I’m following Nord’s guide on installing a VPN on your local router to allow a network wide VPN protection without needing clients on devices. However, as opposed to the desktop client, the router’s speed seems to be capped at roughly 60-100Mbps, whereas a native client gets 200-300Mbps, and the internet subscription has a 400Mbps download limit.
It might be due to the protocol type being OpenVPN, and I know that there is always some overhead when sending your traffic out to the great beyond before accessing the net, but it shouldn’t be this much. For what it’s worth, I’ve got a Unifi UDM, using the Unifi software suite. Are there any things I could look out for that might cause this?
For the last few days, the European servers seem to be doing an imitation of a tortoise. I’m half wondering if Nord, is under a DDOS, has a BGP problem or if they’ve done a special offer and gotten too many customers.
Yep, it was too much for the CPU to handle, checked it under load. Sadly, the Unifi software does not permit any VPN protocol other than OpenVPN, and WireGuard is only possible for remote connections into the network.
I checked it out, downloading a Steam game while forcing my desktop on a router-level VPN connection. Indeed, CPU usage spiked from ~20% up to 80 or 90%. Unfortunately, neither Nord nor Unifi supports any router-level VPN protocol other than OpenVPN as of right now.
I suppose the best way to go about it is to simply keep a VPN client on my mobile devices (laptop and phone) and have no VPN on my home network, instead strengthening the router’s security policies.
Best way might be to run the vpn on your devices themself’s as in your phone, pc, TV Laptops and more.
Even most mid range phones and even low spec desktops and laptops will be way faster than pretty expensive routers at encryption specially if you consider they can use wireguard.
Obviously TVs also will be slower due to the same problems ( my TV can do. Max 76 mbit on wireguard on a 250mbit connection due to cpu)
Hey, your submission was automatically removed because your account does not meet our karma standards. Accounts must have a minimum of 100 combined karma to post in this subreddit. This rule is meant to improve the quality of posts being submitted while mitigating abuse from troll accounts.
I maintain the VPN client exclusively for IoT devices to isolate them from the rest of the network. However, for my use-cases, having everything either on or off a VPN is better. For example, if my desktop is on a VPN, it can’t find the local printer or a phone on the same network.
As you can guess, the original idea was to encapsulate it all within a VPN to keep the encryption to the outside, but have complete freedom within the network.
Most vpn offer a “discover lan” ( or similar named setting like local network, visible local or different names) setting which makes it entirely possible for you to still utilize your LAN network even while the devices themselves have a vpn on.
But honestly if you want to use the router you need simply a stronger one maybe ones made for vpn use like a gl. Inet Router and make sure to buy one that can deliver the speeds you want.
Aha, that did the trick. However, this doesn’t seem to work on my phone in the Nord app. The option is there, but it’s grayed out
Update: It works when you disable killswitch. This setting does co-exist on desktop devices, but on Android it doesn’t seem to allow both local discovery and a kill switch. That’s pretty much all I need, and I’ll continue to use the router level VPN for devices that can’t have a VPN client.
