VPN - no computer!

[kingdalle]

Hi. I am looking for a way to make a VPN to my friends internet connection without him having to leave his computer on 24-7. Obviously I will only need it when my own computer is powered, so no problem there just software. We live in the same country, in the same region about 10 miles apart. Is there any kind of router or other hardware that will do the task in his end? In other words, when connected through the VPN my computer should look like it is at his address, without him having to turn on his computer. If more solutions, the cheapest one please

Thanks, Daniel

Please don't mind the misspellings and the odd word choices as I am not from an english speaking country and have never been to one.

 

[eibgrad]

Your friend needs to find a router that supports a VPN server. I personally use a dd-wrt/tomato (third party firmware) compatible router and implement a PPTP VPN server for these very purposes. But I'm sure there are commercial solutions as well. Just search Google. Obviously it gets a bit tricky since it involves changes to your friend’s network more than yours. So trying to decide which router makes sense with respect to other requirements is something you need to discuss w/ them.

I suppose you also could establish a standalone VPN server behind the router so you don’t need to mess w/ your friend’s current setup (other than port forward the necessary VPN ports). Perhaps even build your own VPN server on a low-cost, low-power Linux machine.

Since you will have access to your friend’s network, have you considered establishing the VPN server on his PC (all Windows machines are capable) and using remote WOL (Wake On LAN) to only wake the computer when needed? If it’s just a matter of keeping the PC off to save energy, that might be the easier solution (although remote WOL is not necessarily easy to implement, requires a PC that is WOL capable, and a router that will accept broadcasts from the WAN side).

Anyway, just some ideas to keep in mind. Hard to say what makes sense for any given situation w/ so few details.

 

[kingdalle]

thanks eibgrad.

Please tell what details you are missing?

He has a fiber optics connection to his house. Then there is some kind of bigass modem that handles tv, internet and phone. Connected to the modem is a DLink D 524 for wireless. Would it be possible to connect yet another router to the DLink (no more ports avaible on the modem) and have it handle the VPN?

Thanks, Daniel

 

[kingdalle]

I will try again. Is it possible to connect a router to the DLink router and have it handle the vpn? If so, which router would be the better choice? I don't mind changing the firmware.

Thanks, Daniel

 

[eibgrad]

You could use a dd-wrt compatible router, configure it for PPTP or OpenVPN server, and connect it behind his primary router, WAN to LAN, respectively.

[your primary router (192.168.99.x)]<-- internet -->[his primary router (192.168.1.x)](lan)<-- wire -->(wan)[dd-wrt router (10.0.0.x)]

Note that you MUST use the WAN port of the dd-wrt router because the vpn server only listens on the WAN interface. And that means the network behind the dd-wrt router must be different from the primary router. IOW, if his primary router is 192.168.1.x, the dd-wrt router would have to be say, 10.0.0.x. And of course, your own network would have to be different from both of them (which is why I made yours 192.168.99.x in my example).

Depending on your VPN client configuration, you may have to add a static route on the client side so it can find the remote primary network (192.168.1.x). Obviously that won’t be necessary if your VPN client is configured to always use the remote VPN server as its gateway; it will automatically find the 192.168.1.x network. But I’m assuming that won’t be likely in this case, that you intend to only access his remote network for his devices, not internet access. So static routing would be a necessity.

Assuming your vpn client IP was 10.0.0.99,

route –p add 192.168.1.0 mask 255.255.255.0 10.0.0.99

It doesn’t have to be a fancy dd-wrt router either. It doesn’t even need to support wireless. Just anything that can support the standard generic dd-wrt builds (4MB) or better (standard generic for pptp, vpn generic for openvpn). All you’re doing is leveraging the fact that the router is a micro-computer and supports a vpn server, then patching it into the network like any other network device. The only tricky part is that the router only listens on the WAN interface. Had you developed your own Linux solution, you could have implemented the vpn server on the LAN interface and dropped yourself directly on the remote network. Having to use the WAN interface of the router requires the additional step of setting up the network behind it and crossing the WAN into that remote network.

At least that’s one way to do it.

 

[eibgrad]

P.S. I did a small experiment (because I wasn’t sure if what I’m about to describe would work) and configured the vpn server to allocate a vpn client IP in the remote primary network (192.168.1.x) rather than the network of the vpn server (10.0.0.x). I wanted to see if I could eliminate the need for adding static routes. And it worked. Of course, the downside was that now I couldn’t reach the vpn server’s network (10.0.0.x) without a static route. But that may be acceptable if you’ll only need the vpn router’s IP address for remote administration.

 

[kingdalle]

Hi, thanks for your reply! Sounds like you know what you are doing.

I have doubt as to whether the DLink router should go or stay. As I said, he has fiber optics connection to his house. Then there is some sort of modem (handling tv, internet, phone). Then there is the DLink (handling wireless connections). Is there an obvious router that could handle both his wireless connections and my VPN connection? Or should the VPN router be connected in extension of the DLink?

I will use my own connection for most purposes. But when using the VPN i will need internet connection through his provider as well. It will be the only VPN the client is going to handle. I think OpenVPN as the computer is running ubuntu??

As you probably noticed I am new to Ubuntu (quit windows about 4 months ago and never going back!), and this will be the first VPN I am trying to set up. So I apologize if some of my question make me sound a little stupid.

Thanks again!!

Daniel

 

[allvers]

I have doubt as to whether the DLink router should go or stay. As I said, he has fiber optics connection to his house.

 

[allvers]

Of course, the downside was that now I couldn’t reach the vpn server’s network (10.0.0.x) without a static route. But that may be acceptable if you’ll only need the vpn router’s IP address for remote administration.