Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User Alvintc
(newbie) Fri 08-Feb-19 13:06:16
Print Post

FTTPoD/ VPN/ RDP


[link to this post]
 
HI Guys,

Hopefully this is the right place! I'm having FTTPoD installed and I figure it's time to start locking things down.

I have an server that stores files/ serves media etc. that's always on.
I have netgear Orbi router which I use to VPN into home when I'm off site.

I'd now like to sign up to a VPN service security etc.

However if I run the VPN purely on the server I'd pretty much lose access to it (it's a box in a cupboard, I RDP to it currently even when I'm at home).

I don't have another box lying around that i can use as a router for split tunnelling (I think that's the right term!)

So my options I think are limited to a router I can put between the orbi & fibre modem that will sign up to a VPN?

Does anyone have any suggestions/ better ideas?
Standard User rman
(learned) Tue 19-Mar-19 17:54:20
Print Post

Re: FTTPoD/ VPN/ RDP


[re: Alvintc] [link to this post]
 
You'd need something more powerful such as PfSense to handle that I believe. My FTTPoD is going live this week and I decided to build a home server with one of its uses running PfSense virtualised.

I have plans like you where I'll be having a network dedicated to running over an external VPN such as PIA.

For now I have it running over my current/soon to be old FTTC connection, with VPN enabled to allow me to remote in.
Standard User brookheather
(regular) Tue 19-Mar-19 18:42:41
Print Post

Re: FTTPoD/ VPN/ RDP


[re: Alvintc] [link to this post]
 
I have also recently built a pfSense box for my upcoming FTTPoD installation - currently running on my existing FTTC connection so I can learn how to configure it. I don't have a requirement to VPN out but I do have an OpenVPN server running so relatives can stream UK TV from abroad.

I have also implemented various firewall rules for parental controls and also enabled CODELQ traffic shaping to eliminate my buffer bloat - this keeps my three gamers happy with their low latency connections even when someone is streaming to Twitch or downloading large updates.

There are lots of cheap ex-corporate HP 400/600 G1 SFF desktop PCs on ebay for around £50 - just add another single or dual port PCIe Intel network card for around £15.

Edited by brookheather (Tue 19-Mar-19 18:43:56)


Register (or login) on our website and you will not see this ad.

Standard User PhilipD
(experienced) Wed 20-Mar-19 10:30:06
Print Post

Re: FTTPoD/ VPN/ RDP


[re: Alvintc] [link to this post]
 
Hi

Do you mean you want all your traffic to pass over a VPN out of your home address?

This doesn't really improve security because your data at some point must leave that VPN point and go out on the internet to reach the sites you want to visit. It's used more for privacy, i.e. hiding who you are/where you are on the Internet. For example accessing foreign programming or websites that would otherwise block you if you are not in that country.

Remember that most websites you visit (and this is becoming the norm now) use https, this encrypts your communications between you and that server so it can't be eavesdropped on, this makes a VPN going out unnecessary for security reasons, and you avoid a third party (the VPN provider) from potentially being the eavesdropper.

Also throughput and speeds could be affected over the VPN, plus you may find you get blocked from certain websites you use because of the VPN, depending on the IP address that VPN presents with, which could put you abroad.

For security and going out to the wider internet, then a VPN provider isn't really going to add any extra security, and most security breaches are caused by people inside on your local network downloading malware etc.

Regards

Phil
Standard User SamirD
(newbie) Wed 27-Mar-19 14:34:04
Print Post

Re: FTTPoD/ VPN/ RDP


[re: Alvintc] [link to this post]
 
If you have a full tunnel going out to a VPN provider, I don't think you'll have a way back in to your RDP box without adding a second NIC or some other funky set up. Unless there is a way to exclude certain MACs or IPs from the full tunnel--then you could use your original isp IP to get back to your RDP box.
Standard User R0NSKI
(fountain of knowledge) Thu 28-Mar-19 10:35:33
Print Post

Re: FTTPoD/ VPN/ RDP


[re: Alvintc] [link to this post]
 
Take a look at the Draytek range, I've just changed our works router to a Vigor 2926 to improve our security - I'd had over 30,000 attempts to hack my RDP password in about 5 hours, and that was as far back as the windows logs went. I'm very impressed with it and I found it much easier to configure than my PfSense box I'm using at home.

  Print Thread

Jump to