0

I want to route all traffic in my home network through a vpn. I currently have a sagemcom FAST 5364 router provided by my ISP. I also have two previous routers, which I don't use, from my ISP (Huawei hg633 router and an old D-Link router).

My initial thought was to flash firmware onto my router so that I can set up a VPN connection on my router, which none of them support. I've checked the dd-wrt and open-wrt websites if they support any of the three routers and they don't support.

My current internet speeds is 40Mbit/s down and 10Mbit/s up. I'm on a really tight budget, so I was thinking that I could get a supported cheap router that I can connect my LAN to. This router wouldn't need anything greater than 100mbps ethernet, wouldn't require wireless capabilities, and would only require minimal amount of ethernet ports.

All devices on my LAN will be connected to the Sagemcom router, since it's pretty decent with support for dual band wifi, wireless AC, and has 4 gigabit ethernet ports. This would mean fast data transfer between devices on the LAN. However if I wanted to access the internet, the sagemcom router would forward any requests to the cheap router. Are there any issues in this? Would anyone recommend any cheap routers that has support for dd-wrt or open-wrt.

I'm open for any alternatives. Also, I don't mind purchasing used hardware. Btw, I have a high end PC connected one meter to the router, so is it possible to route all traffic through there so it can handle the encryption and decryption process. Also have a spare raspberry pi 3B+ not being used in any project.

Edit: I haven't chosen a VPN provider yet.

Improve this question
5
  • Of course DD-WRT supports VPN. The problem would be finding the right DD-WRT version for the router.
    – harrymc
    Commented Feb 23, 2019 at 11:27
  • I looked on dd-wrt.com/support/router-database and none of the routers I own come up.
    – DavDaBomb21
    Commented Feb 23, 2019 at 11:31
  • Sorry, I misread your question. You will need a better router, but as device recommendations are not allowed on this site, asking that will only get this post closed. You may start looking for a router that comes with DD-WRT or other firmware that supports it out of the box. This article might be useful.
    – harrymc
    Commented Feb 23, 2019 at 11:45
  • Sorry if I was unclear, I'm also asking for alternative solutions to solve the issue, aside from getting a new router
    – DavDaBomb21
    Commented Feb 23, 2019 at 11:54
  • There are cheap devices which might do the job, see Amazon list (I don't know any of them).
    – harrymc
    Commented Feb 23, 2019 at 12:03

2 Answers 2

Reset to default
1

I'll explain the big picture of how this is done. Once you figure out a plan, you can refer to the numerous guides on the Internet that tell you how to configure the device that you choose to serve as your VPN router. This is for a bare minimum configuration where you don't have VLAN support and you don't have additional network switches and/or wireless access points to use. You'll be creating two LANs on the same wire using separate IP address ranges.

Find a computer that runs GNU/Linux, or a device with similar capabilities. You could even use Windows server or Windows with 3rd party software. If you want to install GNU/Linux on something, most anything should be fine for 50mbps total traffic. Whether you're trying to get the most out of old hardware, or you're tying to run a full speed 1000mbps connection through a VPN, it's hard to beat the efficiency of GNU/Linux. I did a test and a 1MB/sec (8Mb) download of random data consumed only about 20% of a Pentium III 1GHz CPU, using openvpn with compresssion and a static key. A second generation Pentium III (socket 370) uses only 25 to 30 Watts idle with the hard drive spun down. Second generation Pentium 4 Northwood (socket 478) computers are cheap and use about 35 to 45 Watts idle, and can give you at least 10MB/sec through openvpn. Avoid the 3rd generation Prescott Pentium 4 (anything with SSE3 or socket 775). They consume 90 Watts idle! Most everything newer has good idle power consumption. You can even use a laptop for this. You only need one Ethernet port. A Raspberry PI can be used for this, but all networking goes through a single USB2 port which can't quite handle a full duplex 100Mb NIC (200Mb total). Your setup will be close the limits for a Raspberry PI as it would be for the 1GHz Pentium III as well.

Configure you current router and your VPN server for static IP. You can use an address range like 192.168.5.0/24. Disable the DHCP server in your router. Connect your VPN server directly to the router. It is the only thing that will access the Internet through your current router from this point on.

Once Internet access through VPN is working on your new GNU/Linux router box, you can configure it as a home router, with packet forwarding and a DHCP server. Unless you have an unusual VPN that gives you multiple IP addresses to use, you'll want to enable NAT on your router. The DHCP server can be set to serve 192.168.1.0/24 or such with your new router set as the gateway. Your existing devices will continue to connect to your wireless router in the same way, and your wired connections can still plug in to the Ethernet switch ports in the back, but your new DHCP server will have taken over the network and replaced your existing home router with itself as the new default gateway for the LAN. Now everything goes though your new router box, and none of the other devices are even aware of the static IP connection between your old router and your new router. Technically they could be configured for static IP and bypass your new router box, connecting to the Internet in the same way that your new router does, but that wouldn't happen by accident.

Improve this answer
1
  • 40 Watts idle is expensive, that is like 70 dollars a year electricity at 0.2 per kWh. And old Pentium processors are far less efficient. I'd rather go for a new atom or celeron. But definitely not an ArmV7 (most raspberry pi's) as they do not have hardware encryption optimisation and openvpn is limited to 10 or 20 Mbits (not bytes). So instead of spending 70 dollars on the bills, better get an atom fanless mini pc based on Atom Z8350. ( I have the ACEPC T8 and it can handle quite some vpn, but no precisebenchmarks done)
    – Mehdi
    Commented Jun 27, 2019 at 11:15
0

It is definately possible for a router running dd-wrt to support 40 megabits of traffic however due to CPU requirements for encryption its unlikely a low end router will gave the performance. You really need at least a mid-range router (I use ASUS RT-AC 68U touters which are arround the US$135 mark). I imagine a gigabit router with AC wifi support is likely to have the kind of power you need. While you can kerp this behind your Sageman router, any router running dd-wrt and capable of handling 40 megabits of traffic negates the need (and gas disadvantages like double NAT or complex routing) for a second router unless its needed to, for example, convert dsl to ethernet.

Alternatively if you can scrounge an old x86 computer (preferably with a CPU that supports AES) and use 2 network cards and quite a lot of (Linux) setup this.might work - I had a first gen I3 that did not raise a sweat. You dint need to much in the way of RAM or disk - but be aware that over time it may be more expensive then a mid range because it draws more power.

Alternatively you can indeed set up one pc to do dusl duty as a vpn router - I think this is messy and complex, and requires that pc to be on all the tome - which likely eats electricity.

Another option might be to set up individual VPNs from each PC.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .