bigdogchris
Fully [H]
- Joined
- Feb 19, 2008
- Messages
- 18,707
How can these providers charge so little for bandwidth?
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
So all you have to do is split tunnel your traffic. This means that ddns traffic should go out locally. In general, all low ports can go out the VPN for your web traffic and dynamic or higher ports can out locally (I.e. gaming)I built an over the top pfsense router this week and am now using PIA on it. Thoughts so far:
Dynamic DNS seems to be impossible. I'm going to need to find a way to not run some ports through the VPN.... if that's even possible...... ? :/
The Android app is shit. It slaughters my battery. At least at the house I've been working at all week with poor cell reception. It occasionally won't connect and brings down my connection to cellular data. It crashes. It makes my phone crash. The slider to disconnect only works about 10% of the time. Maybe less. Junk.
Using a VPN is something I should have done years ago. I feel like an idiot for not doing this sooner.
So all you have to do is split tunnel your traffic. This means that ddns traffic should go out locally. In general, all low ports can go out the VPN for your web traffic and dynamic or higher ports can out locally (I.e. gaming)
Edit: smart TV can probably go local too.
[2.3.1-RELEASE][[email protected]]/root: openssl speed -elapsed -evp aes-128-ecb
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-ecb for 3s on 16 size blocks: 23413097 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 64 size blocks: 18438085 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 256 size blocks: 7473361 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 1024 size blocks: 2115520 aes-128-ecb's in 3.01s
Doing aes-128-ecb for 3s on 8192 size blocks: 279464 aes-128-ecb's in 3.00s
OpenSSL 1.0.1s-freebsd 1 Mar 2016
built on: date not available
options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-ecb 124869.85k 393345.81k 637726.81k 720221.92k 763123.03k
[2.3.3-RELEASE][[email protected]]/var/log: openssl speed -elapsed -evp aes-128-ecb
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-ecb for 3s on 16 size blocks: 242729953 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 64 size blocks: 207367303 aes-128-ecb's in 3.01s
Doing aes-128-ecb for 3s on 256 size blocks: 69510589 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 1024 size blocks: 17831161 aes-128-ecb's in 3.00s
Doing aes-128-ecb for 3s on 8192 size blocks: 2219499 aes-128-ecb's in 3.00s
OpenSSL 1.0.1s-freebsd 1 Mar 2016
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-ecb 1294559.75k 4412345.31k 5931570.26k 6086369.62k 6060711.94k
I built an over the top pfsense router this week and am now using PIA on it. Thoughts so far:
Dynamic DNS seems to be impossible. I'm going to need to find a way to not run some ports through the VPN.... if that's even possible...... ? :/
The Android app is shit. It slaughters my battery. At least at the house I've been working at all week with poor cell reception. It occasionally won't connect and brings down my connection to cellular data. It crashes. It makes my phone crash. The slider to disconnect only works about 10% of the time. Maybe less. Junk.
Using a VPN is something I should have done years ago. I feel like an idiot for not doing this sooner.
An update:
I went ahead and built a new router for pfSense + OpenVPN use with the following hardware:
- Intel Core i3-7100 ($119.96 w. Prime)
- ASRock H270M-ITX/ac Mini-ITX motherboard with dual Intel NIC's ($96.98)
- Crucial 8GB (2x4GB) DDR4-2133 kit ($55.49 w. Prime)
- BiWin 60GB M.2 Sata SSD ($40.98)
- PicoPSU-80 + 60W Adapter Power Kit ($35)
- M350 Universal Mini-ITX enclosure ($39.95)
- Molex to P4 power adapter ($4.95)
And that's it. Total: 393.31 (less for me, since I already had a few of the parts left over from other projects.
