Question Confused on Setting up the proper VPN Network for my home

nites2k

Reputable
Sep 26, 2017
9
0
4,510
0
So I have a desktop, a few wireless devices (typically 3), Roku and Firestick connected to a non-smart TV. I want to have them running under a VPN network via NordVPN. How to go about this is where my confusion lies. Setting up NordVPN on my phone or the desktop appears simple via the apps. However because I live in Canada my Roku and Firestick do not come with ease ability of downloading the apps that would have otherwise allowed me to connect them with NordVPN as well.


Another wrench in this query is that my modem/router (all in one [Telus Wi-Fi Modem – T300M]) does not seem to support DWRT (I think it does not? Honestly not sure if I am overlooking it or a section) so with this method I would have attempt to flash my modem/router? I have read that if done improperly it can corrupt the device and the modem/router is from my ISP’s. I have flashed things before for the MB like bios but that was about 10 years ago so I am weary.


A second solution seems to indicate that I should purchase another router to port into the modem/router. The purchased router should be flashed prior with DWRT or purchased flashed and when I connect it to a port and add NordVPN to that router’s profile everything should work? But if I port in another router to my modem/router would that curtail internet speed? And would having NordVPN on the new router on top of that impact speed as well?


A third solution seems to just build a computing device as the connecting device, ex. raspberry pi, and running NordVPN on that device? But I am confused with this method because I have read that this method has no impact on its connection with the ISP and thus not really doing its encryption job?


Sorry if this topic has already been discussed but I swear I checked before posting! If it’s not already obvious by my line of questioning, I am not remotely a seasoned veteran concerning this. I try to read up on it but I get confused on how to apply it to my specific living situation


Any thoughts, advice, comments appreciated!!
 

luketexas

Honorable
Sep 14, 2015
249
0
10,860
55
Hi, I would probably purchase a bridging router and run the VPN from that. This will encrypt all devices connected to the router. Simplicity is key.

Check out Nords articles-

Nord VPN router setup:
https://support.nordvpn.com/Connectivity/Router/1047409322/Setting-up-a-router-with-NordVPN.htm

Compatible routers: https://support.nordvpn.com/Connectivity/Router/1087269942/Which-router-should-I-use-with-NordVPN.htm

All VPNs will impact upload and download speeds, I don't have Nord so I couldn't comment. If they're offering a good service, like my VPN provider, then you generally wouldn't notice an impact in service.
 
It depends on how fast your internet connection is. You are going to need a different router than can run vpn software images.

The main issue is vpn software and especially openvpn which is what almost all VPN providers are using puts huge cpu load on a router. Even very fast routers will be limited to about 25-30mbps with vpn running.

If you have a faster internet you need a different device. A dual nic PC running one of the many free router software images tends to be the best option if you have a fast internet connection.

Normally I do not recommend any particualr routers because the manufacture change the internal parts but leave the name on the box the same. This has in the past meant routers that could run things like dd-wrt all the sudden no longer work because the internal chips are different.

There are a handful of routers that have a special cpu that has encryption acceleration instructions. One of the best options is the asus rt-ac86u. This router is actually getting a little old but I have not seen newer chipsets that support hardware encryption, This router still will only get you maybe 200mbps if you have a faster internet you need to use a actual PC that has a much more powerful cpu than any router.

Although Asus has taken many of the features I would still load the merlin third party firmware. The VPN support is one of the very best as far as ease of use and configuration. There are sample nord config files I am pretty sure that are cut and paste. The merlin image is supported on the smallnetbuilder.com forum.

Note many video providers block the use of VPN. Nord is better than some other vpn but it is still blocked by some services. You can in the merlin vpn setup configure traffic to bypass the vpn for things like that.
 

nites2k

Reputable
Sep 26, 2017
9
0
4,510
0
Hi, I would probably purchase a bridging router and run the VPN from that. This will encrypt all devices connected to the router. Simplicity is key.

