PrivateInternetAccess VPN software vs. Netgear R7000 + OpenVPN

I'm not sure if you are dead set on keeping the stock firmware, but if you are open to DD-WRT, you can configure the router with PrivateInternetAccess and then you wouldn't need a client on your computers. I currently have DD-WRT on the R7000 and have it set to use the VPN only for specific sites (ie: Pandora). I could add other sites or simply have all traffic use VPN.


https://www.privateinternetaccess.com/p ... rt_openvpn

The above would guide would route all traffic to VPN. If you want something custom, then you would have selective routing additional config:

ex:

###
### OpenVPN common configuration
###
route-nopull
route XXX.XXX.XXX.XXX 255.255.255.255 net_gateway

###
### OpenVPN routes
###

# pandora.com
route 208.85.40.0 255.255.248.0 vpn_gateway

BB88 wrote: ↑Just wondering what are the advantages/disadvantages of using either the PrivateInternetAccess VPN software vs. my router VPN service + OpenVPN software?

With Netgear stock firmware, this is how Netgear suggests to set up VPN service on the router: http://kb.netgear.com/app/answers/detai ... -client%3F
which still requires me to run OpenVPN software on the client computer.

openvpn on router or on computer by itself is known to leak your ip from time to time. the PIA software has a kill switch you can enable that works for most people so that your ip doesn't leak.

rageking wrote: ↑openvpn on router or on computer by itself is known to leak your ip from time to time. the PIA software has a kill switch you can enable that works for most people so that your ip doesn't leak.

Eh... properly setup that should never happen.

Also, the kill switch has been known to not work properly and cause issues when turning pia off.

It's easier to have the VPN on the router. Can also use it with Chromecast which is nice.

ok I see that your response was in response to post #2. Yes I suppose if you put in scripts into the router you can have some confidence the vpn wont leak the ip. I haven't tested it this way.

Without scripts forget it - you can bet good money the vpn client will leak your ip.

BTW op, Im not sure if your r7000 can give you full speed of your vpn. I think the r7000 is a dual core cpu inside if it is then there is a good chance it can.

I think I was originally confused about the VPN Server/Service on the stock firmware is different from the VPN client as you guys have explained. I thought it was something similar to what DD-WRT or Merlin has implemented for VPN client.

Anyway, it sounds like neither the OpenVPN client (on computer or router) nor the PIA software is a perfect solution in terms of IP and DNS leak, but I guess I'm not too worried. My ultimate goal is just to have the least set up required to have all my devices using the VPN as much as we can. I guess I'll wait for the Merlin port to be a little more mature before I switch over. I personally is not a big fan of DD-WRT because of how messy it was.

if you tested the PIA client with vpn kill switch enabled and it doesn't leak your ip under all the scenarios you can think of, including turning off the mode, disabling your network interface while PIA is enabled, then you're all covered.

You can enable windows firewall (in addition to your 3rd party firewall) so that the internet app like bittorrent will not run unless it is in the public domain network which all apps will be in upon PIA being connected. This is an easy way to fool-proof against any leaks.

rageking wrote: ↑ok I see that your response was in response to post #2. Yes I suppose if you put in scripts into the router you can have some confidence the vpn wont leak the ip. I haven't tested it this way.

Without scripts forget it - you can bet good money the vpn client will leak your ip.

That's what I meant by "properly" configured.

But I agree, kill switch can be a hassle but it's better than nothing. You can add a kill switch script to your router with third party firmware.