A few questions on the Librem Tunnel

steve · October 26, 2021, 11:41pm

I’m thinking about trying this out, however, a few questsions. First off here is how I plan to use it:
Currently I have a small linux box that I use as a nat router/firewall/dns server for my internal network. I’d like to set this up to route all internal traffiv through said vpn service.

The objective here is to not allow my ISP to sell information on my family’s internet activity.

First question:

Has anyone used this sort of setup? Did you run into any issues with it? Any recommendations here?
I have heard that some streaming services don’t allow VPNs through… Has anyone tried this?
Have people experienced performance loss with this VPN?

kieran · October 28, 2021, 5:04am

One thing to think about is that if the VPN endpoint (at your end) is in the “small Linux box” then you may be putting the encryption in a box that is far less performant than your actual client device (if it’s a late model desktop or laptop).

Whether that makes a difference depends on the bandwidth of your internet connection.

So how small is “small”?

The advantage of putting the VPN endpoint at the gateway is that it automatically covers all devices on your internal network, big or small.

steve · October 29, 2021, 12:55am

It’s an intel arom box, quad core 1.8Ghz and 4Gb of RAM. As Rob Braxman sells a raspberry pi to do the same thing, figure this should be able to handle it.

OpojOJirYAlG · October 29, 2021, 5:12am

What you’re talking about is a proxy server, I have done proxies and reverse proxies and don’t have a configuration I’ve encountered that I could recommend.

This is a cat and mouse game, streaming services are pressured by rights holders to respect their contracts, VPN providers (thus far) are not liable for users violating their agreements by using a VPN to bypass content restrictions. This will likely be a case of sometimes it works sometimes it’s blocked.

This is too vague. How are we defining performance? If you have gigabit internet but a 10 Meg VPN service you’ll be limited by the smallest connection in the chain (there is no “performance loss” just a lot of untapped potential). Also, if your proxy is underpowered for your configuration, that would impact performance of the firewall/proxy combo device. On top of those, when you add the proxy connection and the connection through the VPN you will have higher latency as compared to going directly to the internet out of your ISP, is that “performance loss” or not? After all, the connection would still be operating at the speed of light, it would just be going further than it was previously to get to the same place. Latency will degrade the end user experience, but that doesn’t necessarily mean any of the technology is working sub-optimally.

kieran · November 1, 2021, 7:38am

Yes, probably. One thing you could check is whether your CPU has the AES NI feature.

Atom? There is a large range of performance and age in the Atom range but from the brief specs that you gave, I would assume it is a more recent one and you should be fine.