Posted: Tue Mar 29, 2022 14:53 Post subject: host and connect to IKEv2 or OpenVPN, best approach?
Hi, I am trying to connect 2 places
-hosting VPN in country A
-connecting to it in country B
Last week I was in country B, I bought a Linksys WRT3200ACM, cascade connected it to the ISP router (FritzBox), after a couple of days I was able to setup a fully working connection, without DNS Leaks, connected to ProtonVPN directly in the router.
So the "client" part is almost done I would say, I'll just need to change the ProtonVPN details with my privately hosted VPN.
This week I am in country A
The ISP router enables the opportunity to host a private DNS with the ip address to make the VPN host setup easier (even though the IP will change, the address name will be the same, like myname.myrouter.com will always resolve to my real IP).
The ISP router also enables the opportunity to host a VPN server, only with L2TP protocol, that unfortunately feels a bit outdated and it seems Windows is not going to support it anymore in the future, while my Android12 device already don't support it natively anymore.
The reason seems to be some security issue with L2PT, while only IKEv2/IPSec seem to be supported.
OpenVPN seems to be slower than IKEv2.
Security and speed are big deals for me.
In order to connect my devices in country B to the router in country A the options I can see are the following:
-Buy a second WRT3200ACM to install in country A, flash DD-WRT, host a VPN with OpenVPN protocol. Connect to it as OpenVPN client in country B. Is this possible and supported by DD-WRT and Marvell (Host/Client with OpenVPN), will the speed be significantly lower than IKEv2 or are we speaking about something a user barely could see?
-Buy a second WRT3200ACM to install in country A, flash DD-WRT, host a VPN with IKEv2 Protocol. Connect to it with the router in country B. Is this supported? I failed to find documentation about IKEv2 Protocol Host/Client in DD-WRT and specially in Marvell page
-Don't buy a second device, host the VPN with L2TP with the ISP router in country A and try to connect to it with the WRT3200ACM with DD-WRT device in country B. Will security be a significant issue here? I am specially interested in not leaking the real location of the device in country B, leaking the real IP, DNS, ISP...
Sorry if it was a lot of text, but I'd like some guidance if possible in order to avoid buying a second device, money is not a problem if everything will be running smoothly and securely, but it's kind of a big waste if it won't work.
The fact that the protocols are not supported natively by win or android don't really bother me as I will connect to the VPN with the router, it just feels a bit of a red flag in term of security/speed.
r48540 on the previous router, will make sure to upgrade as soon as I'll be back in country B. If I am going to buy another device for country A, then of course I am going to install the latest one. Without an automatic update system, it is quite difficult keeping up with updates 3 days apart.
Wireguard is another great option if it is fully supported then it definitely makes sense. I'll buy a second device then and try to set this up, thank you for your input.