• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Home Networking GAF - VPNs, routers, modems, APs etc

DGrayson

Mod Team and Bat Team
Staff Member
Not sure if this is a good idea but Ive been doing a lot of upgrading to my home network and perhaps this could be a place to get togther to discuss this stuff as its not quite all gaming related.

What are some of your home network setups?

What VPN(s) do you use? Why choose that one?

Could be a fun discussion and perhaps help out those who dont know shit (like me).

Also share pics, messier the better dont worry if it doenst look great! Messy setups are fun!


Eventually I would like to build the OP with lots of links and How Tos and other resources. But as I am no expert I dont want to post bad information. Please let me know what should be added to really make the OP look great and be informative.



Resources

Forwarding/Opening Ports on your router



Recommneded Hardware

Easy to setup and manage routers/wifi mesh systems




Comparisons of Custom Firmware for Certain Routers (make sure your router is supported)
- DD-WRT vs Tomato vs OpenWRT



 
Last edited:

DGrayson

Mod Team and Bat Team
Staff Member
My current setup is pretty simple

100/50 Mbps Fiber goes into an Asus RT-ac68u (1900) router. Router feeds into a couple network switches over my apartment which is wired for ethernet.

Wifi is pretty good but one room the coverage isnt great and due to my thick cement walls I generally stick to 2.4ghz as 5ghz doesnt have the same range. Generally everything possible is wired with ethernet.

My gaming PC is also hooked up with a powerline adaptor as its not possible to get a true hard wire connection there. The powerline is a TP Link 1200 model which works pretty well.

Unfortunatley my ISP just implemented CGNAT which really fucked me for Plex and some other things I need ports open for. I am waiting for them to reallocate me a public ipv4 address but they are slow as shit.

Current plans for the home network;

- Get that public IPv4 address
- Get a VPN which will be set up on the router itself and some devices will go through teh VPN while others will go direct to the WAN. For this I believe I need to install custom firmware on teh Asus
- Set up a virtual machine on my server for certain tasks
- Upgrade the router to a faster Asus model which should help when passing traffic through the VPN which I understand can degrade speeds
- Set up guest SSIDs which will route through the VPN
- Once upgraded, check the WIFI access in teh apartment to see coverage. Possibly to add additionl APs or set up my old Asus router as an AP or with the Asus WIFI mesh system


Ill keep GAF updated as I go but I dont know shit about Linux other than setting up a raspberry pi for a music station once.
 

JORMBO

Darkness no more
Nothing fancy for me. I have the router Comcast rents out and all my devices go through Nord VPN. My consoles are all next to the router/modem so they are hard wired. My PC goes through wireless. I want to try and hard wire my office but I don’t think it would be easy to run to wire at this point. I do have a 50ft Ethernet cable I temporarily plug in if I want a large file quick.

I bought Nord after reading reviews and it was cheap at the time. I think $90/3yrs? It’s kind of hit or miss. They have a ton of servers. Sometimes it kicks me to a slow one and I have to reconnect. Once I get a good one though it usually maintains good speed with no issues.

I should probably look into getting my own router/modem. My dad got one that’s better then the Comcast one and it pays for itself after a year or so since you can then drop the rental fee.
 
Last edited:

DGrayson

Mod Team and Bat Team
Staff Member
Nothing fancy for me. I have the router Comcast rents out and all my devices go through Nord VPN. My consoles are all next to the router/modem so they are hard wired. My PC goes through wireless. I want to try and hard wire my office but I don’t think it would be easy to run to wire at this point. I do have a 50ft Ethernet cable I temporarily plug in if I want a large file quick.

I bought Nord after reading reviews and it was cheap at the time. I think $90/3yrs? It’s kind of hit or miss. They have a ton of servers. Sometimes it kicks me to a slow one and I have to reconnect. Once I get a good one though it usually maintains good speed with no issues.

I should probably look into getting my own router/modem. My dad got one that’s better then the Comcast one and it pays for itself after a year or so since you can then drop the rental fee.


For your PC I would definitely recommend a powerline adapter. They are really fast and mine are super stable.

Do you route all your traffic through Nord or just on a per device basis or per "when you need to" basis?
 

JORMBO

Darkness no more
For your PC I would definitely recommend a powerline adapter. They are really fast and mine are super stable.

