Cool Ideas VPN Server(s)

XperiAnce

Senior Member
Joined
Feb 23, 2005
Messages
540
Got this working on OpenWRT (with some difficulty), as a dedicated device. Will point Xbox to it tonight and let you know how it performs.

View attachment 1254214
So Battlefield V ended up being about 12ms worse (171 to 183) but all those servers are hosted in Germany. I'll try Rainbow 6 now which has Ireland and Netherlands servers.
 

CrypticZA

Expert Member
Joined
Sep 21, 2019
Messages
2,238
So Battlefield V ended up being about 12ms worse (171 to 183) but all those servers are hosted in Germany. I'll try Rainbow 6 now which has Ireland and Netherlands servers.
Yea so this VPN server hits London from Cape Town at 150-151ms vs the normal 141-142, so when i use it basically my normal ping is increased by 10ms since i am hitting London at +10.

When playing Apex i use it to get better ping to Belgium and Finland only at the cost of every other ping going up by 10.
 

XperiAnce

Senior Member
Joined
Feb 23, 2005
Messages
540
Yea so this VPN server hits London from Cape Town at 150-151ms vs the normal 141-142, so when i use it basically my normal ping is increased by 10ms since i am hitting London at +10.

When playing Apex i use it to get better ping to Belgium and Finland only at the cost of every other ping going up by 10.
It's connected to Rainbow 6 Netherlands. The ping is worse (8ish Ms), however this is a godsend. When Ubisoft created South African servers, it meant matchmaking took over an hour. It was virtually dead. Now I can actually get back into this game by being in a populated region.
 

Attachments

  • 456C09CE-4236-4639-A1B7-266BC80B05A5.jpeg
    456C09CE-4236-4639-A1B7-266BC80B05A5.jpeg
    235.9 KB · Views: 17

TheRoDent

Cool Ideas Rep
Joined
Aug 6, 2003
Messages
5,910
It's connected to Rainbow 6 Netherlands. The ping is worse (8ish Ms), however this is a godsend. When Ubisoft created South African servers, it meant matchmaking took over an hour. It was virtually dead. Now I can actually get back into this game by being in a populated region.
Yes, matchmaking is also partly the reason for the VPN
 

XperiAnce

Senior Member
Joined
Feb 23, 2005
Messages
540
Yes, matchmaking is also partly the reason for the VPN
My Xbox is going to pull everything through this vpn now, including multiGB patches. Will this mess with the service / get me in trouble / mess with your capacity? Would you ideally like me to toggle if doing a big DL or does it not really matter?
 

Johnatan56

Honorary Master
Joined
Aug 23, 2013
Messages
30,360

TheRoDent

Cool Ideas Rep
Joined
Aug 6, 2003
Messages
5,910
My Xbox is going to pull everything through this vpn now, including multiGB patches. Will this mess with the service / get me in trouble / mess with your capacity? Would you ideally like me to toggle if doing a big DL or does it not really matter?
Nah, all fine.
 

luckystrike

Well-Known Member
Joined
Nov 13, 2007
Messages
153
@TheRoDent @PBCool

Hello!
singapore.png
I saw this this morning on my default cool Ideas connection! Have you guys started routing some ip's to Singapore? I know its not to all Singapore ip's Since pings in game are still high even if you pick Singapore

Kind regards
 

CrypticZA

Expert Member
Joined
Sep 21, 2019
Messages
2,238
its cool ideas themselves.... I just want to find a way to connect to Singapore without having to jump to an other service provider in South Africa first :)
Nah its the server host all ISP's are seeing this ping, i researched it as soon as it came out

View attachment 1215108
@PBCool you guys get capacity on SAFE or is it just a happy accident. This is from cape town.

We had the discussion here host name is Unitas Global they provide servers for a few games and most ISP's are seeing this same latency to this server.
 

Jason-ZA

Well-Known Member
Joined
Sep 23, 2019
Messages
417
With the recent google capacity issues in JHB, it started affecting my gaming traffic where the servers are hosted on google cloud, so I decided to setup a VPN tunnel on my mikrotik that automatically starts up the VPN connection to the CISP UK VPN whenever a device on the network tries to access google cloud.

