by "Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
Published 04/04/2017 at 11:14
by "Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
Published 04/04/2017 at 11:14
No Tags
STARS: 0
Home Network: is there a way that I could subscribe to a VPN and have all traffic through my home router go via that VPN connection? In other words, have it so that any and all laptops, cell phones or other devices that access the Internet through my router go through one VPN connection? The idea would be that I would then not have to maintain a connection per device when at home, and Comcast would have zero information about what I was doing with the pipe that they rent me.
I have a fairly robust Asus router and I run the Merlin custom firmware on it.
"PartyPooper2012" (PartyPooper2012)
04/04/2017 at 11:19, STARS: 0
Not a network engineer so I may be wrong, but VPN is from point A to point B traffic.
When you use it on a device A, you are setting up vpn from your device A to whatever destination B. For instance you are working from starbucks and want to VPN into work.
When you set it up on router, it would seem to me you are setting up all traffic (device X, Y and Z) to go to all same destination. So if your router was setup with such VPN, you could only visit one place... until router is reconfigured to go to a different place.
For instance, your office needs a secure line from Office 1 to office 2. Everyone in office 1 will have access to office 2.
"Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
04/04/2017 at 11:25, STARS: 0
Me neither. But that makes sense. My understanding of personal VPN is that you subscribe to a service in Switzerland or some place and your traffic is anonymized and goes out from there so everything you do looks like you are browsing in Switzerland.
"Junkrat aka Rick Sanchez: Fury Road Edition" (realasabass)
04/04/2017 at 11:48, STARS: 0
I do it with my pfsense firewall.
"BritishLeyland™" (leylandcars)
04/04/2017 at 11:49, STARS: 1
Uuuhm... GO GADGET GO!
"facw" (facw)
04/04/2017 at 11:52, STARS: 1
Yes, I don’t know the details but the firmware supports several VPN protocols.
"spanfucker retire bitch" (lelykon)
04/04/2017 at 11:53, STARS: 0
Yes, your router has a built-in client for OpenVPN, PPTP, and L2TP/IPsec. However I’ve tried to use OpenVPN in my Asus router (even beefier hardware than your model) and the speeds are atrocious. I know it’s not a limitation of the VPN itself because on my laptop I can get about 55Mbps while my native connection from my ISP is around ~60MBps.
On the router though, I actually get around 18 or 20Mbps. You could try finding a service that offers PPTP as well (far less computational overhead), but I honestly wouldn’t trust that protocol at this point. It’s highly insecure compared to just about anything else out there. There are also some complications that can arise with port forwarding and DDNS if you use those things. So the simpler your network topology, the less effect using a VPN at the router will have on it. Some VPN providers allow port forwarding though, or at the very least, opening up the NAT for your VPN to allow all connections through, and relying on your router/computers firewall instead.
"TheBloody, Oppositelock lives on in our shitposts." (thebloody)
04/04/2017 at 11:56, STARS: 0
So the best bet is to setup a personal VPN endpoint in Amazon’s EC2 environment:
Being that literally petabytes of information passes through there every second, it makes it much harder for ISP’s to snoop your traffic (still not impossible for them to do it)
Then you can configure your DD-WRT router to connect directly to it;
https://www.howtogeek.com/51772/how-to-setup-a-vpn-server-using-a-dd-wrt-router/
It’s important to know that you’re not masking your traffic, just obfuscating it. ISP’s could still snoop your traffic if they really wanted to, it’s just that it would be more hassle than it’s worth for a individual person.
Making sure you always use https also helps muddy the waters as ISP’s can only see that you connected to a specific IP address. They can’t see what you actually did on that website.
"timto82" (timto82)
04/04/2017 at 13:51, STARS: 0
Yes, you can, but you’ll take a pretty severe performance hit with a consumer grade router doing the encryption/decryption. The router firmware is generally single-threaded and can only take advantage of 1 core in your router (even if you have dual cores), and those consumer-grade routers generally only run at a clock speed of 800 mhz or 1 ghz. You’ll get much better performance running the client on your PC. The other suggestion (in this thread) is to run pfsense on a gateway, which was exactly what the network admin at my company suggested to me when I asked him about this the other day.
"Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
04/04/2017 at 14:09, STARS: 0
Is that a consumer product?
"Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
04/04/2017 at 14:13, STARS: 0
I sort of followed that... I am less concerned about an invasion of my computer than I am about people mining my ISP traffic for advertising leads.
"Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
04/04/2017 at 14:14, STARS: 0
Interesting. May be easier to just do it per device.
"Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
04/04/2017 at 14:15, STARS: 0
...
pfsense on a gateway...
Can you tell me what that looks like?
"TheBloody, Oppositelock lives on in our shitposts." (thebloody)
04/04/2017 at 14:20, STARS: 1
The initial tech debt is high yes, however you’ll never have worry about it again as it’s just a one off change.