The CPU comes with a cooler. Before you assemble everything, it looks like it won't fit in the M350 enclosure, but it does (just barely), as long as you don't use the 2.5" drive brackets. (use an M2, USB drive or SATA DOM)
I also pulled out the mini-Wlan card (you loosen two screws on the bottom of the board and it comes right out). I wasn't using it, and I figured I'd rather not have it wasting power. Also disabled everything in BIOS I wasnt planning on using, and enabled all power saving states, except suspend to RAM, as the router needs to be operating 24/7.
When I tested with Ubuntu 16.10, I got a 7.1W idle power usage at the wall using my Kill-A-Watt. That went down to 6.2W when I killed the desktop. Load testing with mprime (Linux version of prime95) maxed out at 46W at the wall, at 3.9Ghz 2C4T.
After installing pfSense my idle power went up to 8W. Possibly due to setting power settings to "hidaptive" or mayube because FreeBSD 10.3 (which current pfSense is based on) isn't as good at power management as Ubuntu 16.10.
I used a fan profile on the board. The CPU puts out so little power that it seems to stay at the coolers minimum fan speed most of the time. Granted it is pretty cold in my basement right now. (Warmer temps will result in higher fan speeds which will drive up power consumption noticeably. At this low power use the fans use a surprisingly large percentage of the power)
I had a PCEngines APU2C4 before (4 core AMD Jaguar at 1Ghz). It's a low power design intended to sip power, but idle power usage isn't much lower than the Kaby Lake i3 above, at ~7W.
I had some troubles installing pfSense at first, turns out it doesn't like the USB3 ports. Will install fine from a USB2 port.
Here are some comparative openSSL numbers,
First the PcEngines APU2C4:
Code:[2.3.1-RELEASE][[email protected]]/root: openssl speed -elapsed -evp aes-128-ecb You have chosen to measure elapsed time instead of user CPU time. Doing aes-128-ecb for 3s on 16 size blocks: 23413097 aes-128-ecb's in 3.00s Doing aes-128-ecb for 3s on 64 size blocks: 18438085 aes-128-ecb's in 3.00s Doing aes-128-ecb for 3s on 256 size blocks: 7473361 aes-128-ecb's in 3.00s Doing aes-128-ecb for 3s on 1024 size blocks: 2115520 aes-128-ecb's in 3.01s Doing aes-128-ecb for 3s on 8192 size blocks: 279464 aes-128-ecb's in 3.00s OpenSSL 1.0.1s-freebsd 1 Mar 2016 built on: date not available options:bn(64,64) rc4(8x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-ecb 124869.85k 393345.81k 637726.81k 720221.92k 763123.03k
Now the i3-7100:
Code:[2.3.3-RELEASE][[email protected]]/var/log: openssl speed -elapsed -evp aes-128-ecb You have chosen to measure elapsed time instead of user CPU time. Doing aes-128-ecb for 3s on 16 size blocks: 242729953 aes-128-ecb's in 3.00s Doing aes-128-ecb for 3s on 64 size blocks: 207367303 aes-128-ecb's in 3.01s Doing aes-128-ecb for 3s on 256 size blocks: 69510589 aes-128-ecb's in 3.00s Doing aes-128-ecb for 3s on 1024 size blocks: 17831161 aes-128-ecb's in 3.00s Doing aes-128-ecb for 3s on 8192 size blocks: 2219499 aes-128-ecb's in 3.00s OpenSSL 1.0.1s-freebsd 1 Mar 2016 built on: date not available options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-ecb 1294559.75k 4412345.31k 5931570.26k 6086369.62k 6060711.94k
Looks like an average of about an order of magnitude improvement across the board.
I signed up for a PIA account, and tried to set it up in OpenVPN, but it won't quite work.
Despite following th eofficial guide for pfSense on PIA's site, I'm having some odd password authentication issue causing the OpenVPN service to have a fatal error and shut down.
I'm currently running with the desktop client instead, and it's quite nice. I'm maxing out my connection right now.
I have a 150/150 connection, but my traffic shaping rules prevent any one connection from using all th ebandwidth, so I usually bench in the 130's each way. This hasn't changed when connected to PIA. Pings seem excellent too...