This allows me to bypass the JHB POP giving me lower latency and no more disconnects.
I hope the dial on demand wont cause CISPs logs to get spammed to much with all the disconnecting and reconnecting whenever its used.

This is very convenient for me because I dont have to worry about manually connecting & disconnecting from the VPN all the time.

I thought I would share the setup I have if anyone is interested (use the firewall rules at your own risk though) - RouterOS 7.x

Code:
#Address list
/ip firewall address-list
add address=34.104.116.0/22 list=gcc_eu
add address=34.116.128.0/17 list=gcc_eu
add address=34.118.0.0/17 list=gcc_eu
add address=34.124.52.0/22 list=gcc_eu
add address=34.88.0.0/16 list=gcc_eu
add address=34.104.96.0/21 list=gcc_eu
add address=34.124.32.0/21 list=gcc_eu
add address=35.203.232.0/21 list=gcc_eu
add address=35.217.0.0/18 list=gcc_eu
add address=35.220.26.0/24 list=gcc_eu
add address=35.228.0.0/16 list=gcc_eu
add address=35.242.26.0/24 list=gcc_eu
add address=8.34.208.0/23 list=gcc_eu
add address=8.34.211.0/24 list=gcc_eu
add address=8.34.220.0/22 list=gcc_eu
add address=23.251.128.0/20 list=gcc_eu
add address=34.76.0.0/14 list=gcc_eu
add address=34.140.0.0/16 list=gcc_eu
add address=35.187.0.0/17 list=gcc_eu
add address=35.187.160.0/19 list=gcc_eu
add address=35.189.192.0/18 list=gcc_eu
add address=35.190.192.0/19 list=gcc_eu
add address=35.195.0.0/16 list=gcc_eu
add address=35.205.0.0/16 list=gcc_eu
add address=35.206.128.0/18 list=gcc_eu
add address=35.210.0.0/16 list=gcc_eu
add address=35.220.96.0/19 list=gcc_eu
add address=35.233.0.0/17 list=gcc_eu
add address=35.240.0.0/17 list=gcc_eu
add address=35.241.128.0/17 list=gcc_eu
add address=35.242.64.0/19 list=gcc_eu
add address=104.155.0.0/17 list=gcc_eu
add address=104.199.0.0/18 list=gcc_eu
add address=104.199.66.0/23 list=gcc_eu
add address=104.199.68.0/22 list=gcc_eu
add address=104.199.72.0/21 list=gcc_eu
add address=104.199.80.0/20 list=gcc_eu
add address=104.199.96.0/20 list=gcc_eu
add address=130.211.48.0/20 list=gcc_eu
add address=130.211.64.0/19 list=gcc_eu
add address=130.211.96.0/20 list=gcc_eu
add address=146.148.2.0/23 list=gcc_eu
add address=146.148.4.0/22 list=gcc_eu
add address=146.148.8.0/21 list=gcc_eu
add address=146.148.16.0/20 list=gcc_eu
add address=146.148.112.0/20 list=gcc_eu
add address=192.158.28.0/22 list=gcc_eu
add address=34.89.0.0/17 list=gcc_eu
add address=34.105.128.0/17 list=gcc_eu
add address=34.142.0.0/17 list=gcc_eu
add address=34.147.128.0/17 list=gcc_eu
add address=35.189.64.0/18 list=gcc_eu
add address=35.197.192.0/18 list=gcc_eu
add address=35.203.210.0/23 list=gcc_eu
add address=35.203.212.0/22 list=gcc_eu
add address=35.203.216.0/22 list=gcc_eu
add address=35.214.0.0/17 list=gcc_eu
add address=35.220.20.0/22 list=gcc_eu
add address=35.230.128.0/19 list=gcc_eu
add address=35.234.128.0/19 list=gcc_eu
add address=35.235.48.0/20 list=gcc_eu
add address=35.242.20.0/22 list=gcc_eu
add address=35.242.128.0/18 list=gcc_eu
add address=35.246.0.0/17 list=gcc_eu
add address=34.89.128.0/17 list=gcc_eu
add address=34.104.112.0/23 list=gcc_eu
add address=34.107.0.0/17 list=gcc_eu
add address=34.124.48.0/23 list=gcc_eu
add address=34.141.0.0/17 list=gcc_eu
add address=35.198.64.0/18 list=gcc_eu
add address=35.198.128.0/18 list=gcc_eu
add address=35.207.64.0/18 list=gcc_eu
add address=35.207.128.0/18 list=gcc_eu
add address=35.220.18.0/23 list=gcc_eu
add address=35.234.64.0/18 list=gcc_eu
add address=35.235.32.0/20 list=gcc_eu
add address=35.242.18.0/23 list=gcc_eu
add address=35.242.192.0/18 list=gcc_eu
add address=35.246.128.0/17 list=gcc_eu
add address=34.90.0.0/15 list=gcc_eu
add address=34.104.126.0/23 list=gcc_eu
add address=34.124.62.0/23 list=gcc_eu
add address=34.141.128.0/17 list=gcc_eu
add address=34.147.0.0/17 list=gcc_eu
add address=35.204.0.0/16 list=gcc_eu
add address=35.214.128.0/17 list=gcc_eu
add address=35.220.16.0/23 list=gcc_eu
add address=35.234.160.0/20 list=gcc_eu
add address=35.242.16.0/23 list=gcc_eu
add address=34.65.0.0/16 list=gcc_eu
add address=34.104.110.0/23 list=gcc_eu
add address=34.124.46.0/23 list=gcc_eu
add address=35.216.128.0/17 list=gcc_eu
add address=35.220.44.0/24 list=gcc_eu
add address=35.235.216.0/21 list=gcc_eu
add address=35.242.44.0/24 list=gcc_eu

