VPN / DNS woes !!!

[piggzy]

Not bothered with a VPN for about 6 months through being a lazy cunt.

Anyway got myself an ASUS wrt router and tried over the last week a few VPN's with much grief.
The ones that work are shit and the ones that are not shit work as in they connect and are fast but DNS only resolves a handful of sites. e.g. Google and other big wigs but everything else is fucked. ?!?!?

Tried PIA, they are the shittest CS I have come across ... Tried Cactus worked fine but slow as shit. Bunch of others. Now trying AirVPN... fast but DNS fucked.

Router is DSL-AC68U.... Should have gone for the RT-AC68U but too late now grrrrrrrr

It does support VPN's out of the box though so struggling to see what I am fucking up tbh.

I know this is gonna be a noob error.

Advice appreciated.

[evilsatan]

Can't say I've had any problems with PIA, good support on the forums too. What issue did you have with them? I can test any URL from here for you.

[DavidF]

Im with SmartDNS and chose netherlands as my country of choice. Very decent speed. No real problems. You can set it up at router level or device level. I know its late to mention now but shareware do have it free for 6 months from time to time (Not on at the moment) but it is very good and even paid $50 for 2 years. they do a 14 day free trial at the moment so why not give them a go ?

[piggzy]

Can't say I've had any problems with PIA, good support on the forums too. What issue did you have with them? I can test any URL from here for you.

As above... connected fine but DNS wouldnt resolve about half the internet.

Edit: Also really shit speeds. Normal speed without VPN is easy the full 80/20. With most VPN tried I got 50. With PIA I got 20 max.

Must admit I maybe should have tried a bit longer but got frustrated and binned em off a bit too quickly .. Still got the account though for another 30 days so could switch back if you think I should .

Thanks

[JonEp]

Sorry to hijack the this thread with a general VPN question but aside from obtaining a desired country IP address which I know is useful for streaming what is the advantage of funnelling all your traffic through a single unknown data centre overseas for it to spew over the internet . If its for serious nefarious purposes the investigating authorities can always follow the trial back to the provider and have them cough the subscriber data. I just don't get it, a VPN for me has always been a secure tunnel through the internet to another secure environment ie home or work.

The way VPN's are marketed now reminds me of a perfect unregulated choke point in which to snoop on traffic exactly like the fibre that leaves Cornwall.

[evilsatan]

Have you tried different country servers?

Jon - PIA supposedly keep no logs, not sure I believe that or if it is the case I imagine various authorities have access to some of these servers etc but it's a level of protection and with the new snoopers bill should protect data being collected unless individually targeted. For me it's about improving privacy and helping access geo locked content, not to completely mask what I do online as its nothing exciting.

[DavidF]

Same as evilstan I use it to access geoblocked and blocked sites. Also smartdns say they don't keep logs.....but again im sure that doesn't really matter....I read snowdon's book lol I now know that our own security services just about cache the internet (An exaggeration but you get the drift lol). they splice into the undersea fibre optic cables and route the traffic through "their" servers before it goes back on its journey lol...so not much point if you are very naughty and likely to be subject to an individual surveillance. Again im sure really naughty people use other things like virtual machines behind anonymous proxies routed here there and everywhere. Not that I know too much about such things.....Because I am not naughty lol.

[piggzy]

Yes have tried multiple countries. If I use the Windows 10 / OpenVPS setup it works perfectly and fast too. If I try setup on the router it works as in it connects but apart from google and other big name sites DNS fails on at least 75% of the internet requests.

I have the option to disable auto DNS in the router and could then add a DNS 1 & 2 entry but can't seems to find a definitive answer if this is what I should do and what servers to add.
Will try browsing the PIA forums again when I get chance.

[piggzy]

Solved it. AFIAK when you use OpenVPN connections I always thought it included the DNS info in there as others have worked out of the box.
I changed my WAN settings to not auto connect to DNS server and manually set them to PIA's DNS servers and it now works. Although I have done the same thing to get AirVPN working and am getting better speeds with them.

Thanks for tips.

From what I read and I have tested to be true when you use the windows/linux apps to connect you get much better speeds and I can confirm this. Router direct and speeds drop a LOT. They are deffo throttling router direct connections as I suppose to be fair you could have 20 devices connected at the other end.

[Over Carl]

I could be totally wrong, but my suspicion is that the bottleneck you have found is actually your router.

In order to use a VPN tunnel, your router needs to encrypt everything being sent, and decrypt everything being received.

I remember testing some Draytek devices years ago that said they had a hardware VPN cryptographic accelerator so were supposed to be able of handling 90Mb IPSEC VPN throughput. With real life packet sizes I found it was more like 10Mb (both measurements megabits per second). Things is most routers have fairly puny CPU's in comparison to a proper PC. Even those with crypto accelerators often will have a much lower VPN throughput than a router using a P4 PC.

[Over Carl]

Sorry to hijack the this thread with a general VPN question but aside from obtaining a desired country IP address which I know is useful for streaming what is the advantage of funnelling all your traffic through a single unknown data centre overseas for it to spew over the internet . If its for serious nefarious purposes the investigating authorities can always follow the trial back to the provider and have them cough the subscriber data. I just don't get it, a VPN for me has always been a secure tunnel through the internet to another secure environment ie home or work.

