I’m confused, shouldn’t the VPN box/router/computer be in front of the router, between modem and router?
As always, great info and great advice. 
If you got a device that is a router/firewall/VPN all in one (Asus and other routers, PFSense/OpnSense etc) it would connect to your modem, then the Eero would just be APs. But for a VPN appliance or PC, it goes on the LAN since it needs to share the same NAT as all your other traffic and you want to protect it with the firewall (forwarding only the necessary ports to it).
In the VPN appliance/software you generate a certificate or key to use on the remote end so nobody else can connect to it, and it will usually have some functionality in it to restrict what VPN users can access, but if you’re using it for your own stuff you probably leave it mostly unrestricted.
Thanks for the explanation.
You are correct again. I forgot to mention that there is a cap of 500Gbps for this service. After that the speed gets throttled down to 10/2Mbs. They’ve probably accounted that people will try VPN.
I figured the cap won’t be an issue even though it isn’t that high. But for my situation with four cameras and being there only for maybe two weeks at the time, it should be enough.
I’ve learned so much from this thread, thank you very much!
1 Like
I’m guessing you mean 500GB/Month? That’s not bad (Comcast caps people at 100GB to 1TB in certain areas in the US), and honestly the 10/2 throttle after that isn’t too bad either (still faster than your old DSL).
If that’s the only limit and VPN connects successfully through it, and doesn’t seem to get throttled (or even if it does, as long as the throttle lets video stream at higher than their 480P or whatever they’ve limited it to), it will take quite a bit of streaming to eat that 500GB up. But the only way to find out is to try (or I guess search their forums to see if anyone else has already figured it out, which I guess I’d be surprised if someone hasn’t tried running a VPN client over their wireless service).
In reality I can’t see them totally blocking VPN, people need it to work from home, so even if they’re blocking certain protocols, you should be able to find one that works. Most corporate VPNs are using SSL VPN (port 443) these days, I’d be surprised if they were blocking that (or really any at all).
There’s various ways to set up VPNs and determine how much you want to go through the VPN, and obviously it depends on what hardware/software solution you’re using. But the easiest for testing is probably just going to be software based running on a PC on either end.
If that works and you want a more permanent solution, the ideal is a router that supports VPN server and/or client built in, that’s going to make things pretty easy. One that supports Wireguard is going to give the best throughput/performance but most of the VPN protocols can support the 35/10 speeds at the very least, possibly the 100M speed on a good newer router.
I haven’t looked closely at that GL.Inet one. I’m guessing it probably has its own DHCP server in it and you disable the one on your Eero. It may very well support NAT as well which would allow you to put it outside your Eero between the Nokia router and the Eero, which would force everything except maybe your Mac to go through the VPN. But you’d need to then run the eero as AP mode, or perhaps the DMZ of the VPN box, or forward a bunch of ports. At that point you’d now have 3 routers/NAT boxes in the path. I guess choosing which way to go/what hardware to buy depends how simple you want it to be and the cost involved. I’ve done it with a pair of Asus routers and it is very simple and elegant for the most part since everything is in one box and each component is aware of the other one and what it is doing.
Just had a cursory look on that model, it does appear they expect you to run it as your main router, or to run it behind your main router then have things physically connected to the LAN port (including an AP if you want wireless). There are ways to force it to sit as a LAN device off your own router and have certain devices use it, but it would get complex.
So with that particular model you’d probably end up doing Nokia → GL.Inet → Eero in AP mode, and basically the same at the main home also, but replace Nokia with Modem, as you originally were thinking. You could run the eero as a router, but daisy chaining 3 routers and trying to get all the firewall etc to work would be pretty complex. In that setup if your Mac remains connected to the Nokia then it would not use the VPN, but everything else would/could (depending what you set each device/website to do within the GL.Inet router).
At that point if this box runs $120, it might be worth looking at a wireless router that supports VPN built in. Asus and various others do. You could potentially use the eero as an AP/repeater if you need additional wifi coverage.
