I am currently testing a Linksys WRT1200AC v1 (believe it to be Caiman, as I am showing 503.2MB of RAM) while I wait for a WRT3200ACM to be delivered, and enabling the VPN client breaks my Quotas. Haven't tested Restrictions.
After poking around, I believe that the problem has something to do with how the BWMonitor records traffic for hosts/groups. Gargoyle is only recording total bandwidth for the VPN Client / Router, which appears to result in the loss of what host on the network is responsible for the traffic.
After VPN is turned ON, no other hosts being tracked by the BWMonitor:
Adjusting the time range, you can see the other hosts that
were being tracked
before the VPN was turned ON:
EDITS
Nevermind.. I think because the VPN client is handling routing (via TUN), that's why Gargoyle can't see
what is going
where. If that's the case, global quotas and restrictions should still be effective.
@ispyisail
Here is my config, if that helps:
Code: Select all
client
dev tun
proto udp
remote us-california.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
keysize aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
tun-mtu 1500
tun-mtu-extra 32
comp-lzo no
sndbuf 393216
rcvbuf 393216
verb 1
reneg-sec 0
auth-user-pass '/etc/openvpn/auth.txt'
crl-verify '/etc/openvpn/crl.rsa.2048.pem'
ca /etc/openvpn/grouter_client_RANDOM_ca.crt
cert /etc/openvpn/grouter_client_RANDOM.crt
key /etc/openvpn/grouter_client_RANDOM.key
If I'm correct about what is causing the router to "lose" track of what bandwidth belongs to each client then, as far as I know, that only leaves two options:
- Do not run VPN client on router. Run from each host that requires secure connection, when necessary.
- Install a second router in between the Internet and the Gargoyle router that is configured for Quotas/Restrictions.
- If you are using a metered Internet connection, you will probably want Gargoyle running on the VPN-router to capture the excess bandwidth.
- I see no reason why you couldn't put each of the routers on different subnets to make this work, but I haven't tried it yet.
- I'm not that familiar with how uPnP / PAT works, but I imagine you'd be crippling any Port Forwarding you had to do. I suppose you could simply forward every port on the VPN-router, but that doesn't sound safe at all.
I'm currently running VPN clients on network devices when / if I need to. It isn't the elegant all-in-one solution I hoped for, but oh well
If you are new to using VPNs, be aware that you will have to setup some workarounds via the command line to prevent sites like Netflix from blocking your access when using a service like PrivateInternetAccess (PIA).