dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
14288
share rss forum feed


PBateman

@sbcglobal.net

VPN router recommendations for whole house VPN

Hi everyone,

I respect DSLreports as a source and would like to ping this community for some recommendations.

I'd like to setup my entire home under a VPN.

My router is a wrt320n. I would like the home router to assume the responsibility of handling the vpn connection to the vpn service so that none of my devices have to be configured separately. I understand that hardware is a problem for most routers and VPNs, so I am flexible with what is needed. Further, I would also like the ability to VPN INTO my local network (in the case of being near open wifi).

I'd like to make this as secure as possible, something like OpenVPN should do the trick. Not only secure, but any hit to latency and speed should be minimal (I have 18/1.5 speeds now, but I may upgrade to 50/4 in the near future).

I am not under the impression the wrt320N will be sufficient.

Do you have a specific VPN router to recommend? specific general router than can do the job?



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

If you like to tinker, have time than your best bet is pfsense or something in that order, very cost effective and flexible. If you want a VPN router thats more plugnplay then suggest looking at the USG series of zyxel.


HELLFIRE
Premium
join:2009-11-25
kudos:18

1 recommendation

reply to PBateman

First off, which VPN service are you looking to obtain? Most services -- BTGuard, ipvanish, et al, are geared for PPTP
(avoid like the plague due to weak encryption) or L2TP VPN, but I've found VERY LITTLE support for non-DDWRT /
Tomato / et al configurations for these services. IIRC, DDWRT, Tomato, et al will support remote-access VPNs, so for
minimal hassle, I'd check into wrt320n's compatibility with being loaded with alternate firmware and go from there.

For security, as I said, avoid a PPTP setup -- see »www.schneier.com/paper-pptpv2.html for a full explanation.
AES-128 / SHA1 is considered a baseline... thought AES-256 / SHA2+ is more ideal. To hit 50Mbps with AES-256 / SHA2,
scale your hardware accordingly. Generally speaking, home routers' CPUs are scaled for cost, NOT high encryption
throughput.

For remote access solutions, there's appliance-based and DIY -- key things is your budget, and level of comfort in DIY.
Also, keep in mind that you'll need a compatible remote-access client, of which appliance solutions typically charge
you on purchase of the device, or on a "per-seat / device-installed-on" basis. There's a "free" VPN client Shrewsoft,
but I can't claim much personal experience with it -- YMMV with it.

Alternatively, there's SSL-VPNs -- of which I THINK OpenVPN supports, but again, keep in mind of your budget and
level of DIY comfort.

My 00000010bits

Regards



PBateman

@sbcglobal.net

I have not confirmed which service yes but one of my requirements is tight security; no pptp.

My wrt320n does have ddwrt, I tried setting up basic pptp to VPN in remotely just to try out but it was too slow, could connect but not do anything.

Diy is my thing, so looking forward to a new project. One thing I do not want is VPN software on my PCs, we just have too many and tablets and phones. For hardware, whatever would suit the beat security with no speed hickups is fine with me.

In fact, this leads me to another question...would it be more cost effective to get cheap dated x86 hardware with 2 nics and place that between my ISP gateway and my router?


bigboy

join:2000-12-04
Palo Alto, CA
reply to PBateman

I personally use a Zyxel USG20 (and used a Zywall 2 in the past) for home VPN. For your speeds, you would need to step up to a USG200 or something like that (Anav would know best). I can VPN in using either SSL VPN or L2TP/IPSec.

One thing to consider with the old PC setup is how much power that machine will take. Old PCs tend to be piggish with electricity.


HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to PBateman

said by PBateman :

One thing I do not want is VPN software on my PCs, we just have too many and tablets and phones.

The fact that you have this requirement :

said by PBateman :

I would also like the ability to VPN INTO my local network (in the case of being near open wifi).

If you're doing an IPSec VPN, you'll need client software, unless you use SSL VPN.
Also, you'll have to do some research into the LEVEL of access you want in SSL VPN.
It can vary from simple things and web-based mail all the way to full Java client
access... again, YMMV with SSL VPN so do your research accordingly.

said by PBateman :

would it be more cost effective to get cheap dated x86 hardware with 2 nics and place that between my ISP gateway and my router?

Possibly. If you have an old box lying around and you're in a DIY mood, go nuts. There's multiple
*nix distros that'd do what you want. On the commerical end is Vyatta and possibly Astaro, neither
of which I do not have any direct experience with.

Regards

bigboy

join:2000-12-04
Palo Alto, CA

said by HELLFIRE See Profile
If you're doing an IPSec VPN, you'll need client software, unless you use SSL VPN.
Also, you'll have to do some research into the LEVEL of access you want in SSL VPN.
It can vary from simple things and web-based mail all the way to full Java client
access... again, YMMV with SSL VPN so do your research accordingly.

Depends on what you're running. I am able to use L2TP/IPSec that comes with Mountain Lion (10.8) to VPN into my Zyxel. In fact I am also able to VPN with my iPhone as well, though I haven't found that feature too useful for me in a home context.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to PBateman

Switchman in another thread also posted this interesting routing-switching device...
»dl.ubnt.com/datasheets/edgemax/E···e_DS.pdf



TheMole

join:2001-12-06
USA

2 edits
reply to PBateman

i have similar setup, but i do not connect to a service, but rather connect 3 other homes in my immediate family. so we have a secure network between our homes.

I purchased several cheap atom based fanless PCs with 1 gb of memory and a small hard drive off of ebay for the OS. i installed centos 5.x and set up openvpn on each of them. 1 of them, at my house, is the vpn server. the others run as VPN clients. The connections are kept alive 24/7. my server machine updates a dyndns domain name for any Dynamic IP changes at my side.

over the secure network, we run file sharing and voip. i routinely remote into their desktops via RDP or SSH into the centos boxes to perform maintenance (very little maintenance actually).

I use one of the remote boxes to mirror my file server using rsync. it's cheaper to hang a USB hard drive off the remote box than pay for an online backup service. and since this is my family, i'm not concerned about physical security of the external usb hard drive.

all in all i think this cost me approx $350 to set up 4 homes.

the most difficult part was adding the correct routes to the various remote routers (3 different vendor routers all have a different way of entering routes to their tables). ensuring the routes at the local and remote end are correct allows any machine on the network (remote or local) to get to the VPN and out on the other side and hit any machine there.

good luck. hope this helps.

edit: here is an atom pc that is much better than mine and cheaper: »www.ebay.com/itm/Wireless-Dell-O···-content

Expand your moderator at work