Do you route all your traffic through Nord or just on a per device basis or per "when you need to" basis?

I'll have to check into that. Which adapter do you use?

I have Nord installed my my desktop and laptop. My laptop is just an old work one I bought super cheap when they gave me a new one. It sits on my coffee table and I mostly just use it for surf GAF and watching Youtube on the couch so I don't really use it there. I run it all the time on my desktop.
 

DGrayson

Mod Team and Bat Team
Staff Member
I'll have to check into that. Which adapter do you use?

I have Nord installed my my desktop and laptop. My laptop is just an old work one I bought super cheap when they gave me a new one. It sits on my coffee table and I mostly just use it for surf GAF and watching Youtube on the couch so I don't really use it there. I run it all the time on my desktop.


These are the powerline adapters I use (well similar to what I have) https://www.amazon.com/dp/B01H74VKZU/?tag=neogaf0e-20


71Rczu0hwiL._AC_SL1500_.jpg



The ones i have are a bit slower (they are 4 years old) but they have 3 ethernet ports on the bottom not 2. Just remember when you use them you cannot plug them into a power strip. You have to plug them direct into the wall or if you need an extension you can use one but it has to be a "dummy" extension, basically an extension cable with a simple plug on one end and a simple receiver plug on the other end is best. If you need a powerstrip you plug it on the outside of the powerline adaptor



When you are using your desktop with VPN on do you notice a loss of speed? Have you ever tried a speed comparison test?
 
Last edited:

JORMBO

Darkness no more
These are the powerline adapters I use (well similar to what I have) https://www.amazon.com/dp/B01H74VKZU/?tag=neogaf0e-20


71Rczu0hwiL._AC_SL1500_.jpg



The ones i have are a bit slower (they are 4 years old) but they have 3 ethernet ports on the bottom not 2. Just remember when you use them you cannot plug them into a power strip. You have to plug them direct into the wall or if you need an extension you can use one but it has to be a "dummy" extension, basically an extension cable with a simple plug on one end and a simple receiver plug on the other end is best. If you need a powerstrip you plug it on the outside of the powerline adaptor



When you are using your desktop with VPN on do you notice a loss of speed? Have you ever tried a speed comparison test?

Thanks I'll check those out. I feel the speed up in my office where my PC is could be a bit better.

VPN does slow things down, but not enough to notice for most things. If I'm downloading a large game from Steam I'll usually disconnect it. Sometimes I just run my 50ft cord down to the modem, download and then unplug to cord. I only use that if I am feeling really impatient though.
 
Last edited:

StreetsofBeige

Gold Member
That reminds me. My Xbox NAT settings have always been showing Moderate.

doesn’t seem to make a difference me playing online or partying up.

One day I’ll figure out his to make it Open and see if it makes a difference
 
Last edited:

DGrayson

Mod Team and Bat Team
Staff Member
That reminds me. My Xbox NAT settings have always been showing Moderate.

doesn’t seem to make a difference me playing online or partying up.

One day I’ll figure out his to make it Open and see if it makes a difference


I think you would need to make your Xbox have a static IP on your network, and then open a port and direct your xbox to connect through that port (half the time i feel like im talking out of my ass we really need some network professionals on this thread). but I am pretty sure that is what you need to do.

Portforward.com is a great resource for that and usually have different guides for different routers. Here is some info as well



Let us know if you ever give it a try!
 

jshackles

Gentlemen, we can rebuild it. We have the capability to make the world's first enhanced store. Steam will be that store. Better than it was before.
I have a career in networking, but a lot of the time that knowledge base in my head doesn't transfer 1:1 to home networking equipment, though I'm happy to answer people's questions if I can!

For my home stuff, I prefer SIMPLE. Like I said, I work (and fight) with this crap at work so the last thing I want to do is come home after a long day and fiddle with router settings. About four years ago I bought one of these (the TP-LINK model) and I've been super happy with it


Easy to set up, easy to configure, easy to keep tabs on what device is hogging bandwidth, as to troubleshoot most issues using their Google Wifi phone app (even when I'm at work), notifications when my ISP goes offline, etc.

However, lately I've been recommending this beast to people who need an easy "all in one" solution and most people I've recommended it to have had good luck with it


These devices obviously lack the ability for you to fine-tune everything if that's your jam. I usually tell people it's like the difference between buying an Apple MacBook or trying to install Linux on a laptop. Either is a perfectly valid choice, but pick the device that will be right for you.
 

