Joined: 18 Mar 2014 Posts: 12913 Location: Netherlands
Posted: Mon Sep 14, 2020 17:14 Post subject:
Their support sucks big time.
Their current setup guide is not only outdated it is wrong.
I contacted them and explained to them what is wrong and that I was willing to provide a working one (for free mind you) (which you fortunately found ) but they were not interested.
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Mon Sep 14, 2020 20:36 Post subject:
well...so far still useful to use stub resolvers or DNSCrypt..probb Unbound and SmartDNS(DoT) too...
as they go inside the VPN channel stealthy
otherwise if PIA fksup badly, ive 1 more year to go... hope not, so far they are solid, but their guide is a total mess... god bless egc for his useful guides... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 18 Oct 2016 Posts: 96 Location: Copenhagen, Denmark
Posted: Tue Sep 15, 2020 18:03 Post subject:
egc wrote:
Edit: @Alozoros was just ahead of me and basically telling the same
Now on to your questions
DNSmasq is using servers from resolv.dnsmasq you can specify additional server like:
server=9.9.9.9
But that does not stop DNSMAsq to read resolv.dnsmasq.
For that you have to add:
no-resolv
Thanks egc and Alozoros!
I finally figured it out and I'm embarrassed to say that it was an error 40.
I don't know why I keep forgetting that DNS servers are stored in cache and this cache wasn't flushed. That meant that I kept getting wrong DNS servers because I changed the DD-WRT settings all the time.
In the end I used an old computer (new to the network) to verify all the settings.
Basically there was nothing wrong with the settings I posted.
The main point for achieving what I wanted (PBR) was to make sure no servers were pushed from PIA:
Code:
pull-filter ignore "dhcp-option DNS" # If not used ALL DNS servers default to the ones pushed by PIA (global DNS requests through PIA DNS)
But thanks for struggling with me - I guess I still have a lot to learn about DNSMasq and the workings of DD-WRT. _________________ /Søren
Netgear Nighthawk X4S (R7800 ver. 1) | Atheros/Qualcomm(ARMv7) | IPQ8065 dual-core 1.7 GHz | AC2600 | 512 MB RAM | 128 MB FLASH | 128 KB NVRAM
Firmware: DD-WRT v3.0-r55109 std (02/09/24)
Install guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Joined: 18 Oct 2016 Posts: 96 Location: Copenhagen, Denmark
Posted: Tue Oct 27, 2020 12:12 Post subject: Speedtest...
I have come about a new Android client and tried speedtesting it.
When using PBR on the router (VPN on the router) and not connecting the VPN-client on the Android client I get around 30 Mbps downstream.
When not using PBR on the router (direct) and connecting the VPN-client on the Android client I get around 70 Mbps downstream.
So, half of the bandwith by using the VPN client on the router. My total downstream bandwith is 300 Mbps. Upstream bandwith is at 90% of total, regardless.
I have tried different servers and DNS on the router but the speed remains half.
I prefer PIA-servers in the Netherlands but apparently there are at least two NS: nl-amsterdam.privacy.network and the one used in the guide - nl.privacy.network.
Joined: 18 Oct 2016 Posts: 96 Location: Copenhagen, Denmark
Posted: Tue Oct 27, 2020 13:08 Post subject:
egc wrote:
VPN speed is CPU intensive so dependant on router used (and how the router is taxed)
I mostly use WireGuard which is about 3 times faster
About PIA servers ask PIA
I canceled my subscription no WireGuard on the router (yet, they have been promising it) and bad support
OK, but on my old router (DIR-825) I used to register around 70 Mbps (old servers). This router should be able to do better than 30 Mbps. Probably something to do with the new servers... _________________ /Søren
Netgear Nighthawk X4S (R7800 ver. 1) | Atheros/Qualcomm(ARMv7) | IPQ8065 dual-core 1.7 GHz | AC2600 | 512 MB RAM | 128 MB FLASH | 128 KB NVRAM
Firmware: DD-WRT v3.0-r55109 std (02/09/24)
Install guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Joined: 18 Mar 2014 Posts: 12913 Location: Netherlands
Posted: Tue Oct 27, 2020 13:12 Post subject:
a15995 wrote:
egc wrote:
VPN speed is CPU intensive so dependant on router used (and how the router is taxed)
I mostly use WireGuard which is about 3 times faster
About PIA servers ask PIA
I canceled my subscription no WireGuard on the router (yet, they have been promising it) and bad support
OK, but on my old router (DIR-825) I used to register around 70 Mbps (old servers). This router should be able to do better than 30 Mbps. Probably something to do with the new servers...
