OpenVPN Open Beta

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
235 posts Page 3 of 24
by Guest » Fri Jul 24, 2015 10:02 pm
I just upgraded to FTTN, and when I realized it was actually going through AT&T, I was a little disappointed. But I loved the speed, so onto fixing the 'privacy problem'. :)

I finally got OpenVPN working on my tomato-based router - whew! Kind of a pain.

I noticed that my speed through the OpenVPN gateway is about 14Mbps / 1.71Mbps, but directly it's 22.8Mbps / 1.61Mbps.

Is that an expected speed loss? Thanks!
by Guest » Fri Jul 24, 2015 10:38 pm
Guest wrote:
I just upgraded to FTTN, and when I realized it was actually going through AT&T, I was a little disappointed. But I loved the speed, so onto fixing the 'privacy problem'. :)

I finally got OpenVPN working on my tomato-based router - whew! Kind of a pain.

I noticed that my speed through the OpenVPN gateway is about 14Mbps / 1.71Mbps, but directly it's 22.8Mbps / 1.61Mbps.

Is that an expected speed loss? Thanks!

There is a considerable range of performance based on what's posted so far. My guess performance also depends on the router on the customer end. I would not like losing that much bandwidth as you've shown and although it is easier to configure, I would prefer the performance of IPsec since the routers that are capable at least have some metrics to compare against.
by pmbell » Mon Jul 27, 2015 12:09 am
I was successful in getting one of my hardware clients to connect and pull in an IP address on the openvpn platform tonight, and - drawing circles around the bullet holes and calling them targets - because the main firewall still seems to have a problem finishing the connection out, I was able to make the following comparison:

Edgerouter LIte - Sonic openVPN concentrator

Netgate 2440 - commercial openVPN concentrator

Measurements made within 20 minutes of each other show the Netgate to be much better, getting 16 down / 5 up when heading for the Galt speedtest.net node, and comparable speedof.me benchmarks.

The ERLite got about 7-8 down, 2-5 up on the same benchmarks.

The main difference in the hardware is that the Netgate is using Intel NICs and an Atom chip, and the ERLite is using an ASIC chip called a Cavium that does a few things very well, and a range of other things acceptably.

My ultimate goal is to have the ERLite be a hardware client for my own network, connecting to the NG 2440 box when I'm on the road. If it can reach 8 meg down that's fine for me, because I will be limited by my Fusion upload bandwidth.

I didn't look in too much detail at cpu load on either system during my brief test, but in the past I've never seen the Netgate box act CPU limited. I am running a lot of processes in the background - IDS, RRD, ntop and firewalling in addition to openVPN.

I hope to get to a point fairly soon where I can do a head to head comparison of the Netgate gear and the ERLite on the Sonic gateway - but I suspect that the results will be similar with the netgate box beating the ERLite based in part on the Asus / Merlin data already posted.

I expect the 2440 may do even better with Sonic, as my commercial provider defaults to Blowfish rather than AES, meaning I am not getting the benefit of AES hardware acceleration wtih them.

Does anyone know much about the NICs on the Asus box, and in particular the driver support for crypto acceleration?
by elmatador » Mon Jul 27, 2015 12:11 pm
I guess I'm perplexed. I installed DD-WRT on my router a little while ago. Then went to the sonic openvpn link, downloaded my keys. Played around until it worked. I'm on the sonic network.

Did a speed test from speedtest.net and sonics speed test and I'm humming along at 35-40 Mbs. dslreports.com shows about 20 Mbs, where I used to get about 22 Mbs without openvpn.

I'm more inclined to think the dslreports speed test is correct and there must be a flash bug or inaccuricies.
by dane » Mon Jul 27, 2015 1:50 pm
The Edgerouter's Cavium chip does IPSEC in hardware, so we're working on an IPSEC VPN solution which will be more appropriate than OpenVPN for that equipment. FYI!
Dane Jasper
CEO
Sonic
by pmbell » Mon Jul 27, 2015 2:01 pm
dane wrote:
The Edgerouter's Cavium chip does IPSEC in hardware, so we're working on an IPSEC VPN solution which will be more appropriate than OpenVPN for that equipment. FYI!


That's great. the ERLite is so cheap that it'd be something you could distribute for customers who want the device and they shouldn't be as unhappy about paying for it and some maintenance as they would a lot of other platforms.

I'll be really interested to see how that winds up coming together - I happen to like what I can run on the Netgate hardware, but it is more costly than the ERL.
by rtrinh » Mon Jul 27, 2015 3:23 pm
elmatador wrote:
I guess I'm perplexed. I installed DD-WRT on my router a little while ago. Then went to the sonic openvpn link, downloaded my keys. Played around until it worked. I'm on the sonic network.

Did a speed test from speedtest.net and sonics speed test and I'm humming along at 35-40 Mbs. dslreports.com shows about 20 Mbs, where I used to get about 22 Mbs without openvpn.

I'm more inclined to think the dslreports speed test is correct and there must be a flash bug or inaccuricies.


By any chance you can share your DD-WRT settings and what router is it? My initial testing with DD-WRT on a WNDR3700v2 I got hit with a pretty large speed penalty so I am wondering iif it's a setting I may have overlooked or hardware.
by joss » Mon Jul 27, 2015 3:52 pm
Bear with me. This may be a longer ride than any of us wants to take.

I have been running a small server (super low traffic) on one of the PC's in my home office. But it is critical to my company that we have this server to test things on.

