendation However, I am looking for it to have support for ddwrt to avoid having to configure all my computers on my local network and other countries for that _________________ Fiber Modem/Router: ZTE-ZXHN F670L ►►►►►► Internet 1
2G,3G,4G Modem: Amplimax FIT Elsys EPRL18 ►► Internet 2 (failover)
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Sat Dec 18, 2021 16:50 Post subject:
And don't get too excited about all the VPN-comparison sites online. The top-rated VPNs are top rated because they pay, one way or another, for those ratings. Most of the actual online evaluations, including of speeds, are borderline incompetent and include many errors. At best they can compare features advertised on the provider sites, but sometimes the numbers in the comparisons, for example the numbers of allowed simultaneous connections or countries or servers, are out of date. Don't be impressed by huge numbers of servers. It's simply not important.
If your upload speeds are now 7 Mbps, you don't need to search for a fast VPN to maintain that speed. Any provider can handle that speed.
Be sure you review the dd-wrt OpenVPN and wireguard guides, especially the ones specific to certain providers, in the stickies at the top of the Advanced Networking forum. If you want to set up the VPN on your router, having a recent guide from the dd-wrt community for that specific provider is perhaps your most important consideration.
@blkt mentioned mullvad above. I have a lot of respect for their operation. Unlike the ones you named, mullvad (mullvad.net) appears to invest more in their network than in marketing efforts. Personally I use AirVPN (airvpn.org), in my routers. They do not advertise or pay for placement in comparison guides. But my AirVPN setup guide for dd-wrt is out of date. My guide is for older dd-wrt builds that use OpenVPN version 2.4, but dd-wrt now uses OpenVPN 2.5, and some things have changed. @egc's OpenVPN guide (Advanced Networking sticky) offers some guidance on what those changes are. My guide's discussion of the MTU and mssfix settings are also a bit weak. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 07 Jun 2007 Posts: 244 Location: La Paz, Bolivia
Posted: Sat Dec 18, 2021 17:26 Post subject:
egc wrote:
Be sure to check if they support WG on the router (NordVPN does not, it can probably be done with a lot of trickery).
Note using a VPN provider, be it using WG or OpenVPN only gets you a connection to that provider it cannot be used to connect networks e.g. with your remote office.
let me see if I can understand you well, you mean that with these VPNs I could not connect my computers in another country and make a kind of 'private virtual local network' to share folders, drives, servers, printers etc as if we were all in the same room ? ...
Im looking for a VPN solution for my routers with standard/ddwrt/openwrt firmware to configure the vpn with the login passw etc in each router and have this scenario:
i want it all in the same network or subnet (currently I have it like this with zerotier but it's not very good)
and if nordVpn does not give access to his nordlynx on the router, it would be a great disappointment, hurts and pain, hopefully someone has been able to configure it on the router with their wineguard or nordlynx and has documented how to do it ... hopefully _________________ Fiber Modem/Router: ZTE-ZXHN F670L ►►►►►► Internet 1
2G,3G,4G Modem: Amplimax FIT Elsys EPRL18 ►► Internet 2 (failover)
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sat Dec 18, 2021 21:04 Post subject:
well..Tailscale works like Zerotier on router level so you can do some stiff like that..i did make a quick guide for Tailscale and posted in DDWRT but lost the link and abandon it as i don't need it that often, you need to find it..if you want to give it a try...i successfully connected my router to another router and to my phone and PC and another PC with it and was able to open SSH on the other router and update its firmware via Tailscale.....The thing is i don't know is how safe and sound is Tailscale to be used on router level, as Tailscale run's a process and opens ports that stay open and listen/advertise although communication is encrypted..
About VPN's PIA supports port forwarding, but you have to set up a server form your router side...and this thing you want, to connect all those places in one Virtual Network, you probably have to stick to another solution...you rather need a PC running server and some private WG or your own VPN server, but to route those networks to it its a bit of a task...But im not very acquainted in how to connect all those networks in one VPN server and make it possible to share stuff with DDWRT....in the way you want...
Those public VPN's are for general use and don't provide great flexibility on options...as well WG has far less options than OpenVPN, where WG is a touch better on speed...only... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 07 Jun 2007 Posts: 244 Location: La Paz, Bolivia
Posted: Sat Dec 18, 2021 21:46 Post subject:
Alozaros wrote:
...About VPN's to connect all those places in one Virtual Network, you probably have to stick to another solution...you rather need a PC running server and some private WG or your own VPN server, but to route those networks to it its a bit of a task...
ok ... then I think I'll look for a solution in fivver thanks to all
I thought I could do it myself but I think it seems to be more advanced ... _________________ Fiber Modem/Router: ZTE-ZXHN F670L ►►►►►► Internet 1
2G,3G,4G Modem: Amplimax FIT Elsys EPRL18 ►► Internet 2 (failover)
Joined: 13 Aug 2013 Posts: 6872 Location: Romerike, Norway
Posted: Sun Dec 19, 2021 11:00 Post subject:
royitoroy wrote:
let me see if I can understand you well, you mean that with these VPNs I could not connect my computers in another country and make a kind of 'private virtual local network' to share folders, drives, servers, printers etc as if we were all in the same room ? ...
Im looking for a VPN solution for my routers with standard/ddwrt/openwrt firmware to configure the vpn with the login passw etc in each router and have this scenario:
You don't need a provider for Site-site VPN. Configure Server at one end and client at the other.
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sun Dec 19, 2021 13:19 Post subject:
Per Yngve Berg wrote:
royitoroy wrote:
let me see if I can understand you well, you mean that with these VPNs I could not connect my computers in another country and make a kind of 'private virtual local network' to share folders, drives, servers, printers etc as if we were all in the same room ? ...
Im looking for a VPN solution for my routers with standard/ddwrt/openwrt firmware to configure the vpn with the login passw etc in each router and have this scenario:
You don't need a provider for Site-site VPN. Configure Server at one end and client at the other.
As my knowledge is not going that far....and there could be some obstacles....as you may not have a direct connection to certain networks (IP's)...Per Yngve Berg, how do you route those trough the VPN server/client...?
For example networks in UK do not see directly a networks in Greece and if i trace those networks they have a quite of a number of hops...
(out of the blue those didn't need routing with tailscale) ...
I really want to learn how to do this VPN server/client option for those type of networks too.....any guidance...??? _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 18 Mar 2014 Posts: 12922 Location: Netherlands
Posted: Sun Dec 19, 2021 13:32 Post subject:
We are going slightly off-topic but a site-site setup both for WireGuard and OpenVPN are in the docs.
For WireGuard in the Advanced setup guide even between 3 sites (works the same as for OpenVPN) but that needs a lot of setup/maintenance and you must have one central server (If I would have to do it I would setup a central server in the cloud)
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sun Dec 19, 2021 15:14 Post subject:
egc wrote:
We are going slightly off-topic but a site-site setup both for WireGuard and OpenVPN are in the docs.
For WireGuard in the Advanced setup guide even between 3 sites (works the same as for OpenVPN) but that needs a lot of setup/maintenance and you must have one central server (If I would have to do it I would setup a central server in the cloud)
But the OP wanted a simple solution.
In his case I would use tailscale or zerotier.
Entware has a zerotier and tailscale package available to setup on the router
yep thanks to your great guides, i managed to luch a VPN server and use client to connect...however in the OP and one of my scenarios where i had networks that are not directly visible...i didn't make it that far...i need to have a deep look again...
and once again with that guide i posted, tailscale works ok on DDWRT......while for zerotier all my attempts to run it router level ware 'nada'...and not much info about it..well, by that time i tried...
for tailscale https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=330217 _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913