[SOLVED] Network extender with OpenVPN

[sticktwig]

Seeking a solution to an odd situation. I picked up the current NordVPN deal which allows 6 devices. Including desktops, laptops and devices, we have a total of 10 devices I would like to access the internet through a VPN. I have a travel router which supports OpenVPN, but I discovered it works as an extender, which doesn't support OpenVPN, or as a standalone router which offers firewall, DNS, and OpenVPN.

Is it possible for an extender to be an extender yet also tunnel through using OpenVPN? If so, does such a device exist?

Details: I have a wireless mesh network through the entire house, one of those access points in our family room. I don't want our entire network, including the Roku devices, to run through the VPN. So I as going to use the travel router connected to the family room access point and connect my daughter's desktop (using a wireless card) and our laptops to access the wireless router in place of the mesh access point. This would move three devices we nearly always keep in that room onto the VPN using only a single point, which would put the other devices through the VPN to balance things.

Any thoughts? Thanks

 

[bill001g]

There might be some device that can do it but it is not a real common requirement and is messy to implement.

The key problem is extender/ap is a layer 2 device. The 1 IP address it has is used for management. The traffic from your PC does not actually go to that IP it is being sent to the gateway on your router to get to the internet.

Now technically the traffic passes through the remote device so it could in theory intercept the traffic or maybe you could use other IP.

You best option is to put the VPN on the main router. I know asus routers have the ability to put in lists of devices that use the VPN and ones that bypass it. Other vendors that support openvpn on the router should have similar abilities since it is a common requirement.

 

[sticktwig]

There might be some device that can do it but it is not a real common requirement and is messy to implement.

The key problem is extender/ap is a layer 2 device. The 1 IP address it has is used for management. The traffic from your PC does not actually go to that IP it is being sent to the gateway on your router to get to the internet.

Now technically the traffic passes through the remote device so it could in theory intercept the traffic or maybe you could use other IP.

You best option is to put the VPN on the main router. I know asus routers have the ability to put in lists of devices that use the VPN and ones that bypass it. Other vendors that support openvpn on the router should have similar abilities since it is a common requirement.

Thanks for the response and information. I'm wondering if my best option then is to just go with an OpenVPN gateway, if I'm using that term correctly. I currently have a Verizon FIOS modem/router and a mesh network, neither supporting OpenVPN.

Some research makes me think a third router running DD-WRT might be a better option. I could put it in switch only mode using my VPN's OpenVPN settings to build the channel. My only issue is all traffic will be routed through the VPN, though I'm still pulling 50mbps with the VPN connected. I'm paying for 50 and getting close to 90, so it doesn't feel like a loss (and for once I have to praise Verizon).

Any thoughts on whether this makes better sense? Thanks again

 

[bill001g]

If you are looking to buy a new router I would go with a asus rt-ac86u-ac2900 Normally I don't recommend specific routers. For VPN this router is better than most. It uses a different cpu that has hardware accelerator for openvpn. Unlike most router that top out at about 30mbps for vpn this router can do almost 200mbps.
This is partially dependent on which form of cipher you use some do a better job of using the accelerator. You need to search for this because I forget.

This chipset is getting almost 2 years old so maybe there is a newer one that has this but for now I only know that broadcom bcm490(6/8) is the only one.

The best software is the merlin image. I think most the features have moved to the asus mainline code but I still run merlin. One of the nice features of the vpn client in the router is you can put in a list of things you want to bypass the vpn. Depends how complex your list of things to bypass is.

 

[sticktwig]

If you are looking to buy a new router I would go with a asus rt-ac86u-ac2900 Normally I don't recommend specific routers. For VPN this router is better than most. It uses a different cpu that has hardware accelerator for openvpn. Unlike most router that top out at about 30mbps for vpn this router can do almost 200mbps.
This is partially dependent on which form of cipher you use some do a better job of using the accelerator. You need to search for this because I forget.

This chipset is getting almost 2 years old so maybe there is a newer one that has this but for now I only know that broadcom bcm490(6/8) is the only one.

The best software is the merlin image. I think most the features have moved to the asus mainline code but I still run merlin. One of the nice features of the vpn client in the router is you can put in a list of things you want to bypass the vpn. Depends how complex your list of things to bypass is.

Do you know of any solutions that are not wireless? While researching, I discovered my mesh network offers an AP mode. It works great to cover our house, so buying another wireless router is overkill. But if there is a standard OpenVPN capable router I am interested.

Thanks for the thoughts.

 

[bill001g]

You can always use a small dual nic pc. Almost all the free linux firewalls also support openvpn and being a actual computer even fairly old devices pass huge amount of vpn traffic.