VPN solution for Smart home and media sharing


(Vic Singh) #1

Hello All,

I’ve spent the last 2 months researching for the right solution but with 2 children under 2 years old it can be very difficult to find time.

I’m looking for the best security solution using VPN with Private Internet Access to secure my home network.

My ISP is Rogers with 100Mbps(average 150Mbps) down and 10Mbps up. I have 2 router I could use which are Netgear R7000 and DLink EA2700.

Most important is to secure my smart home devices. I have a Smartthings Hub, Nest thermostat, Amcrest 1080P IP cam(I will have to setup port forwarding) and WeMo light switch. Future purchases will be Harmony remote, Ring doorbell and more IP cams. Getting all this into running on a VPN is important. These devices do not require tons of bandwidth and exactly why I am thinking of running these on the DLink EA2700 DD-WRT router(VPN speed of 20Mbps).

My other concern is VPN speed drops because of encryption which I primarily need for Amazon Fire TV 2, Minix Neo x7, DLNA speakers and ChromeCast. If I connect this to Netgear R7000 with DD-WRT, I only achieve about 30 Mbps with VPN.

If I connect the 2 routers to my modem/router(Hitron CGN 3-ROG) from my ISP, I will get roughly 60 Mbps total VPN speed. Can i get these under the same local network to share media files?

I was also hoping to use the DLink EA2700 as a repeater to extend my coverage.

Are there any solution that will work for me?

Can I get a Raspberry Pi for encryption? And how is the impact for VPN speed?


(Ben W) #2

So this is for external traffic? (Just want to verify)

Not sure if it will really “secure” your devices, since your internet still comes in from your provider and has access to your lan. Most home automation devices already have SSL communications.

You could also run into issues, since places like Netflix/Amazon actively block known exit nodes. Would say the same about Nest, would you want an “unkown” source accessing your servers?

The answer is using openVPN and set up an endpoint on your network. Instead of using your router’s as a DNS you point it the openVPN. I believe openVPN can run on a pi. Quite a few hits on google ( https://www.google.com/search?q=openvpn+pi )


(Vic Singh) #3

Sorry I should have mention I have OpenVPN running on both router.

My problem is speed lost due to encryption.

I was researching RaspPi but too slow. Banana Pi looks a little more promising but same issues.


(fightingmajor) #4

Are your routers on the same channel or same freq? Are they close together? Do they support 5g? There are a lot of different things that can slow your transfer rates down because of the multiple wireless routers.


(Ben W) #5

No matter what you do is you are adding extra hops and restrictions through the nodes. Encryption should be a fairly low overhead.

This page has good results; https://www.hackviking.com/single-board-computers/openvpn-performance-on-the-pi/

Even a laptop was only able to handle about 19 Mbs vs a Pi3 at 12 Mbs. The VPN will rarely be able to fill up your pipe.

I looked at doing this a year ago and decided it was not worth it. I connect the nodes on my network to PIA individually. May still set up a Pi to passthrough multiples, but have not had the need yet. Not sure VPNs add that much more security over SSL in most of those devices, especially at the cost of overhead.

edit: Why do you want to send Nest/Home Automations over a VPN?


(Never Trust @bamarayne) #6

And that’s really the question. Why are you using a VPN for your Home Automation?

Outside of that VPN performance is going to be dependent upon your algorithms and the capabilities of your VPN gateways on BOTH ends - not just the ones on the side of your Home Automation devices. Are you using AES?


(Ben W) #7

I think of VPNs as being important if you don’t trust the network. I always use PIA when I connect to WiFi outside of my home. My home network is “trusted” so I shouldn’t need to use a VPN. I still use a VPN for some privacy, like web surfing and other stuff.

The answer is not easily, especially with consumer grade electronics. Each packet gets routed through the network, and once it finds a path typically stays on the same path. With openVPN is one is its own exit node, and traffic will be routed through them.


(Jason "The Enabler" as deemed so by @Smart) #8

You could set up your faster router as your primary, set up the secondary router using WW-DRT and make it an access point. Connect your devices to the access point via IP and MAC filtering, along with firewall encryption. Have the access point connected via wire to the router and secure access there with encrypted password. Make the access point invisible via WW-DRT. Your router then has its encryption and firewall between it and the modem, and yet even more there.

You’re talking a lot of layers… Probably more than the Clinton servers had. So, unless you’re a nuclear physicist working on world domination secrets and stuff… Odds are no one wants to make your house cold in the winter. …

But, if someone sits out front of your house, and you don’t notice them, and they start turning your lights on and off… They probably deserve to play just for the effort.

When I secure my system… I ask myself… What exactly am I securing? And is the loss of data worth the trouble?


(Ben W) #9

How many layers did they have?