Now I just need to get it to work in pfSense.
How can these providers charge so little for bandwidth?
Majority of user likely don't use a ton of bandwidth, sheer volume of users to cover all costs.
when you guys use a VPN or when its enabled are you logging out of accounts that were currently logged on when your VPNS werent running?(google, youtube, etc)
mdaniel
Thanks for all this info. I am getting more into networking, being that I have a very small datacenter of my own now. On my home setup I have been trying to improve security and such. I realized that when using windows or mac osx, I can still get leaks at ip leaks using tools found here - http://vpnpick.com/check-ip-downloading-torrents/ - and I was also able to detect ipv6 level leaks by doing pings to 8.8.8.8 on short intervals. I only tested a handful of monthly subs but still it shocked me. Sometimes it leaks when the connection drops and after reconnection it remains unsecured. PIA only seemed to have the problem if the connection dropped (interrupted by me in the testing cases)
If I go the tedious route of a pfsense router for example, and add some of those layers, will this improve leaks that I found even when using PIA?
Update:
If anyone has advice on how to get both the OpenVPN server running along with the PIA client, I'd open to suggestions. Not much from googling about running such a system that I've found.
How did you end up solving this, I have the exact same issue with PIA.
Why would you run both at the same time? Are you trying to connect to PIA and then connect to your home OpenVPN server from PIA's IP addresses? I guess I'm having a hard time understanding the use-case.
Not exactly. I want to connect my home network to PIA 24-7, then use OpenVPN server to connect various other outside devices to my home network, utilizing my ISP WAN IP.
You will need to use your home router/firewall for this. Create rules based on destination or source and it should work.
It's also because of some questionable business practices. Care to say why you thing That One Privacy Site is questionable?
sorry, I just saw this and I don't remember the exact steps at this point since I resolved it a while ago. This post from the pfSense forums contains mys settings that ended up working: https://forum.pfsense.org/index.php?topic=129528.msg713736#msg713736. I hope it helps, as it's all the NAT or Firewall rules that is where the solution is with setting the correct interface to the correct setting.How did you end up solving this, I have the exact same issue with PIA.
So,
All the current news about the Senate and the FCC reversing its position on privacy, and allowing ISP's to sell user data without user permission, has renewed my long standing interest in VPN's, but it is a confusing topic, and I'd love some input from those of you who know more about it.
My desire would be to set up a VPN service connected to my pfSense router such that all local clients automatically benefit from the service, but several key questions still remain:
1.) What services are recommended? PureVPN seems to get the best reviews for speed, but the fact that they are a Hong Kong company falling under the jurisdiction of China has me a bit concerned. Protections for privacy and personal data are even worse there than they are here.
2.) How much can I expect these services to impact my bandwidth and latencies? If I go the router route, are there ways to bypass the VPN for specific tasks - like gaming - where latency is key, but no sensitive personal data is being transferred? How might I set this up? Can I use firewall/NAT rules to tell OpenVPN to ignore traffic on certain ports and just pass it through?
3.) I currently run pfSense. I know it is OpenVPN compatible, and can take advantage of AES-NI, but I also know it has a very weak CPU, and I'd almost certainly need to upgrade in order to max out my bandwidth over VPN. Are there any thoughts as to what it would take - CPU wise - to be able to max out 150Mbit up and down at the same time?
4.) I currently use NO-IP for dynamic DNS purposes in order to reach my server when I am out of the house. It is fairly cheap. Will this still work through a VPN? If not, is it better to just purchase an additional dedicated static IP through the VPN service?
I appreciate any light anyone with more knowledge on this subject than I have can shed on it.
A
As far as PureVPN is concerned, they recently shared their user's log with FBI. So, getting that out of the equation, I would recommend you go through these super fast VPNs that I think would fulfil the requirements of every VPN user out there.