Joined: 18 Oct 2016 Posts: 96 Location: Copenhagen, Denmark
Posted: Wed Oct 28, 2020 12:38 Post subject:
egc wrote:
a15995 wrote:
egc wrote:
VPN speed is CPU intensive so dependant on router used (and how the router is taxed)
I mostly use WireGuard which is about 3 times faster
About PIA servers ask PIA
I canceled my subscription no WireGuard on the router (yet, they have been promising it) and bad support
OK, but on my old router (DIR-825) I used to register around 70 Mbps (old servers). This router should be able to do better than 30 Mbps. Probably something to do with the new servers...
As far as I know the DIR 825 has a single core Atheros CPU at around 600 MHz, 70 Mb/s running VPN seems higher than expected
I've had some help from PIA and managed to achieve 74 Mbps (peaking at 80 Mbps) downstream and 56 Mbps upstream with DD-WRT. This is with a capacity of max 110 Mbps (wireless 5 Ghz). So around 70% down and close to 90% up. This is roughly the same result the client gets when connected through the Android app.
This is what I've changed/added:
Code:
Compression: Adaptive
MTU: 1438
Additional Config:
sndbuf 393216
rcvbuf 393216
I also changed the name of the server to an IP to prevent DNS lookup errors. This didn't do much for the speed though.
I could probably tune it even more but right now I'm pretty pleased with gaining more than 100% from the outset... _________________ /Søren
Netgear Nighthawk X4S (R7800 ver. 1) | Atheros/Qualcomm(ARMv7) | IPQ8065 dual-core 1.7 GHz | AC2600 | 512 MB RAM | 128 MB FLASH | 128 KB NVRAM
Firmware: DD-WRT v3.0-r55109 std (02/09/24)
Install guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Joined: 18 Oct 2016 Posts: 96 Location: Copenhagen, Denmark
Posted: Wed Nov 04, 2020 9:28 Post subject: Old router as Wireguard client/proxy...
Hello egc and others!
Just a quick question - would it make sense to use my old DIR-825 as a Wireguard proxy to a cloud PiHole? I mean, I could decentralize the processing power to a 680 Mhz single core CPU on that old thing...
I realize that I would encounter some bridging challenges but is it worth the while?
I would set the DIR-825 up as non-DHCP and connect it to a LAN-port. DD-WRT would be set up as minimum as possible (build?).
The main challenge in this setup would be how to connect to the internet - can DNS requests be sent back through my R7800 to the internet or should both devices be connected directly to the internet (I have a modem with multiple ports but my provider would probably only allow one connection at a time)?
Joined: 18 Mar 2014 Posts: 12913 Location: Netherlands
Posted: Wed Nov 04, 2020 9:36 Post subject: Re: Old router as Wireguard client/proxy...
a15995 wrote:
Hello egc and others!
Just a quick question - would it make sense to use my old DIR-825 as a Wireguard proxy to a cloud PiHole? I mean, I could decentralize the processing power to a 680 Mhz single core CPU on that old thing...
I realize that I would encounter some bridging challenges but is it worth the while?
I would set the DIR-825 up as non-DHCP and connect it to a LAN-port. DD-WRT would be set up as minimum as possible (build?).
The main challenge in this setup would be how to connect to the internet - can DNS requests be sent back through my R7800 to the internet or should both devices be connected directly to the internet (I have a modem with multiple ports but my provider would probably only allow one connection at a time)?
Joined: 18 Oct 2016 Posts: 96 Location: Copenhagen, Denmark
Posted: Wed Nov 18, 2020 9:07 Post subject: Best practice - encryption and data ciphers...
Hello!
Does anyone know what to put in these (see attached) - new in OpenVPN 2.5.0 (DD-WRT r-44809 std)?
What is best practice and what do they mean? I have set mine as can be seen.
FYI: PIA has closed down the nl.privacy.network (92.119.179.123 - not responding) - use nl-amsterdam.privacy.network (143.244.43.71) instead (seems a bit slower though)...