DGrayson

Mod Team and Bat Team
Staff Member
I have a career in networking, but a lot of the time that knowledge base in my head doesn't transfer 1:1 to home networking equipment, though I'm happy to answer people's questions if I can!



We got our first network professional! Welcome jshackles jshackles !

Question re those Google routers. Do they also have hardwired ethernet ports? Or are they mainly designed for WIFI?

That Amplifi looks like a beast.
 

jshackles

Gentlemen, we can rebuild it. We have the capability to make the world's first enhanced store. Steam will be that store. Better than it was before.
We got our first network professional! Welcome jshackles jshackles !

Question re those Google routers. Do they also have hardwired ethernet ports? Or are they mainly designed for WIFI?

That Amplifi looks like a beast.
The TP Link router I have has one WAN port (that your modem plugs into) and one LAN port (that you can plug a hard-wired device into) and everything is pretty well hidden as the cover snaps over the cabling. The Amplifi Alien I linked has 4x LAN ports.

Since I have a few wired devices near my PC (Raspberry Pi running Pi Hole, my primary PC, a network printer, Obihai phone adpater for Google Voice, Synology NAS, etc) I just have a generic 8 port wired gigabit unmanaged switch plugged into my router's LAN port and then everything else wired in to that. Everything else in my house that isn't near my primary PC is wireless (game consoles, laptops, phones, even my Nvidia Shield) and the performance is great.
 

DGrayson

Mod Team and Bat Team
Staff Member
Nice to get some detail about your setup! I have 4 unmanaged switches myself. Two 5 port ones and two 8 port ones. Not all are hooked up yet as I am still figuring out what I am going to do with my router situation. I am still debating a dual router setup with one router connected to a VPN so you can more easily switch between routers depending if you want VPN or not, but that would only be on the WIFI side.

There is a custom firmware you can install on certain Asus routers which allows you to direct certain IP devices to use a VPN if installed on the router level and certain to use the regular WAN. You can also use it to set up guest networks which are connected to the VPN.

I am still wrapping my head around all that. A lot of this stuff required Linux code inputs and whenever I see that I just get lost/turned off.


I would love it if you shared some more info on Pi Hole. that is another one of my future projects. Do you have it running on a Zero? I read somewhere that some peopel think it blocks TOO much stuff. What do you think? My wife hates it when IT and electronics stuff just "dont work" so I dont want to go overboard but I really want to set up that Pi Hole.
 
Last edited:

RavenSan

Off-Site Inflammatory Member
If you've got some moderate IT chops (and some money to burn, tbf), go with a full on UniFi setup. I have a whole Unifi setup in my place. Just did it myself. I'm a SysAdmin by trade (so I dabble in networking, but it's not my forte).

My setup is

Fios Gigabit > Unifi Security Gateway > netgear POE switch (need to upgrade this) > UniFi AP AC-PRO -- I've got a bigish house, and the one AP covers everything really well.

If you can do the setup, setup the Unifi Controller on a RasPI and install Pi-Hole as your DNS server. It makes SUCH a huge difference. Network wide ad blocking w/ no browser add ins, no annoying "You're using an ad-blocker" pop ups on sites, etc.
 

DGrayson

Mod Team and Bat Team
Staff Member
If you've got some moderate IT chops (and some money to burn, tbf), go with a full on UniFi setup. I have a whole Unifi setup in my place. Just did it myself. I'm a SysAdmin by trade (so I dabble in networking, but it's not my forte).

My setup is

Fios Gigabit > Unifi Security Gateway > netgear POE switch (need to upgrade this) > UniFi AP AC-PRO -- I've got a bigish house, and the one AP covers everything really well.

If you can do the setup, setup the Unifi Controller on a RasPI and install Pi-Hole as your DNS server. It makes SUCH a huge difference. Network wide ad blocking w/ no browser add ins, no annoying "You're using an ad-blocker" pop ups on sites, etc.