#Routing Table
/routing table
add disabled=no fib name=GCC

#Mangle
/ip firewall mangle
add action=mark-routing chain=prerouting comment="Google Cloud - EU" dst-address-list=gcc_eu new-routing-mark=GCC passthrough=no

#Route
/ip route
add comment="Google Cloud - EU - CISP VPN" disabled=no distance=1 \
    dst-address=0.0.0.0/0 gateway=cisp-vpn pref-src="" routing-table=GCC \
    scope=30 suppress-hw-offload=no target-scope=10
  
#NAT
add action=masquerade chain=srcnat comment="NAT - CISP VPN" out-interface=cisp-vpn

#PPP Profile
/ppp profile
add change-tcp-mss=yes idle-timeout=3s name=cisp-vpn use-encryption=yes

#VPN Interface
/interface sstp-client
add comment="Cool Ideas - UK VPN" connect-to=ukvpn.cisp.co.za dial-on-demand=\
    yes disabled=no keepalive-timeout=10 max-mtu=1460 name=cisp-vpn profile=\
    cisp-vpn tls-version=only-1.2 user=test password=test
  
#Firewall - use these firewall rules at your own risk
/ip firewall filter
add action=accept chain=forward comment="Allow established & related - Forward" connection-state=established,related
add action=accept chain=input comment="Allow established & related - Input" connection-state=established,related
add action=drop chain=input comment="Drop All - Input - CISP VPN" in-interface=cisp-vpn
add action=drop chain=forward comment="Drop All - Forward - CISP VPN" in-interface=cisp-vpn
 

r00igev@@r

Executive Member
Joined
Dec 14, 2009
Messages
8,779
With the recent google capacity issues in JHB, it started affecting my gaming traffic where the servers are hosted on google cloud, so I decided to setup a VPN tunnel on my mikrotik that automatically starts up the VPN connection to the CISP UK VPN whenever a device on the network tries to access google cloud.

This allows me to bypass the JHB POP giving me lower latency and no more disconnects.
I hope the dial on demand wont cause CISPs logs to get spammed to much with all the disconnecting and reconnecting whenever its used.

This is very convenient for me because I dont have to worry about manually connecting & disconnecting from the VPN all the time.