Check out Nords articles-

Nord VPN router setup:
https://support.nordvpn.com/Connectivity/Router/1047409322/Setting-up-a-router-with-NordVPN.htm

Compatible routers: https://support.nordvpn.com/Connectivity/Router/1087269942/Which-router-should-I-use-with-NordVPN.htm

All VPNs will impact upload and download speeds, I don't have Nord so I couldn't comment. If they're offering a good service, like my VPN provider, then you generally wouldn't notice an impact in service.

Hey! thanks for the reply, very appreciated. I was thinking I may need to bridge it with another second router, just my brain gets foggy when trying to understand why lol. I ll check out your links, I do recall seeing the compatible routers link but was not sure if I need this route or the one with like raspberry pi or something.

Also out of curiousity what service do you use and would you recommend the same?
 

nites2k

Reputable
Sep 26, 2017
9
0
4,510
0
It depends on how fast your internet connection is. You are going to need a different router than can run vpn software images.

The main issue is vpn software and especially openvpn which is what almost all VPN providers are using puts huge cpu load on a router. Even very fast routers will be limited to about 25-30mbps with vpn running.

If you have a faster internet you need a different device. A dual nic PC running one of the many free router software images tends to be the best option if you have a fast internet connection.

Normally I do not recommend any particualr routers because the manufacture change the internal parts but leave the name on the box the same. This has in the past meant routers that could run things like dd-wrt all the sudden no longer work because the internal chips are different.

There are a handful of routers that have a special cpu that has encryption acceleration instructions. One of the best options is the asus rt-ac86u. This router is actually getting a little old but I have not seen newer chipsets that support hardware encryption, This router still will only get you maybe 200mbps if you have a faster internet you need to use a actual PC that has a much more powerful cpu than any router.

Although Asus has taken many of the features I would still load the merlin third party firmware. The VPN support is one of the very best as far as ease of use and configuration. There are sample nord config files I am pretty sure that are cut and paste. The merlin image is supported on the smallnetbuilder.com forum.

Note many video providers block the use of VPN. Nord is better than some other vpn but it is still blocked by some services. You can in the merlin vpn setup configure traffic to bypass the vpn for things like that.

Hello thanks for your interest! Yes Id like to believe my connection is fast.... for Canada. Its 15,00 mbps download with a 940 mbps upload speed. Fibre op connection

-When you mention a "dual nic" PC are you referring to this device specifically or just devices related to this like raspberry pi or arduino? Sorry still trying catch up on all this new stuff.

-"leave the name on the box the same" Do you mean try to buy the same brands? if so I would not be able to due to the router/modem coming exclusively from my isp, Telus.

-Ok so one of your recommendations for a bridging router is the asus rt-ac86u? and If I were to get this as the bridging router I would also need add merlin in order to set up the router for vpn?

-Yes im from the US, and living in Canada, entertainment wise is horrid, better off staring at book. At least in my perspective. My general concern is security because of my work but as well is to find a way to get streaming from the US or other locations. This would improve my research abilities for my job as well. If you know or have advice on alternatives of how to go about this or vpn service I am all ears!

Sorry if I sound a bit slow on this, its been a very long time since Ive been submersed in technical things
 
A dual nic pc has 2 ethernet ports. Some motherboard have them but you can add in a ethernet card in a PCIE slot in pretty much any PC. You need a WAN port and a LAN port at a very minimum to make your own router.

With a extremely fast connection like you have you will actually need a pc with a fairly fast CPU. Not sure its been a while since I saw the recommended vpn cpu charts.

A raspberry pi is not going to cut it. It has less cpu power than some routers. When raspberry announced their latest cpu a bunch of people got excited because the chipset they use included a feature called ARMv8 which does the encryption accelerator. What they found out was the cpu chips used by raspberry to cut costs where not licensed to have the encryption feature. So encrypted throughput is fairly poor on a raspberry pi.

What I mean by they leave the name on the box would be for example a tplink archer c5. There are 3 (maybe more) hardware versions. The first used a cpu from qualcomm, the second used a brodcom and the latest ones use mediatec. They all are called archer c5 even though the software they run is completely different/

The asus router will still limit you to about 200mbps but it is the fastest consumer router you are going to get for vpn. You can try it with the factory firmware. Asus with merlins approval integrates features into their base image. I do not keep track of what exactly they take but they didn't used to support the vpn acceleration and now people say it does. Merlin image is trivial to load and it is easy to go back to factory if you want unlike dd-wrt.