Yes i was looking to setup pihole on a zero and put it direct on my router for the same effect (i think) (network wide).
 

jshackles

Gentlemen, we can rebuild it. We have the capability to make the world's first enhanced store. Steam will be that store. Better than it was before.
I would love it if you shared some more info on Pi Hole. that is another one of my future projects. Do you have it running on a Zero? I read somewhere that some peopel think it blocks TOO much stuff. What do you think? My wife hates it when IT and electronics stuff just "dont work" so I dont want to go overboard but I really want to set up that Pi Hole.

I have it running on a Raspberry Pi 3B I had laying around and it's more than adequate for Pi Hole. I've seen some tutorials on running it on the Zero (haven't tried it myself as I don't have one) but it looks like it's pretty slow to set up initially but runs fine. Some tutorials I looked at said the installation script had to run for half an hour or more which seemed pretty excessive to me.

The Pi Hole is easily one of the most "wife friendly" pieces of technology I've set up. My wife was getting mad at all the facebook ads she was seeing on her phone, or on apps she would download on her Chromebook which all vanished with the Pi Hole's default settings. There was some initial configuration I had to do though, for example out of the box it blocks all Microsoft telemetry data (good) but it got a bit overzealous to the point that achievements were no longer working on my Xbox. I found a list of host names to add to my local whitelist and all is well now (although it took me a few weeks to figure out what was wrong because the Xbox gave me no indication that things were wrong except I finally realized I wasn't earning achievements I should have been). Thankfully once I fixed that, they all popped at once.

The interface on Pi Hole is also pretty simple to navigate. It's trivially easy to log into the admin dashboard, see the list of DNS queries, and just click "add to whitelist" (for things you want to allow) or "add to blacklist" (for things you want to block).
 

DGrayson

Mod Team and Bat Team
Staff Member
My only point to see if it could run on a zero was to save energy costs. I have enough things runnimg 24/7 🙄


When i get there to set it up i may ask for some help but i will be sure to build a small tutorial for this thread.
 

RavenSan

Off-Site Inflammatory Member
The Pi Hole is easily one of the most "wife friendly" pieces of technology I've set up. My wife was getting mad at all the facebook ads she was seeing on her phone, or on apps she would download on her Chromebook which all vanished with the Pi Hole's default settings. There was some initial configuration I had to do though, for example out of the box it blocks all Microsoft telemetry data (good) but it got a bit overzealous to the point that achievements were no longer working on my Xbox. I found a list of host names to add to my local whitelist and all is well now (although it took me a few weeks to figure out what was wrong because the Xbox gave me no indication that things were wrong except I finally realized I wasn't earning achievements I should have been). Thankfully once I fixed that, they all popped at once.

Got that list handy? Hahaha, I haven't noticed anything strange about xbox achievements, but it never hurts to double check.
 

jshackles

Gentlemen, we can rebuild it. We have the capability to make the world's first enhanced store. Steam will be that store. Better than it was before.
Got that list handy? Hahaha, I haven't noticed anything strange about xbox achievements, but it never hurts to double check.
I used this list:


basically just whitelist

v10.events.data.microsoft.com
v20.events.data.microsoft.com

And you should be golden, but there are a few other domains at that link you might want to allow just in case.
 

RavenSan

Off-Site Inflammatory Member
I used this list:


basically just whitelist



And you should be golden, but there are a few other domains at that link you might want to allow just in case.

Thanks homie
 

Kenpachii

Member
Not sure if its part of network department but hey gotta ask it somewhere.

I got this thing

Mede8er MED600X3D

But upgraded my network recently, thing has a USB HDD connected that i use as backup drive and storage for movies/series etc that i ripped a while ago. the problem however thing has a 100mb/s network interface on it which i can't speed up. Which is terrible when i copy over terabytes of data. So i want a bit faster version of 1gbit or even 10gbit if possible that also plays new and old media's. I got old ripped movies that are hard to not gainable anymore in my country of tv shows and i want to keep those. Which means it needs to run dvd's but also x265 or new media which the med600x3d also doesn't support.

Anybody a idea?
 

DGrayson

Mod Team and Bat Team
Staff Member
Not sure if its part of network department but hey gotta ask it somewhere.

I got this thing

Mede8er MED600X3D

But upgraded my network recently, thing has a USB HDD connected that i use as backup drive and storage for movies/series etc that i ripped a while ago. the problem however thing has a 100mb/s network interface on it which i can't speed up. Which is terrible when i copy over terabytes of data. So i want a bit faster version of 1gbit or even 10gbit if possible that also plays new and old media's. I got old ripped movies that are hard to not gainable anymore in my country of tv shows and i want to keep those. Which means it needs to run dvd's but also x265 or new media which the med600x3d also doesn't support.

