Associate
The windows client is an utter pile of pants, yet the IOS app works a treat. It's really weird, the support team are no help either.
*** VPN Thread ***
- Thread starter kPATm
- Start date
Man of Honour
Thanks for the heads up only using android and osx at the moment. Handy to know.
Can't say I'm a fan of the windows software but NordVPN on Android and via router has been great 6 months in. Cybersec and adblocking also works great with no additional battery drain noticed on Android
I've had US Netflix working and speed on newsgroups and other streaming has been fine.
I've had US Netflix working and speed on newsgroups and other streaming has been fine.
Last edited:
Soldato
I was with NordVPN, found them pretty poor. On my Virgin Media 200 Gamer, I was getting under 100 Mbps, vs 180 without it. They're also pretty expensive, unless you pay large amounts up front.
I've ended up going with PIA - excellent service, and get better speeds (and more importantly, a much more stable connection). I get more like 130 with them. What I did like with Nord though is the apps - they're really very good. The PIA ones work well, but they don't look as "nice".
I've ended up going with PIA - excellent service, and get better speeds (and more importantly, a much more stable connection). I get more like 130 with them. What I did like with Nord though is the apps - they're really very good. The PIA ones work well, but they don't look as "nice".
I get that weird 1MB/sec speed 'cap' on Windows too, but as you say not on macOS or Linux. Try making an IKEv2 profile, which is multi-threaded unlike openvpn (which only uses a single thread/core). If all else fails, use qBittorrent and set up the SOCKS5 proxy and enable Anonymous Mode and 'disable connections not supported by proxies'. The two settings are in two different tabs; Connection and Bittorrent. You may also wish to then change encryption from 'prefer' to 'force', so that your ISP can't see which Linux distro you're downloading. The occasional public tracker won't like it but it usually works, and you'll get WAY better speed (I hit 45MB/sec).
As for the VPN interface reporting it's negotiated at 100Mbps, it's just cosmetic. Windows expects interfaces to have negotiated speeds and needs to report a number. Since a VPN TAP adapter is actually a virtual interface it doesn't negotiate a physical link speed at all - so openvpn just reports 100Mbps to Windows to keep it happy (i.e. shut it up from shouting about errors that don't exist).
IPVanish use their own T1 network backbone, and are part of the Highwinds Media Group (think Newshosting, and a million other newsgroup suppliers). They're generally very good, and I have a free account via my Tweaknews subscription, but I prefer others for 24/7 use. They are fast though.
Nord are decent when you land on a 'good' server for you - it's a matter of trial and error. The servers can range from blazing fast (47 MB/sec on my line) to awfully slow. On the other hand, I have no complaints with vpn.ac 99% of the time. I have annual subs to PIA, vpn.ac, Nord, Tweaknews (IPVanish/Highwinds) and AirVPN. Some don't cost me anything (referrals added up over the years) so I may as well hang on to them. I run VPN.ac on my pfSense router/firewall (Kabylake Pentium G4560, 4GB DDR4):
As you can see, even at peak time on Virgin Media they don't slow me down much. The pfSense box runs at 7% CPU usage flat out with the VPN running (AES-128-GCM, as GCM uses less CPU than the more usual CBC). No complaints here! That said, a consumer off the shelf router will never be any good for openvpn, as their CPUs just aren't beefy enough. They rely on hardware offloading for NAT, routing, TCP, etc to be able to handle fast WAN speeds. If you ask them to do any actual work (eg encryption/decryption) they just shrivel up and die - and give you slow speeds as you found. Build or buy a proper router - I'm forever glad I did!
Our set-up’s have a striking similarity, but i’m stuck with FTTC, hence the current router choice
The problem with consumer grade routers is the lack of hardware FPU, software emulation of an FPU sucks, even on ARM and shoving your router on a VM isn’t my idea of fun, even with hardware pass through (host software/hardware failure kills everything).
Subscription wise we’re similar (PIA, Pure, Nord, Tiger) and like you, for various reasons I only pay for one of those at a reduced rate. Often the StackSocial offers for lifetime can be good value, just be careful about who you choose and exactly what is included - lifetime from an unknown provider is likely on a VPS or rented server and that has implications for privacy and they can disappear overnight. Also if you live in the UK, using a UK based VPN provider is not a good idea.
Rather than run encryption direct on a consumer router I advocate a different approach: Docker. Specifically the Binhex docker images (I prefer DelugeVPN, but he offers RTorrent as well), the use of IP Tables makes it unable to do DNS (so an unsupported provider needs IP addresses and not host names), it can’t fail over to an unencrypted connection and includes Privoxy which means any device that supports a proxy can be pointed at the container and will benefit from an encrypted connection without the local encryption overhead.
Our set-up’s have a striking similarity, but i’m stuck with FTTC, hence the current router choice
The problem with consumer grade routers is the lack of hardware FPU, software emulation of an FPU sucks, even on ARM and shoving your router on a VM isn’t my idea of fun, even with hardware pass through (host software/hardware failure kills everything).
Subscription wise we’re similar (PIA, Pure, Nord, Tiger) and like you, for various reasons I only pay for one of those at a reduced rate. Often the StackSocial offers for lifetime can be good value, just be careful about who you choose and exactly what is included - lifetime from an unknown provider is likely on a VPS or rented server and that has implications for privacy and they can disappear overnight. Also if you live in the UK, using a UK based VPN provider is not a good idea.
Rather than run encryption direct on a consumer router I advocate a different approach: Docker. Specifically the Binhex docker images (I prefer DelugeVPN, but he offers RTorrent as well), the use of IP Tables makes it unable to do DNS (so an unsupported provider needs IP addresses and not host names), it can’t fail over to an unencrypted connection and includes Privoxy which means any device that supports a proxy can be pointed at the container and will benefit from an encrypted connection without the local encryption overhead.