VPN when you are trying to get around the rules is very hit and miss. Nord is known to work for netflix. I know from using it that PIA is blocked both on netflix and amazon video. Other video services I don't know I have configured my vpn to cause all the traffic from the roku IP address to not use the VPN. So far I have not needed to use VPN to try to get video.
 
-Yes im from the US, and living in Canada, entertainment wise is horrid, better off staring at book. At least in my perspective. My general concern is security because of my work but as well is to find a way to get streaming from the US or other locations. This would improve my research abilities for my job as well. If you know or have advice on alternatives of how to go about this or vpn service I am all ears!
Is this is all you're trying to do, you don't even need nord. All you need to do is tunnel all your canada traffic back to your us home and out to the Internet that way. And the simplest way to do that is with an ipsec vpn tunnel. This is pretty easy to set up with an enterprise vpn router on each end that supports ipsec tunnels. Then you just make sure you have some routing rules in your router that all traffic goes over the tunnel and that's it.
 

nites2k

Reputable
Sep 26, 2017
9
0
4,510
0
Is this is all you're trying to do, you don't even need nord. All you need to do is tunnel all your canada traffic back to your us home and out to the Internet that way. And the simplest way to do that is with an ipsec vpn tunnel. This is pretty easy to set up with an enterprise vpn router on each end that supports ipsec tunnels. Then you just make sure you have some routing rules in your router that all traffic goes over the tunnel and that's it.
No.. it is not all that I want to do with it. I was just replying to one of the comments that was in respects to content streaming and using Nord VPN. I have other needs for it such as for work, security, as well as content streaming. My only issue that I have and why I am posting is trying to resolve how to overcome the issue of streaming on my TV correctly via vpn. Once I have a set up I believe I know how to connect my other devices that I would use for work and require security for. Sorry if I was not clear but I am from the US but I am currently living in Canada. I am not trying to setup something exclusively linked to that country as well.
 

nites2k

Reputable
Sep 26, 2017
9
0
4,510
0
A dual nic pc has 2 ethernet ports. Some motherboard have them but you can add in a ethernet card in a PCIE slot in pretty much any PC. You need a WAN port and a LAN port at a very minimum to make your own router.

With a extremely fast connection like you have you will actually need a pc with a fairly fast CPU. Not sure its been a while since I saw the recommended vpn cpu charts.

A raspberry pi is not going to cut it. It has less cpu power than some routers. When raspberry announced their latest cpu a bunch of people got excited because the chipset they use included a feature called ARMv8 which does the encryption accelerator. What they found out was the cpu chips used by raspberry to cut costs where not licensed to have the encryption feature. So encrypted throughput is fairly poor on a raspberry pi.

What I mean by they leave the name on the box would be for example a tplink archer c5. There are 3 (maybe more) hardware versions. The first used a cpu from qualcomm, the second used a brodcom and the latest ones use mediatec. They all are called archer c5 even though the software they run is completely different/

The asus router will still limit you to about 200mbps but it is the fastest consumer router you are going to get for vpn. You can try it with the factory firmware. Asus with merlins approval integrates features into their base image. I do not keep track of what exactly they take but they didn't used to support the vpn acceleration and now people say it does. Merlin image is trivial to load and it is easy to go back to factory if you want unlike dd-wrt.

VPN when you are trying to get around the rules is very hit and miss. Nord is known to work for netflix. I know from using it that PIA is blocked both on netflix and amazon video. Other video services I don't know I have configured my vpn to cause all the traffic from the roku IP address to not use the VPN. So far I have not needed to use VPN to try to get video.

Thank you! I hugely appreciate your help, I will have to review this info and get back to you. I believe I have a good idea of what you are saying but I think I may have a few questions in the near future.
 
