BT Home Hub 5A as dumb access point: is it possible to use Openvpn?

Ok, I performed a factory reset, changed the cable management and connections on BT and followed your guide.

Now I can use Openvpn (with Mullvad) with no issues on BT. As you say in your guide, the speed is limited to 8-9 Mbps in upload and download (while Openvpn on Ubuntu on pc is 80Mbps). But I've seen that with Wireguard protocol it seems to be way faster.

Is there a guide for Wireguard?

Which router can be used to have speed around 70-80Mbps?

Try Wireguard instead of OpenVPN. It may not get you 70-80Mbps, but it should be a decent bit higher than OpenVPN.

Is there any guide for LUCI to configure Wireguard?

Have you studied Mullvad's guide?

Make sure the openwrt router LAN IP is not on same subnet as your ISP facing router. eg. use

fwiw, I've measured 36-40 mbps with wireguard on HH5A with my 55/10mb connection with my VPN provider.

Wireguard is also time sensitive. Check bottom of owrt wireguard wiki page if you discover you cannot pass data through the VPN tunnel.

I'm studying it, thanks for the link!

I've followed the guide for Wireguard that @bill888 linked.

Now I have around 20Mbps in upload and download. Not bad. Do I need to try one peer per time to test different peer speed?

Were you connected to a UK peer ?

I'm connected to a DE peer. The strange thing is that every pc connected to BT via LAN has a different download speed...obviously I'm not testing them all togheter :smiley: Some pc has 20mbps, some 36...

Ok, I'll try to check one per time. But It's possible to add more peers in Wireguard panel. I don't think that I can add more peers and test one per time. Maybe I need to use only one peer in that panel to check the effective speed of that specific peer.

Nope, you can define multiple peers within one wireguard interface. Although if you are using a single VPN provider I can't vouch for how well it'd work if you just selected 'Route allowed IPs' on all of them. You'd probably need to do your own routing, either manually or with something like VPN policy routing.


Now I have two PC connected via LAN to the BT, running Wireguard.

One pc has NL IP, while the other one DE IP. I only have NL peer in BT right now.

It won't. For sure something like mwan3 will be needed there.

The results will not be accurate like this. The PC is more powerful in encrypting/decrypting packets than the router.

When I told that I have two pc connected via LAN to BT to specify that I have two different public IP showing. It seems strange to me, because I was thinking that the IP should be the same for the two computers.

Are they both using the BT as gateway?

They are both connected to BT switch, one with DHCP and another one with manual IP.

Maybe I did something wrong with the settings, I'll try to check for it.

EDIT: I used DHCP on both computers to check the speed. The one (Ubuntu 20.04) connected directly via Ethernet to BT has 20Mbps of speed, while the other one (with Win 10) connected thru 200Mbps powerlines (with 100Mbps ethernet port) has 37Mpbs of speed!

BTW, could I use 2.4Ghz WIFI with VPN and 5Ghz without? Is it possible?

It doesn't matter so much where are they connected, but which gateway are they using. If they are using the BT, then they will use the VPN, if they use the ISP router they will use the ISP.

Yes, it is possible. You'll need to create a new interface for the 2,4GHz, enable dhcp/dns, assign it to a new zone, and allow traffic from this zone to the vpn zone.


Do I need to create the new interface for the wifi I want to connect with or without VPN?

There is possibly a simpler solution but it may depend on how your firewall zones are configured.

If WAN port from HH5A is wired to LAN port of your ISP router, perhaps you could just bridge a wireless interface (eg. 5GHz) to the WAN interface instead of the default LAN interface?
If you don't wish wifi device to use VPN, then connect to this 5 GHz wifi network in this example.

I know the above works if you followed by openvpn client guide for HH5A.

It worked!

Thanks a lot for the help!

The strange fact is that now they are using the same gateway (I leave everything in automatic), so it's really strange that there is this difference between the two machines!