I thought I would share the setup I have if anyone is interested (use the firewall rules at your own risk though) - RouterOS 7.x

Code:
#Address list
/ip firewall address-list
add address=34.104.116.0/22 list=gcc_eu
add address=34.116.128.0/17 list=gcc_eu
add address=34.118.0.0/17 list=gcc_eu
add address=34.124.52.0/22 list=gcc_eu
add address=34.88.0.0/16 list=gcc_eu
add address=34.104.96.0/21 list=gcc_eu
add address=34.124.32.0/21 list=gcc_eu
add address=35.203.232.0/21 list=gcc_eu
add address=35.217.0.0/18 list=gcc_eu
add address=35.220.26.0/24 list=gcc_eu
add address=35.228.0.0/16 list=gcc_eu
add address=35.242.26.0/24 list=gcc_eu
add address=8.34.208.0/23 list=gcc_eu
add address=8.34.211.0/24 list=gcc_eu
add address=8.34.220.0/22 list=gcc_eu
add address=23.251.128.0/20 list=gcc_eu
add address=34.76.0.0/14 list=gcc_eu
add address=34.140.0.0/16 list=gcc_eu
add address=35.187.0.0/17 list=gcc_eu
add address=35.187.160.0/19 list=gcc_eu
add address=35.189.192.0/18 list=gcc_eu
add address=35.190.192.0/19 list=gcc_eu
add address=35.195.0.0/16 list=gcc_eu
add address=35.205.0.0/16 list=gcc_eu
add address=35.206.128.0/18 list=gcc_eu
add address=35.210.0.0/16 list=gcc_eu
add address=35.220.96.0/19 list=gcc_eu
add address=35.233.0.0/17 list=gcc_eu
add address=35.240.0.0/17 list=gcc_eu
add address=35.241.128.0/17 list=gcc_eu
add address=35.242.64.0/19 list=gcc_eu
add address=104.155.0.0/17 list=gcc_eu
add address=104.199.0.0/18 list=gcc_eu
add address=104.199.66.0/23 list=gcc_eu
add address=104.199.68.0/22 list=gcc_eu
add address=104.199.72.0/21 list=gcc_eu
add address=104.199.80.0/20 list=gcc_eu
add address=104.199.96.0/20 list=gcc_eu
add address=130.211.48.0/20 list=gcc_eu
add address=130.211.64.0/19 list=gcc_eu
add address=130.211.96.0/20 list=gcc_eu
add address=146.148.2.0/23 list=gcc_eu
add address=146.148.4.0/22 list=gcc_eu
add address=146.148.8.0/21 list=gcc_eu
add address=146.148.16.0/20 list=gcc_eu
add address=146.148.112.0/20 list=gcc_eu
add address=192.158.28.0/22 list=gcc_eu
add address=34.89.0.0/17 list=gcc_eu
add address=34.105.128.0/17 list=gcc_eu
add address=34.142.0.0/17 list=gcc_eu
add address=34.147.128.0/17 list=gcc_eu
add address=35.189.64.0/18 list=gcc_eu
add address=35.197.192.0/18 list=gcc_eu
add address=35.203.210.0/23 list=gcc_eu
add address=35.203.212.0/22 list=gcc_eu
add address=35.203.216.0/22 list=gcc_eu
add address=35.214.0.0/17 list=gcc_eu
add address=35.220.20.0/22 list=gcc_eu
add address=35.230.128.0/19 list=gcc_eu
add address=35.234.128.0/19 list=gcc_eu
add address=35.235.48.0/20 list=gcc_eu
add address=35.242.20.0/22 list=gcc_eu
add address=35.242.128.0/18 list=gcc_eu
add address=35.246.0.0/17 list=gcc_eu
add address=34.89.128.0/17 list=gcc_eu
add address=34.104.112.0/23 list=gcc_eu
add address=34.107.0.0/17 list=gcc_eu
add address=34.124.48.0/23 list=gcc_eu
add address=34.141.0.0/17 list=gcc_eu
add address=35.198.64.0/18 list=gcc_eu
add address=35.198.128.0/18 list=gcc_eu
add address=35.207.64.0/18 list=gcc_eu
add address=35.207.128.0/18 list=gcc_eu
add address=35.220.18.0/23 list=gcc_eu
add address=35.234.64.0/18 list=gcc_eu
add address=35.235.32.0/20 list=gcc_eu
add address=35.242.18.0/23 list=gcc_eu
add address=35.242.192.0/18 list=gcc_eu
add address=35.246.128.0/17 list=gcc_eu
add address=34.90.0.0/15 list=gcc_eu
add address=34.104.126.0/23 list=gcc_eu
add address=34.124.62.0/23 list=gcc_eu
add address=34.141.128.0/17 list=gcc_eu
add address=34.147.0.0/17 list=gcc_eu
add address=35.204.0.0/16 list=gcc_eu
add address=35.214.128.0/17 list=gcc_eu
add address=35.220.16.0/23 list=gcc_eu
add address=35.234.160.0/20 list=gcc_eu
add address=35.242.16.0/23 list=gcc_eu
add address=34.65.0.0/16 list=gcc_eu
add address=34.104.110.0/23 list=gcc_eu
add address=34.124.46.0/23 list=gcc_eu
add address=35.216.128.0/17 list=gcc_eu
add address=35.220.44.0/24 list=gcc_eu
add address=35.235.216.0/21 list=gcc_eu
add address=35.242.44.0/24 list=gcc_eu

