Whole Home VPN

[Stephen]

I know there are a few of you out there that are nerds like me, so I figured I'd share my latest tech setup.
I've run a VPN on my download box for a few years, but I've really wanted to set up a whole home VPN for awhile. After doing a fair amount of research on routers, I decided to get a Linksys WRT 3200ACM router. My plan was to flash it with DD-WRT firmware and load ExpressVPN on it.
Well, DD-WRT loaded just fine and I was able to upload the .ovpn files no problem but then it wouldn't connect to the internet at all. After several hours scouring the DD-WRT support forums and finding this to be a common issue, I hopped on the Linksys forums and found that the OpenVPN options in the Linksys firmware allows you to install ExpressVPN directly without having to reflash the the firmware. It was stupid easy and took all of about 10 minutes to set up. So while DD-WRT allows a ton of granular management, that wasn't really my goal and the default firmware with ExpressVPN installed gives me all the control I need.
Next thing to do is set up a PiHole. I've read that since the WRT 3200ACM has two partitions, you can set one of them up with a simple Linux OS (like CentOS) and install PiHole directly onto it. Which would be pretty slick.

 

[jeepin4x4james]

Hadn’t heard of pihole before, looks cool. Can you easily allow a specific port through with that setup? ie: a Plex Server?
I use PrivateVPN on my HTPC/download PC and usually just turn the VPN on when downloading, off at other times to allow friends/family to get on my Plex.

 

[Stephen]

Yup, I've got my Plex up and people are able to access it without issue. You can customize your port configuration however you'd like to.

 

[nnnnnate]

I played with pihole a bit when we were in my parents basement but never brought it back up at the new house. I had it just on a raspberry pi 3b. I had read that some people were able to just power the raspi off the usb on their router which kept it a pretty clean setup though some routers weren't supplying that usb with enough juice for the pi.

Is the expressvpn stuff just configuration on the router? I had also looked into dd-wrt a year ago and found it to be like you alluded to, a little much. I ended up buying ubiquiti edge router x and an AP lite for the wifi aspect. Again, I intended to fiddle with that hardware and do some config stuff to firewall one particular box but never ended up doing it.

I have plex but only use it in the network. With all the streaming crap we have (netflix, prime, disney+) I haven't been using plex much as of late. Its been kind of nice to be able to quickly find what I want on one of those services.

 

[Stephen]

I played with pihole a bit when we were in my parents basement but never brought it back up at the new house. I had it just on a raspberry pi 3b. I had read that some people were able to just power the raspi off the usb on their router which kept it a pretty clean setup though some routers weren't supplying that usb with enough juice for the pi.

Is the expressvpn stuff just configuration on the router? I had also looked into dd-wrt a year ago and found it to be like you alluded to, a little much. I ended up buying ubiquiti edge router x and an AP lite for the wifi aspect. Again, I intended to fiddle with that hardware and do some config stuff to firewall one particular box but never ended up doing it.

You upload the ExpressVPN image onto one of the partitions of the router and then you use that to manage the router. Its got a pretty slick GUI thats super easy to navigate. When I was fiddling with the DD-WRT image, I was having to telnet in to force some configurations. Which would have been fine, had it worked. But it just kept giving me grief about connecting to my ISP.

I have plex but only use it in the network. With all the streaming crap we have (netflix, prime, disney+) I haven't been using plex much as of late. Its been kind of nice to be able to quickly find what I want on one of those services.

We have Netflix, Prime, Hulu and Disney+ (mainly through sharing with other people), but we still use Plex for 99% of our viewing. Maybe its because we have odd taste and can't find what we want on any of the streaming services, or its just that I have the Plex so dialed in using Radaar and Sonaar that I just know what I want to watch is there when I want it. That and I'm a digital hoarder...

 

[nnnnnate]

Interesting. I wasn't aware of radaar but that seems pretty slick.

My viewing habits typically revolve around my 4 year old so its pretty easy to satisfy him with either PBS Kids or something from Disney+. I have to say though its been fun going into the back catalog of Disney to watch some of their stuff I had forgotten about.

What internet service do you use and whats your bandwidth? My limited understanding of VPN use is that it severely limits the throughput but I haven't looked into VPNs in a while so I don't know if thats changed.

