Comments
- This worked when even the tech support couldn't help, THANK YOU!!Not to look a gift horse in the mouth, but I find the speed decrease dramatic. Without VPN I'm getting consistent speeds of 40-60mbps (using speedtest.net). With the VPN (using a server closest to my actual location, with the lowest ping), I pull betwen 7-8mbps.I know using a VPN eats bandwidth, but is there any way to tweak this so the loss is not as significant. Though again, THANK YOU for posting this!!
- The speed decrease is probably more because of the limited processing power of the router than just it being a VPN connection. People using a VPN client on a PC don't report such low percentages.
- hi ,
I have hidemyass at the moment and am thinking about changing what would I have to do to my router it is a Linksys e3000 .
I am not good with these things so could you please be gentle lol
bambitova - Ditch HMA ASAP. They betray their customers when it suits them.
About the router though, if I recall correctly, that is just simply not going to work. I will have to look into this later to find some details of it, but I do not think it has the potency to run the mathematics of encryption at a reasonable pace.
((I have to sleep now. I will get back to you.) - Hi VPN and thank you for the feedback - much appreciated! I'm currently running a linksys wrt610n V.1. While it's by no means a new router, it should still have enough horsepower to run a VPN. However, I could be totally wrong, as I'm not up on my router knowledge.Knowing the router I have, do you think this would still cause issues? Are there newer, better routers out there more capable of running dd-wrt and VPN? I appreciate your input, and thanks again.
- OmniNegro is the resident router expert (please check out the router speeds thread, which has excellent measurements and graphs!), so I'll leave it to him.
OmniNegro is the resident router expert (please check out the router speeds thread, which has excellent measurements and graphs!), so I'll leave it to him.
The irony is that I own a router that is ancient. I made the OpenVPN Router Speeds thread to help clarify why routers cannot handle the mathematical overhead of encryption.
Thank you for the introduction @VPN.
As for routers capable of running DD-WRT and Tomato, there are quite a few. But you have to consider what your speed will plummet to if you rely on a router to handle this. For example, my ancient WRT54GL has a 200 Mhz CPU, and can manage no better than an average of 260 KiloBytes per second due to the overhead of the encryption.
That ratio of CPU to bandwidth seems to remain in place even for newer routers, so for every 100 Mhz of the CPU you can rely on about 130 KiloBytes per second. (And no, I am not using Kilobits per second. Everything we do relies upon bytes, so that is the measure best suited to this.)
A top of the line router at current, like the Asus AC68 series is a dual core 1 Ghz beast of a router. So that makes it capable of around 20 * 130 KiloBytes per second. (2.6 MB per second. And yes, that is MegaBytes, not MegaBits.)
If you look up your router and find the speed of the CPU you can reliably determine what it should deliver. Note that many of the bells and whistles will tax the CPU too, so the more things you disable, the faster the encryption will work.- Great info, sincere thanks to both VPN and OmniNegro, VERY much appreciated! Looks like I have some homework to do, which I love. I'm such a geek. Thanks again guys.
- Okay, much progress has been made, as well as the acquisition of a new Netgear Nighthawk AC1900 router, which has done wonders for my speed (I'll post updates in the other thread link provided). So here's where I'm at, but some background first:I'm running the Netgear router behind a verizon fios router. As I run a home theater server, I need to forward two ports. To do this, I have to assign a static IP to my netgear from my fios router. I also have to open the port on my fios router and assign it to the static ip of my netgear.Then, at the netgear router, I have to assign a static IP to my server / computer, and port forward same port to the IP address on my server / computer.Here's my issue: If I run your script (which runs perfectly), I can have VPN, but not port forwarding. If I successfully forward the port, your script does not run.It seems the 'switch' to turn each on or off, lies in my dd-wrt firmware on the netgear - if I have the WAN connection type set as 'auto config dhcp', your script will work. If the wan connection type is set to 'static IP', then the port forwarding works.Sorry, I know this likely sounds convoluted, and please let me know if you need clarification. If the above makes sense, do you have any ideas how I can 'have my cake and eat it too'? Would love to get both services running. Thank you again.
- Just for clarification, could you link/post again the script you're using?