#Routing Table
/routing table
add disabled=no fib name=GCC

#Mangle
/ip firewall mangle
add action=mark-routing chain=prerouting comment="Google Cloud - EU" dst-address-list=gcc_eu new-routing-mark=GCC passthrough=no

#Route
/ip route
add comment="Google Cloud - EU - CISP VPN" disabled=no distance=1 \
    dst-address=0.0.0.0/0 gateway=cisp-vpn pref-src="" routing-table=GCC \
    scope=30 suppress-hw-offload=no target-scope=10
 
#NAT
add action=masquerade chain=srcnat comment="NAT - CISP VPN" out-interface=cisp-vpn

#PPP Profile
/ppp profile
add change-tcp-mss=yes idle-timeout=3s name=cisp-vpn use-encryption=yes

#VPN Interface
/interface sstp-client
add comment="Cool Ideas - UK VPN" connect-to=ukvpn.cisp.co.za dial-on-demand=\
    yes disabled=no keepalive-timeout=10 max-mtu=1460 name=cisp-vpn profile=\
    cisp-vpn tls-version=only-1.2 user=test password=test
 
#Firewall - use these firewall rules at your own risk
/ip firewall filter
add action=accept chain=forward comment="Allow established & related - Forward" connection-state=established,related
add action=accept chain=input comment="Allow established & related - Input" connection-state=established,related
add action=drop chain=input comment="Drop All - Input - CISP VPN" in-interface=cisp-vpn
add action=drop chain=forward comment="Drop All - Forward - CISP VPN" in-interface=cisp-vpn
You are a genius, well done. I never thought about doing a split-tunnel on the mikrotik itself. Would have saved me a few grey hairs.
I have been experiencing the problem since last year. See that you use SSTP and not OpenVPN. The config supports both although I remember the Mikrotik had a quirk on the OpenVPN handshake which required a patch.
There is a debate that OPENVPN is faster but it makes no difference if sstp works just as well, In actual fact, sstp is far easier to implement!
 

TheRoDent

Cool Ideas Rep
Joined
Aug 6, 2003
Messages
5,910
You are a genius, well done. I never thought about doing a split-tunnel on the mikrotik itself. Would have saved me a few grey hairs.
I have been experiencing the problem since last year. See that you use SSTP and not OpenVPN. The config supports both although I remember the Mikrotik had a quirk on the OpenVPN handshake which required a patch.
There is a debate that OPENVPN is faster but it makes no difference if sstp works just as well, In actual fact, sstp is far easier to implement!
@Jason-ZA

So, your address list is interesting. What are those ranges specifically?

I'd be happy to give you a BGP feed that might make it easier to populate that list more dynamically. If it is a specific AS number.

Alternatively, maybe we could setup a cloud router, and you can populate the list? Might be useful.

I complained about this very thing years ago, when I wrote some scripts to do routing on a "local-only" DSL account, and approached several ISP's for a BGP feed, and got turned down. Had to write scripts that would login to public route servers, and create a list.

Would love to help.
 
Last edited:

Jason-ZA

Well-Known Member
Joined
Sep 23, 2019
Messages
417

TheRoDent

Cool Ideas Rep
Joined
Aug 6, 2003
Messages
5,910
Top