1 1
gounthar

Which boards to get a VPN server and a VPN client?

Recommended Posts

I've been travelling a lot lately for work (IT conferences). I don't brag. Don't get me wrong, I like meeting new people, sharing about technology, but the "travel" part of this travels is the worst for me.
And having to use the bad hotel wifi without any protection is not my cup of tea... Working with my phone's 4G tethering is cool, but I feel "naked" anyway... And it does not solve my other devices connection problem.
I was almost ready the other day to get a 4G/Wifi travel router to solve it, but as I tend to use SBCs for just about everything, I was wondering if I could make one my travel router, giving me WIFI through a VPN on top of Armbian. It would use free wifi when available, or USB tethering if not.
At home, I would install another SBC running Armbian and a VPN server on top of it.

So... Do you have any idea of an Armbian-able board that could run my VPN server at home? The cheaper, the better, unless it has super powers.


And what about my VPN client/travel router? It would have to be compact with good wifi (or enough USB ports to have good WIFI dongles)?

 

Thanks!

Share this post


Link to post
Share on other sites

I am getting excellent results with an Odroid HC1. I use it as an OpenVPN server at home, and with my laptop as roadwarrior I get about 80-90 Mbps over my 100 Mbps connection. And also, since now it is on sale, you can get a HC1/MC1 Solo/XU4Q for about $50 at Ameridroid.

 

Other than that, anything with crypto extensions and good single-thread performance would do good, like some RK3399 for example (though it will be more expensive). Avoid boards with many slow cores but no big ones, since OpenVPN is single-threaded.

Share this post


Link to post
Share on other sites

Thanks a lot for your input. I already have two RK3399 for other purposes, but I could try with them first.
Thanks for pointing out the single-threaded model of OpenVPN. I have seen SoftEther project cited here, so I have to check if this has the same one-thread "problem".

Share this post


Link to post
Share on other sites

I'm running wireguard on a pair of nanopi neo2's, and iperf is giving me >200mbps throughput at ~40% load

Share this post


Link to post
Share on other sites

Sorry, I missed the part about where you need wifi.  In that case, I really can't recommend it unless you're using a USB dongle with proper antenna.

Share this post


Link to post
Share on other sites

Why not... In fact, I haven't been able to source an SBC with two WIFI antennas, so I will have to use at least one USB dongle.

Share this post


Link to post
Share on other sites
6 hours ago, gounthar said:

Why not... In fact, I haven't been able to source an SBC with two WIFI antennas, so I will have to use at least one USB dongle.

 

heh, sorry, I mean that the neo2 has no wifi.  It's a ethernet-only board, and (without breaking out the pin header) only one usb-A port soldered.

The neo plus 2 might be closer to what you're looking for, but it's not a board I have.  Should be very, very similar in performance though.

Share this post


Link to post
Share on other sites

@gounthar - If you do not mind you cannot reboot ( hangs for the moment ) what about the orangepi Lite 2

It can do 1,8GHz BUT H6 SoC is still in developement (WIP), it is half the price of a RockPi4, model A 1GB (RK3399).

had promising results using a OPiOnePlus with ovpn ( near 200Mbit maybe more as my upload is CAPped ).

A +/- 12Mbit stream resulted in 40% CPU usage, pushing it to the max ( iperf single/ multiple threads ) got it easily to 1,8GHz : my findings, incl temp increase, can be found here 

Anyway the board has BT, both WiFi and LAN gigabit - but as mentioned DEV image ( kernel 5.x ) needs to be build to have it " somewhat stable " , for VPN (LAN) it works at least.

hope this helps

Share this post


Link to post
Share on other sites

I am not a professional in this subject but I can share with you my experience. Usually, if I need to make some operations through the network or I have to hide my real IP address I am using VeePN service as the VPN client as far as I understood. The main point is to keep an eye on internet connection speed that hasn't been decreased.

Share this post


Link to post
Share on other sites

Thanks for sharing. I don't want to hid my IP address, just be able to reach my machines at home when traveling, and have a more secure network for my daily tasks.

Share this post


Link to post
Share on other sites

Something to consider...

 

https://www.gl-inet.com/products/gl-usb150/

 

MIPS based - but full OpenWRT/Linux under the hood - wireguard client/server and OpenVPN client/server - plug into the PC/Mac/Linux and it is an ethernet device, but not needed, just give it power and it'll run...

 

If one is bent toward WiFi hacking, the SoC WiFi is ATH9K based, which is one of the better WiFi chips for documentation purposes...

Share this post


Link to post
Share on other sites
1 hour ago, gounthar said:

Very interesting, too bad it's not ARM based.

 

But it works... wg is cool as CPU load is minimal, compared to the CPU intense OpenVPN -

 

Enter MIPS24Kc, which would be comparable to ARM11 - Pre-ARM Cortex-A7... the other day, two clients attached, and CPU load was 3 percent, and that's with Stubby and WG active over a 4G mobile hotspot (USB-150 was WiFi to the phone as WAN, and routing from there to two WiFi clients)

 

I suppose this is the difference between an Application focused SoC vs a Network focused platform.

 

There's another thread where I chat a bit about MIPS - interesting arch there for networking stuff...

 

Anyways - the openwrt repo's also support Tor, which may be of some interest to some...

Share this post


Link to post
Share on other sites

Thanks for answering, that looks really interesting in fact. I will try to find the MIPS thread.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
1 1