host and connect to IKEv2 or OpenVPN, best approach?

Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Author Message
Mrgianlu
DD-WRT Novice


Joined: 22 Mar 2022
Posts: 15

PostPosted: Tue Mar 29, 2022 14:53    Post subject: host and connect to IKEv2 or OpenVPN, best approach? Reply with quote
Hi, I am trying to connect 2 places
-hosting VPN in country A
-connecting to it in country B


Last week I was in country B, I bought a Linksys WRT3200ACM, cascade connected it to the ISP router (FritzBox), after a couple of days I was able to setup a fully working connection, without DNS Leaks, connected to ProtonVPN directly in the router.
So the "client" part is almost done I would say, I'll just need to change the ProtonVPN details with my privately hosted VPN.


This week I am in country A
The ISP router enables the opportunity to host a private DNS with the ip address to make the VPN host setup easier (even though the IP will change, the address name will be the same, like myname.myrouter.com will always resolve to my real IP).
The ISP router also enables the opportunity to host a VPN server, only with L2TP protocol, that unfortunately feels a bit outdated and it seems Windows is not going to support it anymore in the future, while my Android12 device already don't support it natively anymore.

The reason seems to be some security issue with L2PT, while only IKEv2/IPSec seem to be supported.
OpenVPN seems to be slower than IKEv2.
Security and speed are big deals for me.

In order to connect my devices in country B to the router in country A the options I can see are the following:

-Buy a second WRT3200ACM to install in country A, flash DD-WRT, host a VPN with OpenVPN protocol. Connect to it as OpenVPN client in country B. Is this possible and supported by DD-WRT and Marvell (Host/Client with OpenVPN), will the speed be significantly lower than IKEv2 or are we speaking about something a user barely could see?

-Buy a second WRT3200ACM to install in country A, flash DD-WRT, host a VPN with IKEv2 Protocol. Connect to it with the router in country B. Is this supported? I failed to find documentation about IKEv2 Protocol Host/Client in DD-WRT and specially in Marvell page

-Don't buy a second device, host the VPN with L2TP with the ISP router in country A and try to connect to it with the WRT3200ACM with DD-WRT device in country B. Will security be a significant issue here? I am specially interested in not leaking the real location of the device in country B, leaking the real IP, DNS, ISP...


Sorry if it was a lot of text, but I'd like some guidance if possible in order to avoid buying a second device, money is not a problem if everything will be running smoothly and securely, but it's kind of a big waste if it won't work.

The fact that the protocols are not supported natively by win or android don't really bother me as I will connect to the VPN with the router, it just feels a bit of a red flag in term of security/speed.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12855
Location: Netherlands

PostPosted: Tue Mar 29, 2022 15:04    Post subject: Reply with quote
What build are you using?

Current build is 48567.

If speed and security are important I would buy a second router and use WireGuard, it is 3 times faster than OpenVPN, but that is just my opinion Smile

OpenVPN guides and WireGuard guides are stickies in the Advanced networking forum

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Mrgianlu
DD-WRT Novice


Joined: 22 Mar 2022
Posts: 15

PostPosted: Tue Mar 29, 2022 15:22    Post subject: Reply with quote
r48540 on the previous router, will make sure to upgrade as soon as I'll be back in country B. If I am going to buy another device for country A, then of course I am going to install the latest one. Without an automatic update system, it is quite difficult keeping up with updates 3 days apart.

Wireguard is another great option if it is fully supported then it definitely makes sense. I'll buy a second device then and try to set this up, thank you for your input.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12855
Location: Netherlands

PostPosted: Tue Mar 29, 2022 16:00    Post subject: Reply with quote
WireGuard is fully supported Smile

The main (family) router I upgrade about 4-5 times a year.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum