2

It is my first post on Stackexchange and I am new to this community !

I've searched for similar topics but I did not find the answer...

Here is what I am trying to figure out:

  • I have two houses (let's say A and B) with 1Gb/s (Up and Down) optical fiber connection. Both have a router.

  • House A has a QNAP NAS (TS-218A) with personnal datas.

  • I live in house B with a computer, a media player, and an Android phone.

  • I want to access my NAS with a speed of minimum 300Mbps (Up and Down).

  • I don't want all the traffic of my computer and devices to be routed through the VPN connection, just when trying to access the NAS.

Currently, I use OpenVPN hosted by the NAS, with the client App on my computer in house B, but the NAS bottlenecks the speed to 20Mbps through VPN (very cheap CPU). When not using the VPN (computer in house A), I have 400Mbps when transfering datas over local network.

Here is a little scheme:

Network Scheme I am asking if it is possible to setup a VPN tunnel between the two houses with two Raspberry Pi, so that they will do the encryption and I will not be bottlenecked by the devices'CPUs. I want this tunnel to be transparent for my devices: I don't want to install client apps on every device who needs to reach the NAS. For example, I just want to type 192.168.1.102 on my computer (192.168.2.13) to access my datas.

I've read about site to site VPN connections and that Wireguard was well performing on Raspberry Pi ! Especially: https://github.com/adrianmihalko/raspberrypiwireguard

Is this idea possible ? :)

Thanks !

Nathan

Nathan.OTN
  • 21
  • 2
  • I would check if the routers is capable of VPN in Site-to-Site VPN mode. A sollution with Raspberry Pi is involving DynDNS, port forwarding and securing the Raspberry Pis from intrusions, a more demanding than installing a VPN client to a existing VPN solution in the router. – MatsK Aug 13 '21 at 11:55
  • Hi and thank you for your answer ! Isn't it a lot expensive to buy two routers with 300Mbps through vpn capability ? I have tried with an Asus RTAC57U as client but I only get 1.8Mo/s... – Nathan.OTN Aug 13 '21 at 12:10
  • The numbers I have seen for Raspberry Pi 4 VPN throughput is approx. 50-60Mbps. – MatsK Aug 13 '21 at 14:00
  • "the NAS bottlenecks the speed to 20Mbps" -> If that is conjecture on your part (eg., if there is no such bottleneck in house A locally, you don't have much in the way of hard evidence), don't commit to a decision which must assume this to be true (eg., I'll just replace the NAS and everything will be fine). "I want to access my NAS with a speed of minimum 300Mbps (Up and Down)." -> You won't get anything close to that with a Pi to Pi VPN. – goldilocks Aug 13 '21 at 14:59
  • @MatsK People seems to reach very high speeds with Pi 4 and WireGuard: https://www.reddit.com/r/WireGuard/comments/eeafds/wireguard_throughput_on_raspberry_pi_4/ – Nathan.OTN Aug 13 '21 at 18:39
  • @goldilock I've made many tests: transfering datas, locally with/without VPN, and from house B with/without VPN I am 99% sure the NAS CPU is overloaded. While transfering through OpenVPN, the CPU is 100%. The idea is to have another device which is dedicated to encryption for the VPN connection... I've heard that Rock64 has the arm encryption extension built-in, it could be better than Pi 4 and cheaper... – Nathan.OTN Aug 13 '21 at 18:43
  • The CPU usage is probably a good clue. I don't think the often disappointing network speeds with the Pi are CPU/encryption performance related, I think it is how all the hardware is put together. Eg., Using NFS locally (= no encryption), I get at best maybe 400-500 Mbps over the air w/ a Pi 4, and I don't think the eth port is faster. Now keep in mind that if the NAS is a separate system, passing it through a VPS server cuts the interface speed on that server in half (data is passed from the NAS to the Pi, then from the Pi to the remote client). – goldilocks Aug 13 '21 at 20:26
  • ...You could use both interfaces (eg. wire the pi to the router), but I still think 300Mbps is a very tall order, and it will be hard to find real world examples to the contrary (the "real worldness" of that reddit post is not clear and more detailed reports, such as the others in that thread, are underwhelming). All that said, without spending a magnitude more money I don't think other arrangements will be all that better, so the Pi may be worth a try. – goldilocks Aug 13 '21 at 20:26
  • Which router do you recommand with OpenWRT so that I can setup Wireguard on it ? (In two PI 4 budget = 160$) ? – Nathan.OTN Aug 13 '21 at 22:07

0 Answers0