Also, what location do you have set through the VPN? Are you using USA based or do you have it oversees or do you change it periodically?

 

[Stephen]

Interesting. I wasn't aware of radaar but that seems pretty slick.

My viewing habits typically revolve around my 4 year old so its pretty easy to satisfy him with either PBS Kids or something from Disney+. I have to say though its been fun going into the back catalog of Disney to watch some of their stuff I had forgotten about.

What internet service do you use and whats your bandwidth? My limited understanding of VPN use is that it severely limits the throughput but I haven't looked into VPNs in a while so I don't know if thats changed.

I'm on Comcast with the 1GB down/35MB up plan. The VPN does affect my download a bit. But its never made a huge difference to me. And it doesn't affect my upload speed at all.

Also, what location do you have set through the VPN? Are you using USA based or do you have it oversees or do you change it periodically?

With ExpressVPN you can set it to automatically pick the fastest server, which usually ends up being somewhere in the West (sometimes even in Salt Lake). But you can also manually tell it to pick a server anywhere in the world. So if I wanted to stream F1 directly from Sky, I could tell it to pick a server in the UK and I could stream it no problem.

 

[Herzog]

So you're doing an always on site-to-site vpn for to cover your nefarious online activities?

I currently use a bit of ubiquiti gear (edgerouter, edgeswitch, unifi ap) and then two intel NUCs to run my services. The nucs are hypervisored with esxi running various ubuntu & debian os's which include: nextcloud, plex, 2 piholes (for when I take one nuc down maint), various game servers for my kids (like minecraft) , unifi controller, unifi video controller for security cams, and some various webhost stuff.

I highly recommend the nucs... small and low power consumption but you can pack them with enough ram to run whatever you need in a home.

 

[nnnnnate]

Stephen I would have expected your gig speed to be neutered quite a bit but am glad you aren't having any adverse affects. Thats the thing about network speed though, its only a problem if you can't do all the things you're wanting to do that you start poking around and doing tests to see where the hang up are. We are on utopia and have a 250/50 mb connection which has been fantastic. I guess if I was doing a lot of downloading (and actually seeded) I'd consider bumping up to a gig but its not really my thing. You're philosophical enough that I'm sure you're a good seeder.

I bought a NUC8i7BEH in 11/18 and have loved it for the same reasons Herzog mentions. I don't do anything hardcore with it but its got my plex stuff on it and its just content to sit on the corner of my desk. Once I get my "office" built out a bit more I plan to mount it either to the back of a monitor or to the underside of my desk.

Interestingly enough my brother is doing some house renovation stuff right now and I was just suggesting he add round boxes in the ceiling so he can easily install some AP lites down the road. I freaking love how clean and powerful they are.

 

[I Lean]

I only understand 70% of the words written on this page.

 

[Chicken Corners]

I am with you. Any way to translate this thread to English?

 

[nnnnnate]

I know this is a wrenching forum but now you know how I feel Carl with most of the threads on here. ?

 

[Stephen]

So you're doing an always on site-to-site vpn for to cover your nefarious online activities?

Yes...

I always had the VPN for you know, some of those gray areas on the interwebs. But I wanted the whole home because to cover all devices in the house

I currently use a bit of ubiquiti gear (edgerouter, edgeswitch, unifi ap) and then two intel NUCs to run my services. The nucs are hypervisored with esxi running various ubuntu & debian os's which include: nextcloud, plex, 2 piholes (for when I take one nuc down maint), various game servers for my kids (like minecraft) , unifi controller, unifi video controller for security cams, and some various webhost stuff.

I highly recommend the nucs... small and low power consumption but you can pack them with enough ram to run whatever you need in a home.

We use a few NUC's here at work, mainly to host VM's for broadcasting stats out. They work great. I've thought about switching to a NUC + NAS setup for my next Plex. But surplus server parts are just so cheap and fun to play with...

 

[Stephen]

Stephen I would have expected your gig speed to be neutered quite a bit but am glad you aren't having any adverse affects. Thats the thing about network speed though, its only a problem if you can't do all the things you're wanting to do that you start poking around and doing tests to see where the hang up are. We are on utopia and have a 250/50 mb connection which has been fantastic. I guess if I was doing a lot of downloading (and actually seeded) I'd consider bumping up to a gig but its not really my thing. You're philosophical enough that I'm sure you're a good seeder.