Anybody a idea?


So you need it to play physical discs too? What is your budget?
 

DGrayson

Mod Team and Bat Team
Staff Member

Ya I had heard of the firmware just not sure in what context he was mentioning it.

For Asus routers (which I have) it seems the WRT Merlin firmware is the most popular one. I guess that is related to Open WRT which you linked it? Not sure. Would be happy to learn more about other versions though.
 

Virex

Banned
Ya I had heard of the firmware just not sure in what context he was mentioning it.

For Asus routers (which I have) it seems the WRT Merlin firmware is the most popular one. I guess that is related to Open WRT which you linked it? Not sure. Would be happy to learn more about other versions though.
Not sure either. Will have a look. But will go down the rabbit hole. Will check out the source code on their github as well.
 

DGrayson

Mod Team and Bat Team
Staff Member
Not sure either. Will have a look. But will go down the rabbit hole. Will check out the source code on their github as well.

Ya I am going to install the WRT Merlin on my Asus router because I believe I need it in order to do "policy based routing". The idea being that the router will have a VPN installed directly on it, with some traffic being directed to the VPN and some traffic direct to my WAN
 

EekTheKat

Member
Bit of a rambling rant - but figured I'd jump in to share a few tidbits :

Some sites I use fairly regularly to make sure I didn't mess up anything :

https://dslreports.com/stest - old school jitter test


These two are usually pretty good for testing VPN's.

I went from pretty much stock firmware over to DD-wrt as a test back in the day, then went over to openwrt once I realized openwrt had a ton of features/packages - and fairly recently moved over to pfsense for my own personal little lab at home.

Pfsense has been rock stable compared to pretty much every other custom firmware I've tried, but it's a little behind on features and can be a bit difficult to use. running it on an i5 also pretty much means a fairly maxed out VPN connection as well. I've been thinking about moving back to openwrt though, as the cake shaper seems like it's pretty good if you have the hardware to support it.

I own several of those off brand mini pc boxes that run as a router - I use these mostly because they've been a good deal faster than the majority of ARM based routers. . They're fairly weak as PC's but way overkill for a router, at least vs those with a fairly low powered CPU/chipset.

I've read some interesting articles about one of the newer ASUS routers offering AES-NI acceleration for VPN connections - making it as fast or at least in the ballpark of the little i5 boxes I've been running though. Would be interesting to play around with one but I've been slightly derailed with some other projects lately.
 
Last edited:

DGrayson

Mod Team and Bat Team
Staff Member
was thinking about something around 200 bucks. physical isn't required but if its in there dvd would be fine as i only got old stuff physical.

What about somethign like this? Couldnt you hook up the USB hard drive to it? It supports X265.


Also I recommend to rip your DVD collection to MKV using MAKEMKV. Its really simple. I did it myself a couple years ago.
 

DGrayson

Mod Team and Bat Team
Staff Member
Bit of a rambling rant - but figured I'd jump in to share a few tidbits :

Some sites I use fairly regularly to make sure I didn't mess up anything :

https://dslreports.com/stest - old school jitter test


These two are usually pretty good for testing VPN's.

I went from pretty much stock firmware over to DD-wrt as a test back in the day, then went over to openwrt once I realized openwrt had a ton of features/packages - and fairly recently moved over to pfsense for my own personal little lab at home.

Pfsense has been rock stable compared to pretty much every other custom firmware I've tried, but it's a little behind on features and can be a bit difficult to use. running it on an i5 also pretty much means a fairly maxed out VPN connection as well. I've been thinking about moving back to openwrt though, as the cake shaper seems like it's pretty good if you have the hardware to support it.

I own several of those off brand mini pc boxes that run as a router - I use these mostly because they've been a good deal faster than the majority of ARM based routers. . They're fairly weak as PC's but way overkill for a router, at least vs those with a fairly low powered CPU/chipset.

I've read some interesting articles about one of the newer ASUS routers offering AES-NI acceleration for VPN connections - making it as fast or at least in the ballpark of the little i5 boxes I've been running though. Would be interesting to play around with one but I've been slightly derailed with some other projects lately.


