Best way to access home network

L

lordsegan

Gawd
Joined
Jun 16, 2004
Messages
624
I have decided that I occasionally need to be able to access my home network.

(SMB server, RDP, etc). If I understand it correctly, I can put a VPN behind my router/NAT and I should be able to tunnel into the VPN and it will then appear that I am inside the network.

Is that correct? Does the VPN instead need to be part of the router/NAT?
 
Depends on your needs.

If you just need to access/use the machine at home, just do RDP and use port-forwarding and call it a day. If you need access to files/drives from home remotely...then things get more complicated and VPN, FTP, or countless other acronyms come into play
 
SSH tunnel + VNC would work too, encrypted and secure access. File access via Dropbox or ftp/http server
 
There's a free version of Hamachi that will work for up to 5 PC's - basically a cloud based VPN that comes in quite handy. I use it for tech support on my parent's network that's a few hundred miles away.

For my personal network, I have OpenVPN running on a VM inside the network with the related ports forwarded to it. On my laptop, tunnel in with a tap and it is as if I'm on the local network (though, that redirects ALL traffic and routes through my home network).
 
Setup a ssh server and forward a port to it. Ensure fail2ban is setup on the ssh server so that the IP gets blocked after so many failed logins. (brute force protection). If you need anything more setup VPN too but only allow specific IPs to connect to it. If you need to connect from somewhere not in the list you can SSH in to add the IP to the white list.
 
I use untangle w/ openvpn and toss a client on my laptop and ipad to do what I need to do. I'm not a fan of opening ports if i don't have to. I think there are 3 total ports open but those are service ports that are needed for a few clients.
 
i forward rdp ports to my whs box. from there i just rdp to other systems that i need to access.
 
sc0tty8 said:
I use untangle w/ openvpn and toss a client on my laptop and ipad to do what I need to do. I'm not a fan of opening ports if i don't have to. I think there are 3 total ports open but those are service ports that are needed for a few clients.
Click to expand...

This is similar to what I do as well. I run pfSense as my router and have OpenVPN servers running on it. That way I can connect with my laptop anywhere I am.

I have done SSH tunnels as well as port forwarding for RDP, but having OpenVPN is so much nicer, I can just access everything. It's really not too hard to set up either. I am using a TUN (vs a TAP) so I don't get broadcast stuff, and what not, as well as using compression, so it works pretty well. I have a permanent site to sit connection to my in-laws house, so I can work on stuff at their house for them. I really like the setup.

I also have a special VPN connection setup that changes your default gateway so EVERYTHING goes thru the VPN, and I use this at places like coffee shops, airports, etc where there is free/open wireless. This makes all of my traffic go across the encrypted VPN tunnel to my house and then goes out across the internet. I have pretty decent internet at home (~25/5), which helps. I also run a squid proxy at home so if I am NOT redirecting my gateway (so only specific traffic goes across VPN, not all), along with foxy proxy so I can have specific sites run thru the proxy, but the rest go direct. This is handy if I am at some location where the internet is filtered, it allows me to get to sites that are blocked :)
 
The most simple solution is TeamViewer. It is free for personal use. Install on your computers and access them whenever.
 
I would avoid opening RDP ports on your WAN, you're asking for bad traffic. If you have to, restrict it to your known remote IPs.

VPN or web based services are the way to go (LMI/TV).
 
another +1 for hamachi. No ports to open or any of that. Free for personal ues up to 5 i believe.
 
ryang said:
I would avoid opening RDP ports on your WAN, you're asking for bad traffic. If you have to, restrict it to your known remote IPs.

VPN or web based services are the way to go (LMI/TV).
Click to expand...

If you do open ports for RDP, dont use the default port, change the outside port to something else, and then just have it forward to 3389 on the box.
 
extide said:
If you do open ports for RDP, dont use the default port, change the outside port to something else, and then just have it forward to 3389 on the box.
Click to expand...

If you use an iptables-based router there is a rule to drop traffic that fails to connect after 5 attempts. Was handy for an ftp server I had.
 
sc0tty8 said:
I use untangle w/ openvpn and toss a client on my laptop and ipad to do what I need to do. I'm not a fan of opening ports if i don't have to. I think there are 3 total ports open but those are service ports that are needed for a few clients.
Click to expand...

have to jailbreak for the ipad...

it irritates me to no end that there is no openvpn client on ios yet...

my next gen mobile units will all be android because of it... there is really no excuse they haven't taken care of this by now, there are several other companies that have made VPN connection apps, so apple allows it in their APIs at this point... everyone wants to get on intranet sites with their ipads and iphones but it's just not going to happen...
 
Last edited:
goodcooper said:
have to jailbreak for the ipad...

it irritates me to no end that there is no openvpn client on ios yet...

my next gen mobile units will all be android because of it... there is really no excuse they haven't taken care of this by now, there are several other companies that have made VPN connection apps, so apple allows it in their APIs at this point... everyone wants to get on intranet sites with their ipads and iphones but it's just not going to happen...
Click to expand...

Apple does have a vpn client built in. If you have an a4-based device you can jailbreak it. a5 &a6 require ios 5.1.1 or less to jailbreak unless you have your shsh blogs. These are automatically uploaded to the cydia servers during the jailbreak process to allow downgrades/custom restores down the road.

I would not own an idevice unless it was jailbreoken, I do not want a cookie cutter piece of shit that everyone else can have. *loves his android phone*
 
ryang said:
I would avoid opening RDP ports on your WAN, you're asking for bad traffic. If you have to, restrict it to your known remote IPs.

VPN or web based services are the way to go (LMI/TV).
Click to expand...

Yeah definitely would not open any such ports to the outside. RDP, VNC, etc... even SSH if you open that up you want some kind of brute force protection. There are lot of bots out there that continuously brute force known services. Had a system hacked in under 15 minutes once when I forwarded the port and did not install fail2ban yet. Figured I can do it later... yeah, so much for that, had to reload the whole system. :p Was just a test server mind you, nothing important.
 
jtr8178 said:
The most simple solution is TeamViewer. It is free for personal use. Install on your computers and access them whenever.
Click to expand...


+1 for TeamViewer.

I use it to access my home server from work. I've also installed it on my parent's, brother's and mother-in-law's PC's. Makes things a lot easier and saves trips out for basic assistance.
 
I've had issues with teamviewer and eset....

Teamviewer is ok....but gimme mstsc /admin :)
 
Hi guys.. I was a bit unclear.

I don't want to use any sort of cloud stuff, nor do I want to use team viewer. I want a remote machine to be "on the LAN" nothing more, nothing less. I can do the application stuff from there.

My main question is do I need the VPN server to at the border (part of or in front of the NAT router), or can it be behind the NAT as just another server.
 
providing you have a router that can do nat traversal then the vpn server can be behind the router then just pass the ports through
 
Yeah setup the vpn server on the LAN and just forward the proper port and everything will work. Be sure to add a static route in your router to point any VPN range IP to the VPN server.
 
Red Squirrel said:
Be sure to add a static route in your router to point any VPN range IP to the VPN server.
Click to expand...

This. If your VPN server is on the same box as your NAT Router, then this step i not needed, BUT if it is on a different box behind the firewall, then you will need to add the route.
 
You must log in or register to reply here.
Back
Top