Yup, I was having a brain fart 
Funny that you mentioned GL.Inet, I was just looking into their Mango travel router and it has everything I need at half the price of the one I posted. However, my need for VPN would come in place only if they throttle my Plex server at home. I don’t usually watch Netflix at the cottage, occasionally Prime but as you said at 750dpi it shouldn’t be that bad. I already have NordVPN on my Mac and all the phones and tablets. I also have it on my Android box. When I tried my Mac on the Nokia the speed was almost the same with NordVPN on and off. NordVPN is using their variant of WireGuard which doesn’t tax the speed that much.
The question remains, will I have a good 5G or 4G coverage to support 100/10MBs? If not all of this is moot At least I learned much more than I knew before starting this thread.
You rock my friend!
Yeah I’d say at this point get it up and running and see what your speeds are both for regular stuff and streaming, and if you see issues with limitations they impose, then worry about maybe using VPN.
NordVPN would bypass any video compression they do, assuming you can access your plex box through it, which I don’t see why you wouldn’t be able to. TBD whether they throttle the raw speed to those common VPN providers though. It also may prevent you from watching Netflix or others that are actively blocking people trying to hide behind VPNs for password sharing or region defeat purposes. But doesn’t sound like that’s a huge deal for you to have Netflix limited.
Also obviously Nord will only work on devices that support the NordVPN client, depending what you’re using to watch Plex or other streams, that may not solve it for them, which is where a hardware based VPN box comes into play.
Hopefully your plex gets no compression on the video streams and Netflix at 720 is sufficient and then you don’t really have any need for VPN. It’s supposed to be a place to relax, not turn into a network admin job
1 Like
Just get 400-500 miles of Fiber and run it over to your lakeside hideout. The 
(s) like streaming videos too. 
Will you land me a hand to run it over? 
I’ll send MFP to help you out, he doesn’t do much here.
I didn’t want to start mention it (yet) but it is possible to set up a Layer2 VPN and essentially have the cabin network just be an extension of the home LAN, which could even allow the Wyze cams to stream direct. That essentially is a virtual cable run between the two, just capped at whatever the ISP speed is and a bit higher latency which probably won’t be very noticeable, especially if both are on the Rogers network.
I’m sure Rogers or Bell will run dark fiber for you. Once you pay the millions in one time costs, the monthly fee probably won’t be too outrageous, comparatively speaking.
➜ 
Well I do drive on the freeway all the time at 117.482 KMH. 
1 Like
Do you have a link or something so I can look into it? You woken up the mad scientist in me
EDIT: I Googled Layer 2 VPN and my head started spinning. I think I need and exorcist
2 Likes
It’s only 531 km, 329.95 miles to be exact
1 Like
If it is something you’re interested in then it is just something you’d want to look for when choosing a VPN solution. The most common protocol is L2TP (Layer 2 Tunneling Protocol) but there are others. I believe Asus routers support L2TP and I’m guessing many other routers and VPN appliances/software probably do too.
It can be a bit more complex to set up, I guess it depends if you have a specific reason/benefit you’re looking for to determine if it is worth it.
Honestly, at first when you mentioned it, I was intrigued. I thought, that would be neat idea to have access to everything, especially my Plex server “locally”. But then, I realized that it won’t benefit me at all taking into consideration that I have to buy new routers, switch ISP’s (home ISP is not Rogers), all the grunt work that I have to do setting it up.
I have pretty good system, my main computer is MacMini, it is roughly 8" x 8" and 1.5" tall and I take it with me when I go to the cottage. I connect to the office and home via TeamViewer or Any desk. I have two sets of double monitors, keyboard and mouse at home and at the cottage. When I plug and unplug my Mac it has no idea that he’s been moved from one location to another 
. At home I have two MacPro’s one is dedicated Plex server accessible via TV and AnyDesk, the other one is file/backup server. I hate throwing away tech gadgets, As much as possible I like to repurpose everything. I have an old iPad that is not supported by anything that I turned into a digital picture frame.
