As I have been building my home network I have come across more and more features for outside access of data and functions that I would like to impliment, the eaisest way to accomplish this is through port forwarding but obviously thats not an option with the level of security risk involved. I would like to accompish several things and leave room for growth in the future. I want to be able to access data both on my server and on specific machines, access IP camera streams(both to a mobile device and to my work PC), access server plugins (mobile and work), stream audio and video out to mostly mobile but occasionally remote pc's, perform system operations on remote pc's, and in the future access home automation features. Also it would not be bad to have my mobile data encrypted when on wifi. From what I have gathered I should be down to about 2 options, either purchasing a dedicated VPN firewall device ($200-300??) or flashing my router (wndr3800) with a 3rd party firmware capable of acting as a VPN. Can someone give me some pro's and con's as to the two of these?
Securing a home network for outside access?
- Thread starter bwall244
- Start date
Its the standard trade off you pay someone else to do the work and just buy the function or you do it yourself. If you have a high skill level then doing it yourself may actually be more secure because you can eliminate options you do not need where as the packaged solution you take the average. The opposite is also true if you do not spend the time to really know what you are doing you could leave a hole accidentally.
Now there are some vpn devices that have hardware accelerators but I don't think those are in the $200-$300 range.
Mostly the commercial solutions are easier to use for people who don't want to bother with all the details.
Now there are some vpn devices that have hardware accelerators but I don't think those are in the $200-$300 range.
Mostly the commercial solutions are easier to use for people who don't want to bother with all the details.
I am fairly good with following instructions but my skill level is fairly basic (flashing dd-wrt on another router and setting it up as a wireless bridge for example) I think it's possible that I could set it up but I wouldn't know much about knowing for sure if it is secure. As for commercial solutions are we talking about something like a zyxwl usg50? Sure I would love to save the cash, however I would hate to spend the time and think I'm secure when I am not.
VPN if you stay simple the configurations are easy and secure.
The common issue comes when you try to do stuff like split tunnel where some of the traffic goes in the tunnel and some of it bypasses. You of course can mess up a commercial device the same way. Still most people that need the gui to configure VPN don't build split tunnel anyway.
As long as you spend the time to read how and why things are done openvpn on dd-wrt is as secure as anything else. If your router supports it you might as well try to run it you can always buy a vpn router later.
I would recommend you look at SSL/TLS vpn first. It tends to be the easiest to get though other provider networks. It looks like https and that will pass though just about any firewall and it tends to be easier to it to pass though the cell networks where there is lots of nat going on.
The common issue comes when you try to do stuff like split tunnel where some of the traffic goes in the tunnel and some of it bypasses. You of course can mess up a commercial device the same way. Still most people that need the gui to configure VPN don't build split tunnel anyway.
As long as you spend the time to read how and why things are done openvpn on dd-wrt is as secure as anything else. If your router supports it you might as well try to run it you can always buy a vpn router later.
I would recommend you look at SSL/TLS vpn first. It tends to be the easiest to get though other provider networks. It looks like https and that will pass though just about any firewall and it tends to be easier to it to pass though the cell networks where there is lots of nat going on.
Thanks, I have seen split tunnel mentioned and am only half sure of how that works. Lets say I want my phone(65% of the reason I want to use VPN) traffic to pass through the VPN to my home server for the purpose of streaming music from the server to the phone and to view IP cameras from the phone(these are active on specific assigned ports). I would be creating a tunnel from my phone terminating in the router gateway. Outbound traffic (besides that coming back to the phone) would not be subject to the VPN and pass freely to the internet, correct?
That is normal routing your phone appears to be on the LAN when you are running VPN. Split tunnel would be you wanted to access web pages from the phone at the same time as access stuff in your home network. You could of course send your web page requests to your home network and then it would come back out again as though you had attached to phone to your wireless router on your lan. This of course causes performance issues so people want some traffic to go direct and some to go into the tunnel. Gets kinda messy.
I really accreciate you being helpful here, as an added level of complication(that I really hope won't be), in conjunction would it be an issue to have a service on the home LAN that is connected through a vpn proxy service to anonymize that specific traffic? I'm pretty sure that would not cause a tunnel inside a tunnel issue, as that connection wouldn't be involved in the VPN between the phone and router right?
correct. then again if you work at it hard enough it is possible to run a tunnel in a tunnel so you could run the anonymizer from the phone to your home lan and then out to the anonymizer site form your home lan. Most the tunnel in a tunnel not working is when you run exactly the same kind. I suspect you could run proxy inside https inside gre inside ipsec if you tried hard enough.
Pretty much things coming from your home lan unless you force them to will go directly out. The tunnel will be built the other way..ie into your lan.
Pretty much things coming from your home lan unless you force them to will go directly out. The tunnel will be built the other way..ie into your lan.
Facebook
Twitter
Instagram