You have excellent taste in routers!
I agree about avoiding same-country providers, especially in 5/6/9/14 Eyes countries. I have taken to running multiple hops with multiple jurisdictions; Romania on the router and Panama as a HTTP/SOCKS5 proxy on local machines. The real-time impact is imperceptible but it's an extra layer of anonymity - and bureaucratic tape - to break through. Anything sensitive is further obfuscated with XOR and/or HTTPS/TLS, all my local servers run verified SSL certs and my DNS is multiple-redundant with DNSSEC, and DoH or DoT. People said we were paranoid until Snowden, then six months after that they all forgot about it and went back to sleep. I don't get up to much of anything I shouldn't (downloading Linux aside), but damned if I want comms companies I'm paying money to keeping year-long (or more) records of every website visit, every message, every call, every click. Signal has its uses! Now VM and my mobile provider can generate all the logs they want, but they'll be pretty useless if they're ever manually reviewed. 
Encrypt all the things! TMThe binhex images look interesting; I'll have a little play with those this afternoon. I've been spending more time in BSD than Linux lately, but that's the beauty of Docker!
For the lulz, I've been toying with the idea of setting up an OcUK members' VPN with IKEv2, DNSSEC + DoT, SOCKS5/HTTP proxy/etc with all logs aimed at /dev/null.
Soldato
Im currently running a Asus n66u router which is nowhere near as powerful enough to run my nordvpn for all my devices.
I was thinking of getting an Mikrotik RB750Gr3 just to run the vpn on.
Is this possible?, can i connect the mikrotik to the asus and just run the vpn through the mikrotik?.
I was thinking of getting an Mikrotik RB750Gr3 just to run the vpn on.
Is this possible?, can i connect the mikrotik to the asus and just run the vpn through the mikrotik?.
Yes. However you would likely be better off replacing the ASUS with the Mikrotik and adding an AP and modem. One is a modern router with ongoing support and a proven history for timely security fixes, fast VPN support and a feature set that is superb for the money, the other is made by a company that has a horrible history for security and product abandonments/having to pay large fines and agree to additional auditing in the US and still continues to be plagued with issues.
Soldato
Thanks.for the update.
My virgin media router is setup in modem only mode so.i take it I will just need a wireless ap point? Do you recommend one to connect to the mikrotik?
Not to step on Avalon's toes, but since he hasn't replied in a little while... You won't go far wrong with most prosumer or small business type APs. I use one of the most oft-recommended ones, the Ubiquiti UAC AP Pro. The Lite or LR (long range) will be a little cheaper for not much loss of functionality. Budget around 100 and you're in the right ballpark. A little more for Pro, a little less for Lite.
Soldato
I nearly pressed the buy button but think it may be beyond me to set it up as I need port forwarding for various systems I run, I also require ddns.
Looking online it looks quite complicated to achieve this
Also it looks like these wont work with nordvpn so a none starter for me.
Looking online it looks quite complicated to achieve this
Also it looks like these wont work with nordvpn so a none starter for me.
Last edited:
Don’t worry about my toes @Rainmaker - good advice and another view point are are rarely a bad thing.
@ScoobyDoo For an AP avoid the square Unifi AP’s (the chipset launched before the AC standard was ratified and support has regularly been problematic), they’re going cheap on eBay as they’re being EoL’d shortly (a first from Ubiquiti as my original Unifi AP’s are still supported and way older). Prices start from £60ish new for an AC lite or the Mikrotik equivalent, AP wise this is where i’d be looking.
Router wise what isn’t compatible with nord? The learning curve on Mikrotik is a little steep, but it’s not that bad once you get used to it, and it’s not like you need to set it up more than once. Why not have a look at some of the YouTube video’s that show you what’s involved? The Unifi AP’s are a doddle though.
@ScoobyDoo For an AP avoid the square Unifi AP’s (the chipset launched before the AC standard was ratified and support has regularly been problematic), they’re going cheap on eBay as they’re being EoL’d shortly (a first from Ubiquiti as my original Unifi AP’s are still supported and way older). Prices start from £60ish new for an AC lite or the Mikrotik equivalent, AP wise this is where i’d be looking.
Router wise what isn’t compatible with nord? The learning curve on Mikrotik is a little steep, but it’s not that bad once you get used to it, and it’s not like you need to set it up more than once. Why not have a look at some of the YouTube video’s that show you what’s involved? The Unifi AP’s are a doddle though.
Caporegime
Can’t even access nordvpn website at the moment :/.
Man of Honour
Working fine just here...
@maj try this one - it's their 3 year deal. Works out v. cheap per month. As a few of us have said, worth going through topcashback as they offer 60% cashback. https://nordvpn.com/order/?coupon=3ydeal
@maj try this one - it's their 3 year deal. Works out v. cheap per month. As a few of us have said, worth going through topcashback as they offer 60% cashback. https://nordvpn.com/order/?coupon=3ydeal
Caporegime
- Joined
- 30 Jul 2013
- Posts
- 28,886
Is there a secure free VPN that I can use for an hour?
I'm abroad and want to book IMAX tickets but the stupid Cineworld website/app doesn't work unless you are in the UK, so I need to spoof my location. I found free one using Google search but wouldn't be happy carrying out a financial transaction with it.
I'm abroad and want to book IMAX tickets but the stupid Cineworld website/app doesn't work unless you are in the UK, so I need to spoof my location. I found free one using Google search but wouldn't be happy carrying out a financial transaction with it.
Soldato
Just use Paypal?