Thanks Ill work on adding some of these links to the OP.

Can you explain what "jitter" is for dummies?
 

EekTheKat

Member
Thanks Ill work on adding some of these links to the OP.

Can you explain what "jitter" is for dummies?

heh I think I goofed a bit - the link I posted for dslreports is for buffer bloat (which can be a cause of jitter). I just use it to tune my network with a traffic shaper/limiter so things feel better. Because I do game somewhat I tend to try and tune my internet for more gaming related stuff. I think the buffer bloat site is a bit more end user friendly with their grading system over the actual jitter/ping tool that I think gave more numerical results.

terminology as I understand them - anyone with a deeper dive into this stuff feel free to jump in and correct me :

Jitter - consistency of ping times. Ping a site or something 10 or 20 times, look at the difference between each ping result. If that difference fluctuates wildly between low and high that's a sign of poor jitter. If it's a fairly consistent result then that's considered relatively good jitter.

ipleak.net : tells you what other sites see when you visit them, because sites do see some connection details when you connect to them even through a VPN. If it gives your VPN details then you're usually good. If it shows your isp details then the VPN isn't working correctly or something is borked with your routing. Of note there's something called STUN and WebRTC that's way beyond my understanding that can also be the cause of some IP leaks.

dnsleaktest shows what dns server you are using (which can indication of a VPN leaking). Connect to a VPN and you should see something other than your ISP's DNS resolvers (or the resolvers you set on your own client).

Rolling your own VPN server at home - I think everyone should be sort of aware of certain risks involved in doing so :

if you roll your own VPN - it could potentially not offer you very much legal protection - as the exit ip can still be traced back to you. Your own home spun VPN can be fairly good at preventing people from intercepting your data however..

It's pretty cool to access stuff on a home network remotely and securely however, and because you roll your own VPN server at home, the endpoint should be considered a residential IP, so online services that block VPN providers should allow you to still use their services.

A VPN company can offer some degree of legal protection - as the exit IP will be registered to a VPN company, but you'll have to trust they're not going to do some shady stuff with your data once it hits their servers.

There is however an ever ongoing war between online services (like netflix) and VPN providers. Some services absolutely do not want you to use a VPN. Outside of stuff like netflix my bank for example blocks a good chunk of my VPN servers.

If you're running a VPN client on a router (to share a VPN) - be aware that OpenVPN rely on CPU clockspeed for performance. The cheaper off the shelf routers often will only do a fraction of the speed of your line if it's really low powered.

Wireguard so far has been the real deal however, considerably faster than OpenVPN on lower end hardware, and clients available on a fairly good variety of OS/hardware.



===

Free VPN's are a no no.

Paid VPN's are a maybe (depends on your goal/usage case).

Homespun VPN servers : good if you're aware of the risks involved.
 
Last edited:

DGrayson

Mod Team and Bat Team
Staff Member
heh I think I goofed a bit - the link I posted for dslreports is for buffer bloat (which can be a cause of jitter). I just use it to tune my network with a traffic shaper/limiter so things feel better. Because I do game somewhat I tend to try and tune my internet for more gaming related stuff. I think the buffer bloat site is a bit more end user friendly with their grading system over the actual jitter/ping tool that I think gave more numerical results.

terminology as I understand them - anyone with a deeper dive into this stuff feel free to jump in and correct me :

Jitter - consistency of ping times. Ping a site or something 10 or 20 times, look at the difference between each ping result. If that difference fluctuates wildly between low and high that's a sign of poor jitter. If it's a fairly consistent result then that's considered relatively good jitter.

ipleak.net : tells you what other sites see when you visit them, because sites do see some connection details when you connect to them even through a VPN. If it gives your VPN details then you're usually good. If it shows your isp details then the VPN isn't working correctly or something is borked with your routing. Of note there's something called STUN and WebRTC that's way beyond my understanding that can also be the cause of some IP leaks.

dnsleaktest shows what dns server you are using (which can indication of a VPN leaking). Connect to a VPN and you should see something other than your ISP's DNS resolvers (or the resolvers you set on your own client).

Rolling your own VPN server at home - I think everyone should be sort of aware of certain risks involved in doing so :

if you roll your own VPN - it could potentially not offer you very much legal protection - as the exit ip can still be traced back to you. Your own home spun VPN can be fairly good at preventing people from intercepting your data however..

