Need suggestions VPN and VLANS

Discussion in 'Networking, Telephony & Internet' started by phil_is_mrx, Jun 1, 2019.

  1. phil_is_mrx

    phil_is_mrx Member

    Joined:
    May 12, 2004
    Messages:
    304
    Location:
    Melbourne
    Hi Everyone,

    I've currently got NBN via HFC and I'm using a TP-Link VR600 v2 for the routing duties. I also have an account with Private Internet Access (PIA) for VPN duties.

    The VR600 is not capable of routing traffic through a VPN (no VPN client) and isn't flashable with any aftermarket firmware. It also has 2.4ghz and 5ghz WIFI, but I've found that the 5ghz band isn't very strong unless the connecting device is pretty close to the router (this isn't a big concern).

    What I would like to end up with is having 2 separate V/LANS each with its own WIFI SSID in the house where one of them has all traffic routed via PIA and the other one has it directly from the ISP.

    What is the cheapest/easiest option to get this done? What routers should I be looking at? Will dd-wrt, tomato or openwrt be able to do what I'm after? Can a router do this out of the box? If so, any suggestion on which router to get?

    Thanks.
     
  2. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,675
    Location:
    Canberra
    cheap, easy, good. Pick two.

    Do you own the house?
     
    Idafe007 and phil_is_mrx like this.
  3. OP
    OP
    phil_is_mrx

    phil_is_mrx Member

    Joined:
    May 12, 2004
    Messages:
    304
    Location:
    Melbourne
    Cheap (under $250) and easy. Preferably with a single device hanging off of the supplied NBN modem.

    Own the house but don't want to run any cabling if possible.

    Small house, 2.4ghz reaches all of it.
     
    Last edited: Jun 2, 2019
  4. money_killer

    money_killer Member

    Joined:
    Apr 10, 2010
    Messages:
    2,345
    Location:
    Sunshine Coast
    phil_is_mrx likes this.
  5. OP
    OP
    phil_is_mrx

    phil_is_mrx Member

    Joined:
    May 12, 2004
    Messages:
    304
    Location:
    Melbourne
    Thanks for that info. Unfortunately I've just signed up for another 2 years with PIA! It's good that expressvpn provide users with their own firmware. Wish PIA did that....

    Had a look through the expressvpn website, I do like how you can select which devices are routed through the VPN.

    What I'd like to do is create a separate VLAN with its own WIFI SSID (and ethernet port allocation if possible) and route everything through a VPN tunnel on the way out.

    Also there will be a 'normal' VLAN with its own WIFI SSID and that would have direct connection to the internet.
     
  6. Primüs

    Primüs Member

    Joined:
    Apr 1, 2003
    Messages:
    3,374
    Location:
    CFS
    Any model of Mikrotik with your required interfaces should do the trick:

    https://www.privateinternetaccess.com/helpdesk/guides/other-hardware/mikrotik/mikrotik-pptp-2

    hAP ac would be my suggestion - 2.4ghz and 5ghz, gigabit ethernet and can easily set up multiple ssid (on both bands) and have them route differently.

    Requires a decent amount of knowledge to set up the routing and specifics but very do-able (they are extremely flexible boxes once you learn them)
     
    phil_is_mrx likes this.
  7. StratosFear

    StratosFear Member

    Joined:
    Jun 27, 2001
    Messages:
    8,089
    Location:
    Melbourne, Australia
    Just keep in mind a lot of the cheaper routers flashed with DD-WRT will be capped at anywhere from 30 - 90mbps depending on the CPU they have when using openvpn. So if you' want the max 100mbps on your HFC connection you may struggle.

    Double check before you buy. For example my R7000 could only push 30-40mbps via openvpn.
     
    phil_is_mrx likes this.
  8. OP
    OP
    phil_is_mrx

    phil_is_mrx Member

    Joined:
    May 12, 2004
    Messages:
    304
    Location:
    Melbourne
    Thanks Primüs, seems a little beyond my abilities. Looked into it, RouterOS does seem highly configurable though.
    Thanks for that info. I've just bought a TP-Link Archer C9 that I'll put DD-WRT on.

    That speed cap that you mention is OK with me, cos I'm on a 50mbit plan.
     
  9. StratosFear

    StratosFear Member

    Joined:
    Jun 27, 2001
    Messages:
    8,089
    Location:
    Melbourne, Australia
    Awesome. The C9 uses a bit of an older CPU so you're more likely going to be hitting a cap of 30mbps max. But sounds like that might be okay for your needs.

    Let us know how you go.
     
    phil_is_mrx likes this.
  10. gdjacobs

    gdjacobs Member

    Joined:
    Apr 3, 2007
    Messages:
    1,511
    Location:
    MB, Canada
    I think a lot will depend on the cipher used, but it seems other users with that SoC in ASUS devices have achieved OpenVPN link speeds in the 40-50mbps range. Hopefully it delivers for you!
     
    phil_is_mrx likes this.
  11. OP
    OP
    phil_is_mrx

    phil_is_mrx Member

    Joined:
    May 12, 2004
    Messages:
    304
    Location:
    Melbourne
    Got it up and running. Managed 41 down and 18 up over wifi.

    So I'm pretty happy with that :)
     
  12. gdjacobs

    gdjacobs Member

    Joined:
    Apr 3, 2007
    Messages:
    1,511
    Location:
    MB, Canada
    Cool!
     
    phil_is_mrx likes this.
  13. Doc-of-FC

    Doc-of-FC Member

    Joined:
    Aug 30, 2001
    Messages:
    3,346
    Location:
    Canberra
    Pfsense on some spare hardware and use the existing WiFi as an access point only would have been the near $0 solution.
     
    phil_is_mrx likes this.
  14. OP
    OP
    phil_is_mrx

    phil_is_mrx Member

    Joined:
    May 12, 2004
    Messages:
    304
    Location:
    Melbourne
    Had a look into that, but it won't run properly on my raspberry pi which is quite under powered too.
     

Share This Page

Advertisement: