×

22
23

Configuring (faster) VPN through your router for your IPTV devices (self.IPTVGroupBuy)

submitted by jcumb3rValued Collaborator

This is admittedly a bit of a niche post, but for the fellow geeks among us, I thought you may find this useful to get much faster VPN speeds for your IPTV devices if your router supports setting up a VPN Client.

u/mrrobvs and I were going back & forth yesterday about VPN speeds from the Shield Pros (which are poor). After that I realized my Unifi router is capable of setting up a client VPN from the router itself to a VPN provider and then selectively routing only specific clients (i.e. my Nvidia Shields) through that VPN. I know that many Asus routers support this as well, though VPN performance will vary depending on the horsepower of your router. Overall, getting this working was surprisingly simple.

Setup

  1. Download Wireguard config file from your VPN provider (look under a section like 'VPN for routers' or something like this from your provider). Wireguard is generally the fastest / lowest CPU-intensive protocol, so always use wireguard if it is available from your provider when speed is the primary concern.
  2. In Unifi, you navigate to Networks -> Settings -> VPN -> VPN Client and create new connection. Upload the configuration file you downloaded in step one. (your router should have a similar config section)
  3. After you create the VPN, Unifi helpfully asks you to 'add a policy-based route' to choose which devices are routed through the VPN.
  4. Choose your IPTV devices from the list and then choose to send all of those through the new VPN you just created. (in other routers, you will need to have assigned static IP addresses to your IPTV players. Add those IP addresses to the config at this step. In Unifi, you just pick the devices by name)
  5. I had to reboot my shields to pick up the new network info... but other than that, I was shocked that it 'just worked' with about 10 minutes of effort total.

Results

VPN Configuration Download Speed Upload Speed
Shield Speed: no VPN used 500 mbps 380 mbps
Wireguard VPN client running on Shield 160 mbps 100 mbps
Wireguard VPN client running on Unifi router 340 mbps 200 mbps

Summary: if you have a router that can serve as your VPN client, try it out.

all 44 comments
sorted by:
best

[–]congenial_optimistVeteran 4 points5 points  (0 children)

Great post, I have a Flint 2 router and love it. Setting up my VPN (PIA) was a breeze. My internet speed drops from about 800mps to around 600mps which is very acceptable.

I even have it set up as a WireGuard server to dial in securely when I’m traveling.

[–]Deadmonty 1 point2 points  (4 children)

Not many VPN providers will supply Wireguard config files. Surfshark is one of the few. Nord VPN, Express VPN, Cyber ghost and PIA do not. Mullvad does, but it is not streaming friendly.

More recent Asus routers have Wireguard and an interface to it, built in. Merlin is an alternative firmware for Asus routers and enables split tunnelling. Older Asus routers have Wireguard within the kernel, but no interface to it and require add on scripts to use it. Easy to set up and does allow split tunnelling through command line.

[–]congenial_optimistVeteran 2 points3 points  (0 children)

Just to add, some routers have the ability to log into your VPN server and use the WireGuard settings that way *not sure I’m explaining this correctly but here’s a screenshot

<image>

[–]jcumb3rValued Collaborator[S] 1 point2 points  (0 children)

FYI that I use Windscribe, they do as well.

[–]NickyNice 0 points1 point  (0 children)

AirVPN offers wireguard config and even supports p2p with port forwarding

[–]IdoNotKnowYouFriend 0 points1 point  (0 children)

Nord and Proton have it too. I am using Surfshark with OPNsense.

[–]kevinpirnie 0 points1 point  (0 children)

mm... i'll have to see if my tplink mesh can route specific devices...

[–]slippeddisc88 0 points1 point  (1 child)

Can you do this with pfsense?

[–]jcumb3rValued Collaborator[S] 0 points1 point  (0 children)

Looks like you can: https://daulton.ca/2018/10/pfsense-route-hosts-over-vpn/

[–]Not-Not-Maybe 0 points1 point  (5 children)

Is there a VPN hardware device that can sit between an eero mesh box and an Android TV box, connected via Ethernet? Does that sort of thing exist? (I have a VPN subscription)

[–]jcumb3rValued Collaborator[S] 1 point2 points  (4 children)

You could do it with something like a raspberry pi. (example post)

[–]Not-Not-Maybe 0 points1 point  (0 children)

Thank you

[–]Not-Not-Maybe 0 points1 point  (1 child)

Would doing this make all the internet traffic in your home go through VPN (all computers,phones, smart devices), or just the Tv box’s traffic?