My Gig connection with Comcast takes maybe a 100Mb/s to 200Mb/s hit with the VPN on. Which IS big, but still having 800Mb/s to use is fine. At my old place, I was getting gig all day every day. At my townhouse, the whole complex is on one node, which SUCKS in the evenings. Without the VPN, about 6pm my speeds drop down to 300Mb/s. Comcast tells me that theres nothing they can do about it (of course!). So I just have everything scheduled to download during weekdays during the day when I have full gig speeds. And really, the only reason I have gig down is to get the 35Mb/s up so I can have multiple people connected to the Plex and they don't have lag, and that never gets affected; VPN or not. If I could get that amount up with a lower download speed, I'd be fine. But thats not how Comcast works!
I seed on some sites, but only to keep my rating up. Otherwise I'd be a miserable leecher like you.

I bought a NUC8i7BEH in 11/18 and have loved it for the same reasons Herzog mentions. I don't do anything hardcore with it but its got my plex stuff on it and its just content to sit on the corner of my desk. Once I get my "office" built out a bit more I plan to mount it either to the back of a monitor or to the underside of my desk.

Interestingly enough my brother is doing some house renovation stuff right now and I was just suggesting he add round boxes in the ceiling so he can easily install some AP lites down the road. I freaking love how clean and powerful they are.

I thought about going all in on the home network at this place, but the way it's laid out (pretty much totally open floor plan), and our plan to only be in it for a couple years then use it as a rental, I just figured getting a good stand alone router was the best bet. That Ubiquiti stuff it slick, though. I have a few friends that have put it in their houses and they love it.

 

[shortstraw8]

Never heard of express. I suggest checking out Wireguard vpn, fastest easiest vpn ever.
Was pulled into the linux kernel for the 5.6 release. In kernel vpn, lightweight and consumes hardly any cpu time or ram.

@nnnnnate
What ubitquity gear do you have? been looking at the UAP-AC-PRO and thinking about an 8port switch. I have a USG already and the key on my pi3. Just wondering how their APs and switches are.

 

[nnnnnate]

I have the Unifi AP-AC Lite and the Edge Router X. I'm just using a dumb switch, if I remember right I bought a used HP 1810 with 24 ports. I've used the 1810s at work and didn't have many issues with them. Honestly when I put up the networking gear we were moving into the house so the plan was to just get it working then come back to it to tweak it and get into the weeds of the different settings after we got settled but I never needed to go back to it and its not caused any troubles or hiccups ever. (I bought it all december of 2018.) The only network problems we've faced ended up being the MSP that got DDOS'ed over memorial weekend last year so while I was looking into that (before I found out it was the MSP) I got back into the interfaces to check some stuff.

My house is 1500 sqft with 3 floors and I have the AP on the ceiling of the top floor in the hallway kind of at the center of the house. I get great coverage everywhere in the house I go (the in-laws live in the basement apartment) and haven't gotten complaints from the others. Going outside the house I get coverage in most of the yard but it does get spotty towards the edges. I seem to remember pandora buffering while I was doing yard work last summer. Really though the places I expect it to work well it does.

 

[Herzog]

If you're going to go Unifi APs and cams, I'd recommend sticking with the unifi gateway and routers. The admin/ui experience is much better. I was dumb and with with Edge equipment and then added the Unifi AP and Cams. Works fine but is kind of a broken experience when making changes to your configs. That said, I don't regret the Edge router / switch at all. They are nice!

 

[DaveB]

I am with you. Any way to translate this thread to English?

Here is my translation of some of the acronyms:
VPN virtual private network
WLAN wireless local area network
DD_WRT firmware for WLANs
OS operating system
HTPC home theater PC
ISP internet service provider
NUC next unit of computing
ESXI elastic sky X integrated (for server virtualization)
AP access point
VM virtual machine
WRT wireless receiver/transmitter

 

[Chicken Corners]

Were does the Flux Capacitor fit? Lol

 

[moab_cj5]

I need a switch and new router for my house, and don't understand a lot of this thread. What do all you network experts recommend?