It's pretty cool to access stuff on a home network remotely and securely however, and because you roll your own VPN server at home, the endpoint should be considered a residential IP, so online services that block VPN providers should allow you to still use their services.

A VPN company can offer some degree of legal protection - as the exit IP will be registered to a VPN company, but you'll have to trust they're not going to do some shady stuff with your data once it hits their servers.

There is however an ever ongoing war between online services (like netflix) and VPN providers. Some services absolutely do not want you to use a VPN. Outside of stuff like netflix my bank for example blocks a good chunk of my VPN servers.

If you're running a VPN client on a router (to share a VPN) - be aware that OpenVPN rely on CPU clockspeed for performance. The cheaper off the shelf routers often will only do a fraction of the speed of your line if it's really low powered.

Wireguard so far has been the real deal however, considerably faster than OpenVPN on lower end hardware, and clients available on a fairly good variety of OS/hardware.



===

Free VPN's are a no no.

Paid VPN's are a maybe (depends on your goal/usage case).

Homespun VPN servers : good if you're aware of the risks involved.



Thanks Ill work on adding some of that to the OP. I still am not sure what "rolling your own VPN" means. Is that different than putting a VPN direct on your router?
 

EekTheKat

Member
Thanks Ill work on adding some of that to the OP. I still am not sure what "rolling your own VPN" means. Is that different than putting a VPN direct on your router?


Yeah it's more or less the same as running a VPN serveron your router. Some people also run a VPN on a virtual private server that's faster - but has the same problem in that the endpoint IP will usually point to a name that it's registered to.

I'm sure some of the more savvy people that know about anonymous payments and/or how to rent a VPS from a company that accepts anonymous payments can chime in with more detail.

Home/Self hosted VPN's -

Somewhat protected from snooping when on a guest network or public wifi.
can potentially allow services that block VPN's to allow access. I use to VPN back home to the states and certain services would recognize me as connected from my home IP.
pretty cool to be able to access home devices securely.

A general note about VPN's : services such as banks/financial institutions severely frown upon a use of a VPN - so much so that they'll often block them, and not just the likes of Netflix and other streaming services.

A lot of these blocks are going by whether or not the your IP is classified as residential or not. Typically this is where your home VPN server has somewhat of an advantage over third party VPN companies.

But because it's a residential IP -

You do expose your home IP - Some router logs will show you connecting to your home IP, but they won't be able to see what you're doing. (Source : My own pfsense router can see a connection to a VPN server, but cannot see what that connection is doing).

I was also warned by someone else before that some admins would see it as a bit suspicious that all your traffic is coming from and to one IP only on their network.

I mostly wanted to point out the difference between a self hosted VPN and a third party hosted VPN from my own experience. A VPN isn't exactly bulletproof in every situation.

YMMV of course, this is all from someone with an enthusiast level knowledge of how this stuff works (never really properly trained in it).
 

DGrayson

Mod Team and Bat Team
Staff Member
I did a lot of research on VPNs and at the end there really is no "best" one. Everytime I thought I figured it out there was some quirk or something that lead me to reconsider.

I note teh following;

- NordVPN - very popular. Seems to just "work" for most purposes. Can find good pricing with discounts online. Using this for Netflix USA is more difficult as a lot of the servers are blocked but it still work sometimes

- ExpressVPN - Another one recommended a lot. Not the fastest one but considered to be pretty fast

- Private Internet Access - I never got too deep in researching this one, but it comes up a lot, so I guess a lot of people use it.

- TorGuard - couple good things about this one, mainly you can get a USA streaming or residential IP for Netflix that theoretically should be harder to block.



As E EekTheKat mentioned above, best to keep your anonymity as much as possible when using VPNs. Some VPNs allow you to pay with crypto, or gift cards, to maintain privacy.
 
Last edited:

raduque

Member
My network is very simple. Arris Surfboard 6100, Asus RT66U router, TPLink Gbe switch. Everything (two desktops, 3 laptops, phones, tablets, streaming boxes) on wifi except my server, which is wired. When I move, my desktops will be wired, as well.

If I wanted to have my file/backup server do firewall stuff under Windows Server 2019, what's the best way to go about it? Can pihole run on Windows?
 

