Understanding Hybrid VPN

[Wolfie]

Hello guys,

I updated to latest firmware yesterday excited to try out VPN as originally it was one of my reasons for choosing this router. I was messing around with Hybrid VPN for a while yesterday and I want to make sure my understanding and use of it is correct. If it is correct I am probably going to get a refund for VPN account I just purchased as experience feels lackluster.

After getting the VPN account (ExpressVPN) I input the details into the advanced section and it connected. At this point I had assumed everything on my network would be under the VPN. To my surprise nothing was. It took me a while to realize I apparently have to add every device manually on the right side. IMO the way it looked was the right side was to choose devices NOT TO VPN. Is this correct everything needs be added manually or is there a way to have it like I thought it was going to work. I am not sure how many devices most people have connected but my Network map is almost unreadable due to how many devices I have so I feel would be easy to miss adding one to list.. 

In order to test the VPN, I added a few of my most used devices. Right off the bat, 20 Mbps seems really slow. Can this be improved in a future update? I read this is hardware limited in another thread? I get 120Mbps and on my PC if using the desktop app instead of Hybrid VPN I easily get 80-90Mbps which would be reasonable. I was downloading a file on my phone yesterday and found myself frustrated with the speed and logging in and turning off VPN anytime I want to download a large file seems like a hassle.

Another thing I am not sure I set up correctly. Before ever using the VPN I had set up my router to use Cloudflare DNS and if I do a DNS leak test with VPN on it still shows all the Cloudfare stuff and that it is leaking. Is it actually leaking or is due to me using the DNS setting like that. I had assumed VPN would override it? Let me know if that is not true and if some settings need to be modified?

I know this is mostly I guess a negative post but besides the VPN my experience with the router has been otherwise great. Love most of the other features. Due to mostly loving it is why I would cancel the VPN before swapping to a different router. 

[Netduma Fraser]

Hey, welcome to the forum!

The problem with most VPN clients on routers is that they apply to every single device without the customisation there available enabling you to choose which devices are VPN'd which can lead to slower devices, lag etc let alone individual services on those devices. The idea of Hybrid VPN is it gives you that flexibility to choose. You're correct in that it doesn't blanket VPN every device on the network. This was the same on our previous firmware. Adding devices on the right you can decide either which devices are VPN'd completely or go even further and VPN specific services on a device which gives you a great deal of power/control. It has been requested before that we add the ability to VPN all devices so this will likely come later on. 

You're correct in that it is mostly a hardware limitation on the speed so unsure if we can raise this in any future updates though we will of course look into the possibility. 

Were you doing this test on a device you added to the VPN? Which service did you apply to it?

[Wolfie]

Hi Fraser,

Yes, I did the test on my desktop which was added to the list. I used the expressVPN test on their website. Tried some other ones as well all with about same result. 

hmm as far as the limitation to the speed I will have to be very selective about which devices I VPN I guess. Thanks for the reply

[Netduma Fraser]

Did you have it added with Do Not VPN these services or Only VPN these services when you did the DNS test?

[Wolfie]

It is on DO NOT

[Netduma Fraser]

Okay that's good. What's your physical setup? Is it a router or a modem?

[Wolfie]

I use a MOTOROLA MG7540 plugged into the XR500

[Netduma Fraser]

Do you have it in modem mode is it still in router mode? If in router mode that could be why you're experiencing a DNS leak.

[Wolfie]

oops posted the wrong model. Motorola MB8600 is what I have. It is only a modem. That other was something I bought for a friend apparently.

[Netduma Fraser]

Does the modem have an interface that you can access and disable any settings like DNS that may be affecting the routers ability to control the network fully?

[Wolfie]

 

It has a very simple interface and you can change nothing except login details.

[Netduma Fraser]

Disable DNS Override, i.e. the Cloudflare DNS you input, connect to VPN again and do the test, do you see a leak then?

[Wolfie]

yes only difference at that point is just the leak test list the provider as my ISP IP addresses instead of cloudfare IP address.

[Netduma Fraser]

Are you connecting the VPN via UDP by any chance? If so use TCP, does that resolve it?

[Wolfie]

6 hours ago, Netduma Fraser said:

Are you connecting the VPN via UDP by any chance? If so use TCP, does that resolve it?

Could you please tell me how to change that or check which I'm using? 

[Netduma Jack]

5 hours ago, Wolfie said:

Could you please tell me how to change that or check which I'm using? 

On the Hybrid VPN page under 'Information' on the 'VPN Setup' panel, you'll see a line called 'Protocol'. That will say if you're using TCP or UDP. You can change this when you go to VPN Setup on the first page.

[Wolfie]

5 hours ago, Netduma Jack said:

On the Hybrid VPN page under 'Information' on the 'VPN Setup' panel, you'll see a line called 'Protocol'. That will say if you're using TCP or UDP. You can change this when you go to VPN Setup on the first page.

It appears to say TCP. Correct me if wrong here, but assumed the basic section was only for options related to purevpn and HMA and that none of those boxes would affect me using advanced anyway?

[Netduma Fraser]

Within the config you used does it mention TCP or UDP?

[Wolfie]

8 minutes ago, Netduma Fraser said:

Within the config you used does it mention TCP or UDP?

Nope it mentions TLS

[Netduma Fraser]

Could you post the config here for us to take a look at please

[Wolfie]

dev tun
fast-io
persist-key
persist-tun
nobind
remote usa-dallas-ca-version-2.expressnetw.com 1195

remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass

Here is the top part
the rest of it is just all the begin certificate etc.

[Netduma Fraser]

Thank you, I've found that by default they use UDP, could you try TCP please. This page should be helpful, I can't access the configs as I don't have an account.

[Wolfie]

Was there suppose to be a link in your post? 

 

EDIt: expressvpn support said they do not have a TCP config file

[Netduma Fraser]

Sorry about that! https://www.expressvpn.com/blog/tcp-vpn-servers/ 

Well that's strange because that link says they have TCP servers, could you ask them about that link then?

[Wolfie]

15 minutes ago, Netduma Fraser said:

Sorry about that! https://www.expressvpn.com/blog/tcp-vpn-servers/ 

Well that's strange because that link says they have TCP servers, could you ask them about that link then?

 

 

Meh I don't know lol. Guess I will just have to hope Cloudfare is a trusty DNS lol