[SOLVED] Setting up personal VPN for streaming

[chi_town60608]

Hi all. I have a home in the US, but I am currently living in Romania. I have gigabit service in my US home with upload speeds in the 100mbps+ range. I would like to set up a VPN machine in my US home so that I can connect to through it to access ESPN+, Netflix, Amazon Prime, HBO Go, etc. as these are either completely blocked or limited when connecting outside the US. This box would always be on and the only thing it would be responsible for is the VPN server. I have a few questions I'm sure you all can help with.

1. I have an older laptop running Windows 10. I would like to use this to host the VPN server. These are the specs:

I7 Q740 @1.73GHz - Quad Core
Windows 10 Pro
4GB Ram (Can upgrade this if needed)
420GB free storage space

2. Should I set this up using the built-in service in Windows 10 or would something like OpenVPN be a better option? I'm sure I'll need help either setting it up or optimizing it, but figuring out the best option is the first thing I need to know.

3. In a perfect world, I would like to access the VPN server from iPads, iPhones, Smart TVs, an Unraid server, and possibly an Xbox. Is there a way to set this up to make all of those connections relatively painless?

I'm sure I'll have more questions, but I figure this will point me in the right direction.

 

[bill001g]

So first you need a function like dyndns in case your IP changes. You of course need a public IP to start with or you have no hope.

My recommended method would be to use routers to accomplish this rather than pc and apps loaded on your end devices.

Many routers support vpn server. You would run that at your USA home. The VPN client is a little less common but a lot of routers have this function. Asus running merlin firmware tends to be one of the easier ones.

Doing this allows all your device to use the USA internet with no changes. Something like TV are very hard if not impossible to load a vpn client on.

You can run it on a PC like you suggest but I would use OPENVPN rather than windows. The windows support is more used for remote access to the pc rather than using it as a router. If it is a dedicated box you could just load a linux vpn router image on it. It will have much better options. You still must use port forwarding to get this to work. The router need special vpn helper apps if you use PPTP or IPSEC. This is why people use OPENVPN even though it is a little slower.

Be aware if you use a router the CPU will cap your rates well before you hit the 100mbps. Some routers have hardware encryption accelerators but it is a small list. The cpu problem is on both ends. If you are hitting these limits you using a PC as the server in your house and loading vpn clients will give you more total throughput because a PC cpu is larger and you are running the vpn on many different cpu on the remote end.

I normally don't recommend router models but a couple asus rt-86u running merlin firmware is likely best. This router should be able to easily exceed the 100mbps upload rates because it has a encryption accelerator.

 

[chi_town60608]

So set up my router as the vpn service in the USA and then connect to it from Romania? If that's true, what method do I use to connect to to is from, say, an iPad or SmartTv?

 

[bill001g]

That is the problem in many cases. Can you load a openvpn app into the tv.

That also depends what vpn methods your home router supports. Many now support openvpn but older technology uses IPSEC. It tends to be much harder to get a IPSEC app for devices that are not a PC.

 

[SamirD]

I do this when I travel to my in-laws in India and need full access to my home network and need US Internet access to work. It's very common in business using a point-to-point ipsec vpn tunnel. You need vpn routers, but these are designed for this type of work so you can get wire-speed throughput through them.

The dynamic IP will be an issue when it changes, but in my experience this happens only when a carrier changes their backend equipment every few years.

 

[Alabalcho]

Pads, iPhones, Smart TVs, an Unraid server, and possibly an Xbox

You get second router to act as VPN client, and connect these device to that router.

 

[failboat]

What is your upload exactly? openvpn can be limited speed wise. newer wireguard could handle those speeds. either way to do AES at those speeds you will want two small servers on each side or go with the same router on each side. many small business brand routers will have vpn configuration through the gui.

pfsense is great for openvpn site-to-site. if you use an i3 with strong single core passmark AES-128b-GCN with AES-NI enabled on both sides you should be able to hit 200+ Mbs. mass wireguard adoption is incoming. if you do buy some basic servers and openvpn vpn isn't strong enough you have the flexibility to change it.

site-to-site only needs router configuration, no client side work. you can set fixed leases and then create rules for clients to make them use the vpn only.

Full traffic vpns can be tricky if you don't have a static ip. the client will need to access dns to resolve this ip. so you need extra firewall rules to ensure client traffic doesn't also leak through when the vpn is down.