DGrayson

Mod Team and Bat Team
Staff Member
My network is very simple. Arris Surfboard 6100, Asus RT66U router, TPLink Gbe switch. Everything (two desktops, 3 laptops, phones, tablets, streaming boxes) on wifi except my server, which is wired. When I move, my desktops will be wired, as well.

If I wanted to have my file/backup server do firewall stuff under Windows Server 2019, what's the best way to go about it? Can pihole run on Windows?


Couldnt you run Pi-Hole direct on your Asus router? From a quick review it seems you can run it on your server but it should be run in a Virtual Machine
 

Winchester

Member
Another networking career guy here. Since I don't have 20 years doing it, I'm still fine screwing around with a more complicated home setup. I love tinkering and problem solving. Hopefully the network doesn't go down while I'm out otherwise my wife is going to be SOL :)

So Comcast internet using a Motorola Model MB7420. I used to just run that to my Asus RT-AC68P and use the Asus as my router/AP/VPN server. Wasn't a huge fan of the performance so picked up a Qotom i5 Mini PC and installed pfSense on that. That's now my firewall, router, DHCP/DNS/VPN server. My two RT-AC-68P's are just running in AP meshed mode at this point. I have a Dell PowerEdge R710 hooked into that running a bunch of VM's. Plex server, file server, and lab environment. That little guy is sitting in my furnace room lol. Would love to hang a L3 switch off of the Qotom so I can segregate my networks at home (regular 192 home network stuff, lab network, and one more network IF I decide to do any home smart devices).

Eventually want to splurge on Ubiquiti networking gear but I wouldn't do that unless my house was wired for Ethernet. I want to run their whole ecosystem.

Oh, and as far as VPN for internet surfing, I use Windscribe for that. Nabbed their lifetime deal when they first came on scene.
 

raduque

Member
Couldnt you run Pi-Hole direct on your Asus router? From a quick review it seems you can run it on your server but it should be run in a Virtual Machine
I have no idea if Pihole can run on my router, its kind of old.

If I virtualize a pihole install on my server, how badly will running all internet traffic through the vm slow it down?
 
I just wanted to add another recommendation for UniFi. I have a full setup at my house and it’s been working really well. I’ve had a few minor issues here and there, with beta firmware, but otherwise it’s been fantastic. Also, if you’re like me and have to manage your parents internet setups as well, the multi-site management makes it really easy to remotely diagnose or fix problems.
 

Caffeine

Member
mines poverty level, Linksys Dpc3008, with a tplink n450 i think replaced stock firmware with ddwrt, a roku and 2 computers on it majority of the time.
 
Last edited:

Maiden Voyage

Gold™ Member
I have a bit of a quandary. MacOS recently stopped support for PPTP & OpenVPN VPNs. My home router only allows these types. I really only need the VPN when I am traveling. I'm not interested in a 3rd party VPN if I can tunnel into my home network from the road.

Is there a free method to allow IPSec or IKEv2 on a windows machine?
 

rofif

Can’t Git Gud
I've got 600mbit connection now. So I've bought to link c7 v5 and it's a bit weird. 5ghz does speed and range is great. No complaints on smartphones or Ultrabook.
But wired to my gaming PC(x570,nvme, Intel lan) is weird. I get over 600mbit from speedtest. 300mbit from fast.com and 60mb/s from steam(so 500mbit).
But connected directly to isp modem I get full 70-75mb/s from steam and fast.com goes over 600mbit every time. So the router does slow something for. BTW... 2.4 disabled, duplex 1000, Nat enabled, qos disabled
Help?
 

MorgLaw

Neo Member
I have been having problems with my privacy and I tried a lot of VPNs, so I also had a lot of researches... I want to share the VPN i am using right now, which in my opinion is the best one between those I tried. https://veepn.com/vpn-apps/vpn-for-windows/ I found it better than others, very reliable, quick and it can guarantee the protection while surfing on the internet.
 
I have been having problems with my privacy and I tried a lot of VPNs, so I also had a lot of researches... I want to share the VPN i am using right now, which in my opinion is the best one between those I tried. https://veepn.com/vpn-apps/vpn-for-windows/ I found it better than others, very reliable, quick and it can guarantee the protection while surfing on the internet.
giphy.gif


That sounds like an ad. Although, I guess all of these posts are kind of like that.
 
Last edited:
Top Bottom