The way VPN's are marketed now reminds me of a perfect unregulated choke point in which to snoop on traffic exactly like the fibre that leaves Cornwall.

Even if you were using a browising an HTTPS/SSL website over a VPN tunnel, I wouldn't be surprised if it would be a trivial exercise for the likes of GCHQ to decrypt this info.

We only have to look back to WW2 to see examples of the allied forces being able to crack enigma, but in many incidents failing to act on the information they cracked for fear that the Axis powers would realise Enigma had been cracked which would deprive the allied forces further intelligence.

If I was paranoid or had a need to secure my transmissions from a government type agency, I would probably get laptops, mobile internet dongles and SIM's purchased using multiple middle men, then set a few up in very random places, then setup VPN between a few with a system to ensure there is continual traffic in both directions over the VPNs even if nothing is actually really being sent, so it wouldn't be easy to figure out which node I am actually using and where I am .

[piggzy]

I could be totally wrong, but my suspicion is that the bottleneck you have found is actually your router.

Not router. Getting 20MB ish from the ones mentioned.. I could get 50MB from others but they didnt support netflix and other sites etc so binned em off.
My router is capable of way more than 20MB

[evilsatan]

I was thinking router too for the same reasons as OC. Have you seen this?
https://www.privateinternetaccess.co...n-asus-rt-ac68

[Mobius]

My understanding was that the CPU chipsets used in most consumer routers lack the floating point grunt to do the heavy lifting required for VPN never mind full hw acceleration. When I last played played I tried to use the selective routing in advancedTomato to only send selective domains/devices over the VPN and keep less contentious traffic going out in the clear at full pelt.

[piggzy]

Some settings tweaked and now get 33MB

Which do people find gives better speeds. My understanding is via OpenVPN or is that wrong e.g. L2TP, PPTP are faster/slower etc

[Over Carl]

I never messed with OpenVPN as commercial kit always seemed to support PPTP and IPSEC but support for OpenVPN was scarce. PPTP seemed to show quite decent throughput in comparison to IPSEC. However PPTP for VPN is considered obsolete by the security experts who say it is trivial to crack. IPSEC is (or at least was when I was in the game) the industry standard best practise, but even then I remember there were different types of encryption which would increase/decrease throughout and security.

[piggzy]

I never messed with OpenVPN as commercial kit always seemed to support PPTP and IPSEC but support for OpenVPN was scarce. PPTP seemed to show quite decent throughput in comparison to IPSEC. However PPTP for VPN is considered obsolete by the security experts who say it is trivial to crack. IPSEC is (or at least was when I was in the game) the industry standard best practise, but even then I remember there were different types of encryption which would increase/decrease throughout and security.

Yes have just read a few articles claiming as you say that PPTP & L2TP are both insecure. Also from looking around a few VPN's now refusing to connect to client other than through OpenVPN as they say it is the only secure method. Not sure how true it is but AirVPN one of the ones I am trying out are OpenVPN only and that is the reason they give. Interesting.

Edit: Now there is even 'Chameleon' which of course is the new most secure method ;-)

Although interestingly it claims to use methods which make it undetectable as VPN traffic so they say cannot be blocked or restricted by anyone!! Hmmmmmmm

[evilsatan]

Chameleon sounds interesting, not come across that but OpenVPN is the one to use according to my limited research.

[Rick Sanchez]

My Netgear R7000 arrived today. All setup. Currently my internet has dropped from:

No VPN: 216.19 /11.79mbps
London VPN: 22.55 / 11.58mbps
NL VPN: 16.84 / 11.43mbps

I can't access my home server either atm

[Over Carl]

I can't access my home server either atm

I have a funny feeling I may have an idea of what this problem may be.

Let's say your home lan is 192.168.0.0/24 and for example your server is 192.168.0.254

And for example lets say your home WAN IP is 123.456.789.012 and you have forwarded port 80 on router to your server, and you have also created a domain name called hilljd00test.co.uk and you have setup DNS record(s) pointing to 123.456.789.012 address.

I'm guessing you can still access your website on your LAN if you try and go to http://192.168.0.254, but if you try and access http://123.456.789.012 or http://hilljd00test.co.uk you get nothing. However if you use a device outside your LAN (e.g. mobile phone using mobile internet rather than your Wi-Fi), you can browse your site fine using http://123.456.789.012 or http://hilljd00test.co.uk.

If this is the case, your issue is loopback NAT (also known as hairpin NAT). If you can find an option for this, enable and try again. If your router doesn't support it, then next option would be creating entries in hosts files for devices on your LAN to point to the internal IP rather than external for your server(s) - bodge but simple and should work, but means each new device needs to be tweaked. The more proper option is to setup your own DNS server using split DNS so it resolves normally, but for devices inside your LAN it will resolve an internal address instead of an public IP address.

If it's not what I mentioned above, only remaining options I can think of in order of likelihood - new router not quite fully set up right, new router doesn't work right, ISP decided to start blocking shit at the same time as your experiment (happened to me more than once), bizarre random incompatibility.