Also, to have some services use the VPN and others not, you'll most likely need additional configuration for the routing. When connections to the two forwarded ports arrive on the fios link, the replies also need to be send over the fios link instead of the VPN. The default routing setup doesn't incorporate that, it would try to send everything through the VPN. - The script I'm using for the VPN? I'm using the exact text from the link P9 provided at the top of the page, with the exception of my username / password.For my setup, I'll outline it below to try to make sense of it, but it's admittedly, confusing at the best of times. Sorry for any fuzziness, I'm trying to find a way to describe it clearly:FIOS Router:*Starts the inbound chain with a cable feed into the router from verizon.*Assigns a static IP to the netgear router (192.168.1.2)*Port forwards 32400, and 23424, aiming at the netgear IP (192.168.1.2)Netgear Router (running DD-WRT):*Connected behind the FIOS router via ethernet cable*I assigned this router a local IP address of '192.168.0.1'. If I stayed with the typical '192.168.1.***', it would conflict with the FIOS router.*Assigns a static IP to the server PC (192.168.0.109)*Port forwards 32400 and 23424, aiming at the server PC (192.168.0.109)Ideally, I would like all services to use the vpn. Wouldn't replies from the forwarded ports (and all data) need to travel through both Netgear and FIOS? As I have every access point on my network attached to my netgear. Thanks again for the ongoing help - I'm learning a lot.
- The thing with the forwarded ports is, they are only available on your FIOS IP address. If your replies to these connection go through the VPN, they appear to be coming from a PIA IP address. That might be fine for UDP 'connections' (unless something filters answers from different IP addresses, like any NAT gateway does), but a TCP connection can not be established between different IP addresses.
If you absolutely need the your server to be reachable on 32400 and 23424, then these connections must be routed outside the VPN or you need to find a different VPN provider. It's not possible to have these on the VPN connection with PIA. - Thanks VPN, this makes sense. While I'm still working with the builder of the dd-wrt version I'm using, I'm not holding out much hope. I've switched instead to a dual network on 1 computer concept. Because I have two wireless cards installed in my server pc, and two routers, each running a separate network, I can run both simultaneously. I now just need to figure out how to run 2 instances of the media server, but am working with the developers on that one.Will continue to report back with my findings / successes / failures.
- In my limited experience, this is the only method I could get my DD-WRT router(R7000) working with PIA VPN. Unfortunately, I don't want my entire network on VPN. Currently working on a solution to do selective routing. But, thanks @P999999
I've read many users have trouble setting up the OpenVPN client on some DD-WRT flashed routers. There are DD-WRT builds that lack the ADVANCED OPTIONS button, here's my solution:
thanks for this. just 1 question can i change us-west.privateinternetaccess.com 1194 to a nother 1 if so where will i find them or will it make any difference to the script thanks again.1- Go to SETUP - BASIC SETUP - NETWORK ADDRESS SERVER SETTINGS (DHCP)Set Static DNS 2 to: 8.8.4.4or any other DNS servers you want.2- Set TIME SETTINGS to match your current location.Click SAVE - Click APPLY SETTINGS3- Go to SERVICES - VPNEnable OpenVPN Server (Just click the enable button, do nothing else). This step you can skip. It only serves the purpose of enabling OPENVPN STATUS so that you can see the current state and log of PIA OPENVPN CLIENT.Click APPLY SETTINGS4- Go to ADMINISTRATION - COMMANDSCopy - Paste the text from link below to commands, don't forget to edit Your_PIA_Username and Your_PIA_Password with your own credentials, if you want you can change the remote regional-gateway (us-west...) too:Click SAVE STARTUP5- Go to ADMINISTRATION - MANAGEMENTClick REBOOT ROUTER6- That should do it, from now on every device that gets a IP address from your router will go through PIA's VPN tunnel.As you can see, we did nothing to the OpenVPN client in SERVICES - VPN. The script takes care of that for us.- edited March 2014
thanks for this. just 1 question can i change us-west.privateinternetaccess.com 1194 to a nother 1 if so where will i find them or will it make any difference to the script thanks again.
yes you can, the whole list of gateways is listed on this page: https://www.privateinternetaccess.com/pages/client-support/.
thank you for that most helpful.thanks for this. just 1 question can i change us-west.privateinternetaccess.com 1194 to a nother 1 if so where will i find them or will it make any difference to the script thanks again.
yes you can, the whole list of gateways is listed on this page: https://www.privateinternetaccess.com/pages/client-support/.- Is there a way to add multiple servers? Below, I've commented out al but one, but is there a way for the router to randomly select between multiple servers each time a connection is requested?# Add - delete - edit servers between ##BB## and ##EE####BB### remote us-west.privateinternetaccess.com 1194# remote us-east.privateinternetaccess.com 1194# remote us-texas.privateinternetaccess.com 1194# remote us-california.privateinternetaccess.com 1194# remote us-florida.privateinternetaccess.com 1194##EE##
- Yes, you can have multiple remote lines, read the documentation for remote and remote-random. You might run into some problems when using user and/or group, as is mentioned there.
- Thanks a lot to p999999 !!! The script worked like a charm in my Linksys E1200 v2. By the way i don't see an impact in BW (I have a 6Mbps/2Mbps link), however this 300 Mhz router is really pushing it hard to manage OpenVPN, CPU avg 98% at full link throttle.