No.. it is not all that I want to do with it. I was just replying to one of the comments that was in respects to content streaming and using Nord VPN. I have other needs for it such as for work, security, as well as content streaming. My only issue that I have and why I am posting is trying to resolve how to overcome the issue of streaming on my TV correctly via vpn. Once I have a set up I believe I know how to connect my other devices that I would use for work and require security for. Sorry if I was not clear but I am from the US but I am currently living in Canada. I am not trying to setup something exclusively linked to that country as well.
Yeah and this is where all the consumer vpn stuff has the consumers all messed up in the head. You're doing the same thing with nord except you pay for the traffic to come out of the end of their pipe. There's nothing special (or even particular safe) about vpn tunneling, but once the marketing folks got a hold of it, the type of solution you're working on becomes confusing at best and half-working when working. Anyone with corporate equipment can do what you want in a heartbeat as special routes and configurations like this are normal in the enterprise. I'm sure even nord would allow an ipsec tunnel connection, but you can just as easily use azure or aws.
 

nites2k

Reputable
Sep 26, 2017
9
0
4,510
0
Yeah and this is where all the consumer vpn stuff has the consumers all messed up in the head. You're doing the same thing with nord except you pay for the traffic to come out of the end of their pipe. There's nothing special (or even particular safe) about vpn tunneling, but once the marketing folks got a hold of it, the type of solution you're working on becomes confusing at best and half-working when working. Anyone with corporate equipment can do what you want in a heartbeat as special routes and configurations like this are normal in the enterprise. I'm sure even nord would allow an ipsec tunnel connection, but you can just as easily use azure or aws.
Well its like I said originally I am not an expert and relatively new at all of this networking. The solution that Bill001g was providing did not appear all that confusing to me. But if you are aware of a better solution, less complicated, and safe then I would appreciate it if you can oblige me. Perhaps explain the process in a elementary way for me? I understand the route you are explaining but if you could explain the specifics of how I could make it happen, i'd appreciate it.
 
Well its like I said originally I am not an expert and relatively new at all of this networking. The solution that Bill001g was providing did not appear all that confusing to me. But if you are aware of a better solution, less complicated, and safe then I would appreciate it if you can oblige me. Perhaps explain the process in a elementary way for me? I understand the route you are explaining but if you could explain the specifics of how I could make it happen, i'd appreciate it.
The solution that bill001g presented is how it's usually done. But imo, that's kind of a bandaid way to do it since the enterprise way to do it is more robust. However, this method does expect you to 'own' both ends of the connection, ie have control on both sides. If you can't control both sides, you won't be able to do it the enterprise way and have to do the semi-hokey consumer workaround that has become an industry in itself.
 

nites2k

Reputable
Sep 26, 2017
9
0
4,510
0
The solution that bill001g presented is how it's usually done. But imo, that's kind of a bandaid way to do it since the enterprise way to do it is more robust. However, this method does expect you to 'own' both ends of the connection, ie have control on both sides. If you can't control both sides, you won't be able to do it the enterprise way and have to do the semi-hokey consumer workaround that has become an industry in itself.
So It can be done with a relative or a friend?
 
If you have someone that will let you use their internet connection that lives in the USA you can use it for a private vpn.
Many routers have a vpn server function....many more than have the client. This is normally used to allow remote access to lan devices but you can use it to make it appear your PC in in that house and use the internet rather than where your PC is actually located.

There are issues using commercial VPN like say nord. Some video companies find the VPN companies IP addresses and block them. You also tend to get lots of captcha things from google because you share the ip with other users and google detects that.....they really want to track you and this is messing it up for them.

Using a friends connection has the huge advantage that it works for almost anything and has no extra month fee.
Some things you need to be careful of. The connection must have a public ip address so you can connect to the router. Next you need to see how high the UPLOAD bandwidth is. Traffic your remote machines will download say video like any other machine to their house but it then sends it to your remote machine over the vpn using the upload bandwidth. So their upload rate is going to be your remote maximum download rate.

Obviously if you are going to do anything even slightly sketchy that might result in a IP ban you never want to use a friends internet.
 

ASK THE COMMUNITY

TRENDING THREADS