VPN tunnel?

[KryptoNyte]

Is there a fairly simple and inexpensive way to setup a private and secure VPN tunnel from one home to another home (connected via Internet) by purchasing a couple routers and configuring them to work in this way? Can a user purchase a pair of routers pre-configured for this to some degree?

I'd like to do this without purchasing a service, or using a free VPN service otherwise if possible.

[UgaData]

You can look at OpenVPN. Weather it can be pre-configured on a router , not sure,. Several router manufacturer's do support OpenVPN on the router. Dynamic DNS is supported for the endpoints.

https://openvpn.net

Site to Site info
https://openvpn.net/solutions/use-ca...e-to-site-vpn/



WireGuard is another. I don't believe Dynamic DNS is supported at this time (only IP address for endpoints - potential problem if ISP isn't suppling static IP)

https://www.wireguard.com

Several others showed up while searching, but I have no experience with them.

[KryptoNyte]

Thanks for the info, I will check them out!

[wayner]

I run Open VPN on the same unRAID server that runs SageTV and it works well to allow me to access my system when away from home on either mobile devices or individual PCs. Not sure how do this in a tunnel configuration where you have two LANs that you want to connect together.

edit - Here is info on how you do site-to-site VPN routing using OpenVPN https://openvpn.net/vpn-server-resou...ned-in-detail/ . There is an OpenVPN forum and an OpenVPN sub-reddit that may be able to help.

[Zogg]

I use WireGuard on my laptop and Android phone to get back into my home system. Both SageTV and WG are running on UnRaid server. It works well, and starting the VPN connection is very simple.

I've never looked into doing point-to-point but I'd be surprised if it wasn't supported.

[MattHelm]

Might look at Hamachi.

[Striker:WG]

All you need is two old PC's with two network cards in each PC.

Install pfsense on each PC. pfsense is a free router application that runs openvpn (among many other services).

You replace your existing router with the pfsense boxes at each site and configure a site to site VPN between the two pfsense boxes.

You might need to sign up for dynamic DNS through duckdns if you want to keep it free, that way if the public IP addresses change your VPN tunnel won't need to be reconfigured.

Lots of YouTube tutorial videos and a good support community both exist to help you get started. Definitely worth checking out.

[sic0048]

I'll throw in my 2 cents here - although it is pretty much repeating what others have already mentioned........

As already noted, you should be able to host your own VPN connection for free. (This is different than the free/paid VPN services you see online that want you to route your data through their service to protect your location, identity and data).

I would say many consumer grade routers now support a VPN server on their hardware. They usually use OpenVPN for this, but I'm sure there are others as well. Once you get the server set up on your hardware and create a crypto key, then you "export" that key to your mobile devices. You'll then use a VPN software on each device (OpenVPN again is usually the most common option) and "import" that key. You'll set up the rest of the settings/options based on what you choose when setting up the VPN server (user name, password, port# ,etc). You can also set up a more permanent VPN connection between two sites which is really what you where asking about in the OP. I have this type of tunnel set up between my house and my parents house. It was original so that we could each backup important things offsite (they save on a drive at my house and I save to a drive at their house). But it also allows me to see a CCTV camera on my camera system even thought it is physically at their house. I can also connect to my SageTV server while at their house, listen to my music while at their house, etc, etc, etc.

Also as noted, you'll need to use a DynDNS service of some sort so that you can always point to a single IP address (of the DynDNS service) and the service will then keep track of your local network's public IP address and forward any traffic to that public address, even if it should change. Most consumer public IP addresses will change every month or so to prevent people from hosting business servers on them.

If for some reason your current equipment can't host the VPN service, I too would recommend that you look at pfSense. It's an open source firewall application that can be run on a variety of devices - physical and virtual. It's robust enough that businesses use it to protect their networks, but it isn't so hard to grasp that non-IT people can't set it up. There is a huge wealth of knowledge and guides/videos on line that can help you get one set up.

[KryptoNyte]

You folks really shared a lot of great information here. Thank you very much!

How do the free VPN options provide security? I know at work they pay hundreds of dollars a year to get updates on our VPN router.

[wayner]

Quote:

Originally Posted by KryptoNyte

You folks really shared a lot of great information here. Thank you very much!

How do the free VPN options provide security? I know at work they pay hundreds of dollars a year to get updates on our VPN router.

OpenVPN is Open Sourced, hence the name. It uses top level encryption so I don't think security is an issue. You are probably paying for support at work.

FYI, if you have higher speed connections in both directions you may not want to use Open VPN on the router as routers have less processing power than a typical PC. It may make more sense to run OpenVPN on a PC. My understanding is that VPN is somewhat resource intensive.

The downside is that you need to keep a PC up and running to handle the VPN. But if you have a server running 24x7 then you may already have that.

If you are running SageTV in a docker on unRAID then running OpenVPN in a docker is a no-brainer, at least IMO.

If you are using your ISP's router today then you may want to be careful about introducing third party routers unless you know what you are doing as it may screw up other service, like TV.

[sic0048]

Quote:

Originally Posted by KryptoNyte

How do the free VPN options provide security? I know at work they pay hundreds of dollars a year to get updates on our VPN router.

I would be surprised if your company pays for VPN support by itself (although it wouldn't be completely unheard of - especially if your IT staff is small and your VPN needs are large). I suspect they are paying support for a more robust firewall appliance that also hosts their VPN connections. Even pfSense which has an open source option also has paid support models that many business pay for to ensure they can get immediate technical support if/when needed.

[Galaxysurfer]

I know my trusty old asus router can be run as a vpn server. I'm currently only using it as a client though.

I use Asuswrt-merlin which has some extra tweaks over stock implementations.

For more info go check out

https://www.snbforums.com/

https://www.asuswrt-merlin.net/

[wayner]

Routers can do this but they generally have pretty slow CPUs so you may not get great speeds over a VPN connection as it is resource intensive. That's why it can make more sense to use OpenVPN on your PC.