On Friday (24 July) I connected to the Sonic Open VPN beta by setting up the connection using my ASUS router as the client. As I noted in an earlier post, the connection slowed from 22Mbps to 14+ Mbps. But that was still five times my old speed so I didn't mind. I figured if I ever had to do a large download, I'd just turn off the VPN and let AT&T see me get an O/S or photoshop upgrade.

Fast forward to Sunday. One of my colleagues sent me a note asking if the aforementioned server was down. I checked it was not. And I could access it from my home machines via its external address. The address was a pseudo-static one, resolved by DYNDNS.ORG. She didn't see my answer, but tried again this morning with no success.

On a hunch, I turned off the VPN and she could connect. My assumption now is that once the VPN was running, it ignored all other incoming traffic to the router as not being part of the established tunnel. I needed to find a solution.

I have a second ASUS router that I bought to back up the original, it came with a complementary Ethernet switch. Using the switch, I added four ports to the AT&T modem. I plugged the PC running the server into the second router. Now I had two routers connected to the AT&T box, along with the VOIP phone. The two routers are on different sub-nets (192.168.2.xxx and 192.168.3.xxx). The '2' subnet was defined in the AT&T firewall as a 'pinhole' address. I changed that to the '3' subnet, since that is the router the server is on.

So, now the '2' subnet is connected to the internet through the Sonic beta VPN. And the '3' subnet is connected to the internet through the AT&T modem. The '2' subnet shows as having a WAN ID on my internal 192.168 network and the '3' subnet shows the AT&T dynamic IP.

I figure that any filtering I was trying to prevent AT&T from doing by putting my whole network in their bridged (pinhole) mode, is now handled by Sonic's VPN. And now the only traffic on the other sub-net ('3') is for that single server.

If you made it this far, just a few questions:
1) Was I correct in my assumption that once the VPN was turned on, the router would not allow any traffic that did not use the VPN tunnels? My original thought was that the router would take that unencrypted, incoming traffic and pass it on as is. Apparently not.
2) Why could I access the server through its external address, even though I had the VPN turned on? One of my friends posited that my router saw the IP address I was requesting, recognized the address as its own address and just kept the whole transaction internal.
3) Did I handle this the best way?
by Guest » Mon Jul 27, 2015 4:49 pm
rtrinh wrote:
elmatador wrote:
I guess I'm perplexed. I installed DD-WRT on my router a little while ago. Then went to the sonic openvpn link, downloaded my keys. Played around until it worked. I'm on the sonic network.

Did a speed test from speedtest.net and sonics speed test and I'm humming along at 35-40 Mbs. dslreports.com shows about 20 Mbs, where I used to get about 22 Mbs without openvpn.

I'm more inclined to think the dslreports speed test is correct and there must be a flash bug or inaccuricies.


By any chance you can share your DD-WRT settings and what router is it? My initial testing with DD-WRT on a WNDR3700v2 I got hit with a pretty large speed penalty so I am wondering iif it's a setting I may have overlooked or hardware.


I've got a costco netgear router. The AC1450, had to do a little research to get the appropriate dd-wrt files to flash it to.

Assuming you logged into the sonice beta vpn site and downloaded your credentials (should be in client.ovpn file). Open it with notepad to get your keys.

Here's my settings:
In dd-wrt-----
Go to services, then VPN then select "Start Openvpm Client" Enable.
Server IP/name: beta.vpn.sonic.net
Port: 1194
Tunnel Device: TUN
Tunnel Protocol: UDP
Encryption Cypher: AES-128 CBC
Hash Algorithm: SHA1
User Pass Authentication: Enable
Username: ***sonic user name***
password: ***sonic password***
Advance options: Enable
TLS Cipher: None
LZO Compression: Yes
Nat: Enable
Firewall Protection: Enable
Ip Address: (left blank)
Subnet MAsk: (left blank)
Tunnel MTU setting: 1500
Tunnel UDP Fragment:(left blank)
Tunnel UDP MSS-Fix: Disable
nsCertType verification: check


rtrinh posted this link earlier in this thread on page 1 to decipher your client.ovpn file:
https://www.expressvpn.com/tutorials/dd ... rs_openvpn

You'll need to fill out:
TLS Auth Key
CA Cert
Public Client Cert
Private Client Key

Leave the other blocks empty.

Select "Save" at the bottom.
Then select "Apply Settings".

Then you can go to the top tab and select "Status", then "OpenVpn".

The blocks below should be propagated with local and remote address.

Then if you want go to IPchicken and check your IP address.

Hope that helps.
by Guest » Mon Jul 27, 2015 4:59 pm
Guest wrote:
rtrinh wrote:
elmatador wrote:
I guess I'm perplexed. I installed DD-WRT on my router a little while ago. Then went to the sonic openvpn link, downloaded my keys. Played around until it worked. I'm on the sonic network.

Did a speed test from speedtest.net and sonics speed test and I'm humming along at 35-40 Mbs. dslreports.com shows about 20 Mbs, where I used to get about 22 Mbs without openvpn.

I'm more inclined to think the dslreports speed test is correct and there must be a flash bug or inaccuricies.


By any chance you can share your DD-WRT settings and what router is it? My initial testing with DD-WRT on a WNDR3700v2 I got hit with a pretty large speed penalty so I am wondering iif it's a setting I may have overlooked or hardware.


I wrote the above for anyone who hasn't installed openvpn yet.
235 posts Page 3 of 24

Who is online

In total there are 12 users online :: 0 registered, 0 hidden and 12 guests (based on users active over the past 5 minutes)
Most users ever online was 422 on Sat May 26, 2012 5:28 am

Users browsing this forum: No registered users and 12 guests