VPN setup for home use, recommendation

H

hakona

n00b
Joined
Jul 24, 2011
Messages
6
Hi folks

I am wondering if I could get some insight/recommendation from someone regarding setting up a simple VPN at home.
It is going to serve two purposes
1. safe surfing on laptop and android devices while on open wifi networks
2. getting access to my home network while travelling.

I have a cisco/linksys E4200 router at the moment, that can handle DD-WRT (but very troublesome flashing, that might brick it) to my knowledge, but it seems not to be the best router to do it on and I'm thinking of ditching it for something else.

or.. if the VPN server can be realized on an additional device in the network, this could work out for me too.

got recommended the ASA 5505, but seems to get expensive as you buy the licences (?), as I need at least VPN connections for 5 users.

So far I've managed to test that android works good with openVPN and PPTP protocol, not sure about the rest.. If someone knows what works on android KitKat 4.4.4 devices (and not), I would be very greatful)

Don't really need top notch enterprise performance, as I only have ADSL (25/5) anyway.

Hoping someone could give me some pointers

Cheers
 
openvpn should work, untangle, you can do full tunnel.
 
Asus VPN built into their routers was one of the easiest VPNs I have ever setup. I don't think it can get any easier.
 
diizzy said:
Grab a TP-Link TL-WDR3600, WD MyNet N600 or N750, TP-Link Archer C5 or C7 v2 if you're in US (amazon etc) flash it with OpenWRT trunk and install whatever you need such as OpenVPN.

I have pre-compiled images with OpenVPN for WDR3600, MyNet N600 and N750 if you want.
http://randominfo.pyret.net/index.php?controller=page&action=view&id_page=3

//Danne
Click to expand...

The TP-LINK router looks nice. Just wondering about one thing; when flashed with OpenWRT, are all the interfaces configurations in command line ONLY? Or is it only the VPN config in CLI and the rest in a web interface for setting up the wireless, and the rest of the normal network setup?
 
OpenVPN would be in CLI while your "normal" configuration would be using a WebUI.
//Danne
 
I use pfSense on an old P4 machine with OpenVPN and it works really well and gives nice throughput depending on the hardware you use for it.
 
Another vote for pfSense. I've set it up for a few small business clients and it works well and has been very stable for many years. One of them has been running continuously for nearly 7 years. It's powerful, the UI is intuitive and it's hard to beat the price :)
 
...and very inefficient using recent hardware unless you need ~25+mbit/s encryption but even than no sane person would call P4 reliable hardware given its age. ;-)
//Danne
 
That's why I use it as Virtual instance (free ESXi) together with other stuff. That allows a better utilization of the xeon driving it. But still: functionality is great, good support in their forum. No complains about stability.
 
I have pfSesnse setup at home as my router and VPN server. It connects to my laptops and Android devices. Very simple to setup.

I also have a pfSense server running on an old Dell server at my parents house that has one NIC connected. Just using it as a site-to-site VPN to my house.
 
nodle said:
Asus VPN built into their routers was one of the easiest VPNs I have ever setup. I don't think it can get any easier.
Click to expand...

I want to use the VPN on my Asus RC66-N at home, but I can't stand how it shows my password in plain text on the admin screen.
 
PfSense is the way to go for me I think, have been researcing that alot the last week, and it looks very impressive.

Looks so easy to manage, and to make the configs for android phones.

Thinking of scraping together a lowbudget mini-ITX build with a built-in celeron cpu and two LAN cards. The only thing that end up getting "pricy" is actually the SSD (want no moving parts). cheapest I can find is 90USD (eqvialent) and the size would be monstrous for what I would actually need

But I guess I have to live with it :)

One question, how is it with updates of the software, like the kernel and the pfsense software itself?
 
A low budget ITX-build will be more expensive, draw more power and provide marginally better performance (yes, OpenVPN is slow). Given your connection its a complete waste of money as it will not provide any better performance. If you had a 50/50 connection you might want to look at something similar but you don't. If you want anything that's actually does have some margin in terms of performance you'll need a i3 CPU or better. I'm not really sure what's easier about android configs, it's the same config since it's the same software since I'm guessing you're referring to OpenVPN.
//Danne
 
Buying seperate parts to build a PfSense box isn't a good plan. It's only really advisable if you have the parts laying around. I would just purchase a SMB branch UTM device.
 
I second that... I always trusted Cisco/Linksys devices until I saw ASUS made routers. I went the ac-rt66u with tomato and haven't looked back :)
 
you can tell the noob here.. i figured my reply would indent underneath nodle's post... :/
 
hakona said:
Thinking of scraping together a lowbudget mini-ITX build with a built-in celeron cpu and two LAN cards. The only thing that end up getting "pricy" is actually the SSD (want no moving parts). cheapest I can find is 90USD (eqvialent) and the size would be monstrous for what I would actually need
Click to expand...

You realize that pfsense can be installed onto a cheap usb flash drive, right? No need for an expensive SATA ssd, just some inexpensive flash drive.
 