EDIT:
Speaking of software solution, back in the early days of cable internet, I had one of my Macs set up as a router. Had two NIC’s one as WAN the other as LAN. Can’t remember the name of the software, it ran natively on Mac OS and had integrated Web/Mail server and a router capabilities.
I love to tinker and learn new stuff.
No need to switch home ISP, it is like any other VPN, as long as the two endpoints can talk, that’s all you need. If you’re going to get hardware to do a VPN, most of them can do L2TP (including I believe most of the GL.Inet ones), but it would just be a feature to keep an eye out for when shopping if it is of interest. That’s basically the whole point of L2TP, to “tunnel” your L2 network through an L3 network like the internet to make it seem like two different sites are on the same LAN and they don’t know there are routers and ISPs in the path, or how many of them there are, that all gets hidden effectively.
But I think one step at a time, see how things work “normally”, and if you feel there is a need to have a VPN, can figure out what type you want to do.
Many still do this, the most popular today are PFSense and OpnSense, very powerful firewall/routers that can also do VPN, VLANs, etc. Typically people grab one of the micro PCs that are available all over the place mostly for this type of purpose, but some just repurpose an old PC for it. Even older x86 “Core” based processors have AES hardware acceleration (for VPN encryption) and most have decent NICs. Even onboard NICs have TCP offloading and routing performance is pretty good. But older PCs also draw more power and take up space, which is why most end up with some low power mini PC. Even Raspberry Pi can do a lot (but it has its limits). Not sure what is/isn’t available for MacOS (either x86 based or their own chips) though, the two I mention above run on Linux which I believe some Macs can run?
Me too, but at a certain point have to give up. Like my 2008 Core 2 Quad desktop that is essentially my NAS and media server, it draws a lot of power compared to modern PCs. Granted the amount I use it accounts to probably less than a dollar a month of power, so I’m not too worried, but I’ve been keeping an eye out for a replacement. Desktops are stupid expensive these days, I’m almost tempted to just use a laptop that is always closed. For obvious security reasons, when Windows 10 support ends next year, I’ll have to replace it. It won’t run 11 by default, nor would I want to try to hack it to run 11, it is just far too old. I could go Linux but a lot of the stuff I have set up that uses it is DOS and Windows based, would be a big undertaking.
But to repurpose that PC as a router would just waste a lot of power. I went from one extreme (enterprise grade networking hardware, wifi, and servers) to the other (Asus router doing it all, and email/web outsourced). Can’t let myself start creeping back the other way. The power and static IP cost was just not reasonable. I still have a stack of 10gig Cisco and Palo Alto gear but that is relegated to occasional lab use, and a backup heating source should my furnace die.
Countless times I’ve taken a PC someone was getting rid of, maxed out the CPU and RAM cheap from ebay (the one time rapid tech depreciation is a good thing), toss in a cheap SSD, and upgrade a friend or neighbor that doesn’t need anything special.
Though my (crappy even when released but provided by work so had no choice) Samsung J7 Prime still sits next to my couch and runs a Google Voice number (for when I don’t want to give out my real number but they need to be able to reach me), the Wyze 2.5 app, and a few other things that I don’t want to do on my main phone. Android 8 is the latest it will run. It was a special model made for AT&T, the only J7 that didn’t have an OLED screen. POS. Most stuff runs hilariously slow but the Wyze app runs pretty well.
I even have a Windows Phone in a drawer but I doubt there is much use for that these days, even when it was supported, many apps never bothered releasing Windows Phone versions, and the ones that did were often ported and ran like crap (though I ended up really liking the “tiles” thing). The stack of like 12 blackberries is mostly for nostalgia 
1 Like
Good to know, because my search led me to believe that having two different ISPs tends to complicate things.
At this time there is nothing that runs natively on Mac OS, but IPFire, OpenWRY, pfSense and VyOS will run through virtualization.
Hah, same year as my MacPros.
I just hacked my MacPros to macOS Monterey, couple years old but should let me use it for another couple years.
Ha, ha I her you brother. If I close the door of my office and come back in a few hours I have to strip down to my under ware.
Funny, never had one.