"spanfucker retire bitch" (lelykon)
04/04/2017 at 14:39, STARS: 0
I got that. It’s why I was looking into as well as up until now I really only ever used a VPN when I was on public WiFi.
Your router does support a VPN client with multiple protocols. I’m merely warning you that at the very least with OpenVPN (and possibly other protocols as well) there’s a rather high overhead for the router and it affects speeds pretty drastically.
"timto82" (timto82)
04/04/2017 at 15:20, STARS: 0
I’m definitely not a networking nerd, but here is my understanding. You would get some x86 hardware (either something repurposed, like an old PC with room for multiple NICs, or a dedicated box like they have on the hardware page for pfsense), and load pfsense on it. This would act as a gateway between your cable modem and your router. Basically, you would go from 2 devices in your network stack (cable modem to wireless router) to 3 (cable modem {might need to throw it in bridge mode, according to the network admin}, gateway running pfsense that does the VPN heavy lifting, wifi router). Does this help?
"Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
04/04/2017 at 17:17, STARS: 0
Got it. Thanks.
"Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
04/04/2017 at 17:24, STARS: 0
Yes, thanks, that does help. So maybe a castoff Core2 Duo box with Windows 7 and 4 gb of RAM for pfsense? Physical location would work well also, as the modem is in the garage and this could double as my shop computer. This sounds pretty close to exactly what I was imagining.
"Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
04/04/2017 at 17:29, STARS: 0
https://www.netgate.com//products/sg-1000.html
This being a firewall appliance, my home network would be protected. But what about snooping between my gateway and where I am going?
"Junkrat aka Rick Sanchez: Fury Road Edition" (realasabass)
04/04/2017 at 20:27, STARS: 1
It’s a bit of both. They make appliances.
https://www.pfsense.org/products/
, or you can make your own. The software is really well documented and you are able to run your anti-virus/malware on the firewall. It runs on pretty much any PC hardware built in the last 10-12 years and it can handle your wifi with the correct wifi card. You will need two NICs in the PC (WAN and LAN) at a minimum. It can do pretty much anything any router can do and simple setups are very straightforward.
"Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
04/05/2017 at 00:27, STARS: 0
Is the software Linux-based?
"Junkrat aka Rick Sanchez: Fury Road Edition" (realasabass)
04/05/2017 at 01:42, STARS: 0
FreeBSD which is based on UNIX. It’s pretty good. You could always run it on virtualbox on your computer just to play around with. There is great documentation and video from basic to very advanced setup. I ran IPCop for a few years before switching to pfsense. Mine is able to sustain 3 point to point VPN tunnels (other pfsense machines), 1 roaming tunnel (my phone), and anti-malware. I currently run mine on a dual core amd apu. The whole computer, with the dual intel nic card, was around $125. It’s worth the investment if you want to step up security. Just cross reference the VPN protocol that your provider uses with pfsense’s wiki for support.
"Rusty Vandura - www.tinyurl.com/keepoppo" (rustyvandura)
04/05/2017 at 17:12, STARS: 0
Thanks for the note. FlyNorCal is a pal of mine in real life and also a network nerd, and an asphault track addict... But he and I have been talking about me setting up a Linux box.
I have a couple of Core i3 HP Elite 8100s sitting around with 4 GB of RAM. Do you think that would be an adequate box for this? 160 GB HDD? For that matter, I may even have an 80GB SSD. Would that suffice?
Is there a GUI that I can launch in FreeBSD that would let me browse the Web and stream YouTube and Pandora and such?
"Junkrat aka Rick Sanchez: Fury Road Edition" (realasabass)
04/05/2017 at 20:18, STARS: 1
I use a usb flash drive for my storage. I do, however, create a virtual drive inside the RAM so it doesn’t continually read/write the usb drive while it’s running. Those HP’s can handle it no problem. You can run it on a P4, but one of those HP’s will be perfect. If you want to be really cool, you could run something like this. You can actually download images specifically for these boards, so they are pretty easy to get going.
http://www.mini-box.com/ALIX-APU-2C4-AMD-G-Series-GX-421TC?sc=8&category=754
The only GUI is through web management. You connect a monitor during initial setup, but after that just power and network. Add a decent switch and an Ubiquiti access point for wireless. If managed properly you have access to security on par with pretty much any network that is directly accessed by the internet.
"timto82" (timto82)
04/06/2017 at 09:25, STARS: 0
Seems like it would work. In terms of snooping, that is taken care of by the VPN. As long as you use a reputable provider who does not keep logs, you are good. The pfsense gateway/firewall will encrypt all of your traffic before passing it through the modem to your ISP. The ISP will only see traffic to/from your VPN provider, and it will be fully encrypted at that point.