So in short, just go with a TP-Link router and get a newer one in 3-5 years. It's not like a computer is going to last much longer anyways.
//Danne
 
How about if someone had a 350/20 Mb connection, I'm guessing even the highest powered end user routers would not be strong enough to offer maximum throughput? What about something like the ERL, or would it have to be an I3 box?
 
It depends, are you connecting to your connection or to another network? If the latter, how fast is it?
//Danne
 
Cmustang87 said:
Buying seperate parts to build a PfSense box isn't a good plan. It's only really advisable if you have the parts laying around....
Click to expand...

I have to second this.

I had an itch to build a network box to replace my aging Dlink router. I was stuck between doing an mini-itx box or building a router with a board and enclosure from pcengines.ch (the pcengines stuff is ridiculously cool). In the end, I read a blog promoting the Edge Router Lite and did some research on it. It checked all the boxes so I bought one and have been very pleased with how it works. For ~$99 it is tough to beat, imo. Definitely for advanced users only though.
 
An TP-Link Archer C5/C7 would handle your upload speed just fine doing OpenVPN, it would be interesting though to see how SoftEther using their HTTPS SSL VPN performs. Given the numbers it should be quite a bit more efficient.

Otherwise I would look at something i3-based such as a NUC with attach a TB-based NIC from Apple or just do VLAN on a single port NIC..
//Danne
 
diizzy said:
An TP-Link Archer C5/C7 would handle your upload speed just fine doing OpenVPN, it would be interesting though to see how SoftEther using their HTTPS SSL VPN performs. Given the numbers it should be quite a bit more efficient.

Otherwise I would look at something i3-based such as a NUC with attach a TB-based NIC from Apple or just do VLAN on a single port NIC..
//Danne
Click to expand...


Thanks Danne! I was actually looking at the C7 or C8 and liked them alot, as TBH I am not the most inclined when it comes to networking and ease of use/setup was a big factor for me, hence why the ERL isnt at the top of my list.
 
C7 works with OpenWRT, C8 doesn't so have that in consideration.
ERL has OpenWRT support which way be of interest, I haven't tried it myself yet.
//Danne
 
Thanks for all the input folks.
I ended up buying an Asus RT-N66U from my brother who had it laying around.

Heard of WRT merlin that works on these that support openVPN (which I wanted to try).

I had read that the asus routers support PPTP out of the box, but when I actually read through the release notes for the latest versiones, they have added OpenVPN support too! :D

Got it to work like a charm with latest official FW.

Not sure what I will gain by using the merlin FW, anyone knows?
 
You can always check the reliability of your VPN with an online service like 2ip.io. I personally found it very useful!
 
Kys4402.png
 
hakona said:
Thinking of scraping together a lowbudget mini-ITX build with a built-in celeron cpu and two LAN cards. The only thing that end up getting "pricy" is actually the SSD (want no moving parts). cheapest I can find is 90USD (eqvialent) and the size would be monstrous for what I would actually need
Click to expand...

Check this out. Quad Celeron Nano box

Someone else on here recently got one. I ordered mine on Friday. I have some spare RAM laying around and I picked up a 120GB MSata for $40. I don't know what you consider pricey, but out the door I paid $220 for everything and it has 4 NICs, Quad-Core, 4GB of RAM, and 120GB mSATA for a nice little firewall that will be dead quiet, speedy and power and space efficient.
 
As an Amazon Associate, HardForum may earn from qualifying purchases.
I personally think that the pfSense web GUI is easier to manage than the OpenWRT GUI is. I know that the pfSense group will be updating the OS from time to time to keep it secure but I wouldn't always count on SOHO routers to get the same updates.
 
The pfSense vs OpenWRT fight is like Apple vs Android. Personally I prefer pfSense, but then I have an iPhone so what do I know. :D
 
I have pfSense with OpenVPN running on a shitty Pentium M 1.3ghz single core laptop with 512MB ram. Works beautifully. It also handles DNS (with a 1000's host long blacklist), DHCP, NAT/Firewalling, NTP and various other routeresque things. The WAN is the built in ethernet w/ an intel controller, and the LAN is a PCMCIA D-Link based NIC. I can saturate my 100Mbit connection (without OpenVPN) easy and have tons of states in the state table and all is fine and dandy. Torrenting doesn't crash it like it does consumer routers. Shitty laptops make great home routers. FreeBSD (what pfsense is built on) support for wifi controllers sucks though so I have a consumer router acting as an access point for wifi through a switch.
 
@ Valnar
They have completely differnet aims, pfsense doesn't even run on ARM/MIPS.

I've used FreeBSD and OpenWRT on MIPS platforms with 200d+ uptime so both works just fine.
 
I still use the same virtual instance of pfSense from 2014. Still happy for my use case to connect with Apple laptops and mobile devices to my home network
 
diizzy said:
@ Valnar
They have completely differnet aims, pfsense doesn't even run on ARM/MIPS.

I've used FreeBSD and OpenWRT on MIPS platforms with 200d+ uptime so both works just fine.
Click to expand...

and openwrt runs on x86 platform :p
 
You must log in or register to reply here.
Back
Top