- edited March 2014
Thanks a lot to p999999 !!! The script worked like a charm in my Linksys E1200 v2. By the way i don't see an impact in BW (I have a 6Mbps/2Mbps link), however this 300 Mhz router is really pushing it hard to manage OpenVPN, CPU avg 98% at full link throttle.
Yeah, as far as routers go, only the fastest are up to the challenge of (Nearly.) full bandwidth in areas with true high-speeds. A $200 USD Asus AC68 is capable of roughly 48 megabits per second and is the best I know of that already has OpenVPN capacity in the firmware. (I think I already said most of that earlier in this very thread, forgive the duplicate information.)
I expect more parallel routers with quad core ARM CPUs in the 800-1200 Mhz range for around $200 USD in the next few years. That will be a thing of beauty. (I would expect such a router capable of around ~1500 KiloBytes per second if my obviously incorrect measure of ~130 Kilobytes per second per 100 Mhz were correct.)
So I guess I should ask around and see what a modern router is benchmarking at.
*Edit* Check the OpenVPN Router Speeds thread for the speeds to expect. - hello This worked great to get the OpenVPN working for my setup however I am still having issues where I become disconnected from the VPN and it will not reconnect to the serviceis there a way to program in a keepalive 'ping' to the VPN setup to keep my conneciton open or have it re establish the conneciton when it disconnects??currently the only way i've found to do this is to reboot the DD-WRT router. suggestions on ways to keep the connection live?
- DD-WRT should support keep-alive. If you don't see it in the configuration dialog, add it as custom option.
- not too familiar with command line editing to u mean just write something likekeepalive 90????
- The parameters you can use are
ping n - send a ping packet if no other data has been send since n seconds.
ping-restart n - reconnect if no data or ping has been received since n seconds
(There is a keepalive parameter, but it is an alias for the two above.)
The ping packets you send do not echo back, so they don't halt the ping-restart counter even if the connection is working. I'm not sure what the server's ping time is (or even if it has ping enabled at all), so don't set ping-restart too low. I suggest 120 seconds. - Worked for me, although I can't sign back into the router.Any ideas?Thanks
- I tried using this script on my WRT54G V3 router. It wouldn't work using UDP & port 1194 but when I switched to TCP and port 443 it worked. The only problem is the speed loss presumably as a result of the lack of CPU grunt in the router. I say 'presumably' because whenever I check the CPU load status it's typically between 20 - 40% so it's not maxing out. I'm going to try without any encryption and see how it works. I'll report back.
- The entire WRT54G series of routers uses a 200 Mhz CPU, so it will max out at around 260 kilobytes per second. (2 Megabits per second.) I have a WRT54GL that does the same. Here is a screenshot if you want to see.
- edited May 2014
Please change to UDP with port 443
Thanks for the info. It works. Maybe somebody could answer a question for me? I'm not really interested in the security that VPN gives me. I'm just using it to change my apparent location so I'd like to turn off all OpenVPN encryption (so as not sacrifice speed). I've been working with PIA tech support but so far we have been unsuccessful. The PIA tech said just change cipher bf-cbc to cipher none and auth sha1 to auth none. I tried all combinations but VPN will not connect. The PIA tech assured me that this should work. I also tried putting the server IP address instead of name in case there was a DNS issue. If I use the PIA Windows or Android clients I can turn off the security & it connects with no problem. So it certainly seems as if the PIA servers will accept a non-encrypted connection. Anybody know how to get the script working but with no encryption.
Dd-wrt Linksys E1200 V2
The router is listed on the link that you provided so probably it will be able to support your need. But just to remind you though, installing a 3rt party firmware to your router will automatically void the warranty of that device. .Attention. This video is OUTDATED! Please check out the newer version of this video: For more updated informat. This build: dd-wrt.v24-26138NEWD-2K2.6mega-nv64k.bin has 8000512 Bytes which is 7813 KB or 7.63 MB. Can I expect this to work with the Linksys E1200 v2? Or should I prefere the 'big' build dd-wrt.v24-26138NEWD-2K2.6big-nv64k.bin which is only 7406592 Bytes? Second question: the feature table says the 'mega' build has asterisk included. I also checked support for OpenWRT, however only the V1 is listed was listed so I moved to DD-WRT. I finally started to have some hope when I found Linksys WRT1200AC v2 listed in the router database. However the page simply presents you two files to download with no explanation of what you should do with them. Techdata: Linksys E1200 v2 This device is NOT RECOMMENDED for future use with OpenWrt due to low flash/ram. DO NOT BUY DEVICES WITH 4MB FLASH / 32MB RAM if you intend to flash an up-to-date and secure OpenWrt version (18.06 or later) onto it!