[–]Deadmonty 2 points3 points  (0 children)

Depends upon whether it does split tunnelling. Some do, some don't.

[–]exquisitevision 0 points1 point  (1 child)

Is VPN generally recommended in the US? Or just in places/countries where ISP may be throttling/blocking?

[–]jcumb3rValued Collaborator[S] 2 points3 points  (0 children)

Kind of depends on your own personal feeling about your ISP watching your traffic. I’ve used it for a long time without VPN without issue but recently started to use one.

[–]Personal-Swan83 0 points1 point  (0 children)

hi wanted to check on vpn usage, is there any preferred country to connect to?
eg, maybe it'll be best to connect to a VPN server where the IPTV server is based in? rather than one that's on the opposite end of the world.

[–]only4pointsomething 0 points1 point  (6 children)

With Unifi is there anyway to make this service specific. I.e I only want traffic from my Apple TV that goes to a specific site (the IPTV site) to use VPN and for everything else (eg Netflix or Prime Video) goes out to regular ISP?

[–]jcumb3rValued Collaborator[S] 0 points1 point  (5 children)

Yes, you can define routes by IP address as well instead of by device. The problem is that those IP addresses change over time, so it becomes a much higher-maintenance solution. I haven't found a way to route it by DNS address which would make it easier, but the route definitions are IP address only from what I've seen. If you find otherwise, let us all know please.

[–]only4pointsomething 0 points1 point  (4 children)

Looks like in Unifi under policy based routing you can add a domain name(s) instead of just IPs so wouldn't that work in theory if you add the domain name of the server?

[–]jcumb3rValued Collaborator[S] 1 point2 points  (3 children)

Ahh… I just remembered why I couldn’t do this. My unifi router doesn’t handle dns for my network and that’s why I couldn’t do domain based routing. It may well be simple if unifi is doing dns lookups for you. Hopefully it is !

[–]only4pointsomething 0 points1 point  (2 children)

I'll give this a try in the process of getting an account with a service over the next week or two. Only issue is not sure how I can check it's an actually working. I I guess I can create a policy for say whatismyipddress.con web site and see if it works to that first

[–]jcumb3rValued Collaborator[S] 2 points3 points  (1 child)

Yep. Exactly what I did but with IP addresses.

[–]only4pointsomething 0 points1 point  (0 children)

Found a problem with this. Using domain name works but with Ubiquiti if the VPN client disconnect's unfortunately it falls back to using the default WAN. Which isn't good. You can block this via firewall rules but if you enable zone based firewall then it also fails and you have to block via SNAT rules. Doesn't give me much confidence in their implementation.

[–][deleted]  (2 children)

[removed]

    [–]AutoModerator[M] 0 points1 point  (0 children)

    This post was flagged for mod review because of a lack of positive history on Reddit. If it does not violate our rules, it will eventually be approved.

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

    [–]IPTVGroupBuy-ModTeam[M] 0 points1 point locked comment (0 children)

    A lot of information is readily available in this sub. Please search through or refer to the stickied posts for more information.

    [–]Inside-Way-3077 0 points1 point  (2 children)

    Is there any risk of the router dropping the vpn connection while IPTV is active and switching to a non-vpn connection without a notification? Sorry if this is a * question, I just know that when I've used a vpn client on my Shield/Onn that I've had it disconnect and my device vpn client does not have a kill switch. I don't know if my router has a kill switch option or how I could configure that for a router based vpn client. I currently use Proton VPN.

    [–]AutoModerator[M] 0 points1 point  (0 children)

    This post was flagged for mod review because of a lack of positive history on Reddit. If it does not violate our rules, it will eventually be approved.

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

    [–]jcumb3rValued Collaborator[S] 0 points1 point  (0 children)

    In unifi routers you can configure it as a kill switch or configure a backup connection to takeover if you want it to still work when the vpn dies.

    [–][deleted]  (6 children)

    [removed]

      [–]jcumb3rValued Collaborator[S] 1 point2 points  (3 children)

      Sure you do.

      [–]Aggravating_Ad4346 -4 points-3 points  (0 children)

      Yes

      [–][deleted]  (1 child)

      [removed]

        [–]IPTVGroupBuy-ModTeam[M] 0 points1 point locked comment (0 children)

        Check rules for specifications.

        [–][deleted] 1 point2 points  (0 children)

        Stop soliciting dummy

        [–]IPTVGroupBuy-ModTeam[M] 0 points1 point locked comment (0 children)

        Check rules for specifications.