Solved

Best VPN Solution for Extensive Home Network

Posted on 2013-11-23
4
1,505 Views
Last Modified: 2013-12-29
Hey Guys -

I have a "server" at home which hosts many different applications and services.  It's a hardware powerhouse, but needs to be.  Due to the amount of things I host, I have over 20 different ports forwarded in my router alone.

For remote connectivity, I do use DynDNS to set a purchased domain name and run the utility to update DNS if my ip changes.  To Remote Desktop to the server, I still use the standard Windows RDP.  I did forward the listening port to something other than 3389, but besides that, my credentials is the only security I have in place.

I'm used to working in an IT environment which has a much larger budget where we have Cisco, Juniper, or some other high end VPN to connect.  I'd like to have something similar at home, but don't know what would be best and sill have the features I need.

Overall Question
I'm looking for the best VPN (preferably software) which fits my needs.  Since i work from home, my job said they'd pay for a software VPN to my house, but not a hardware one for whatever reason so price isn't the biggest issue.  The only thing more important than security for me is compatibility & usability.  I connect to services (besides RDP) on the same network/server with my iPad, iPhone, Android phone, etc; and would need for a client or other simple solution to exist for them too.  If need be, would is be possible to just secure some services which are scanned for like RDP, etc?

One idea I did think of was using OpenWRT.  I just set up a new router with it, but would this help the situation at all?  With all the packages it offers, surely something would help out.  Below are the specs of my environment:

Environment Specs
If setting up a software VPN, it would be on Windows 7 x64.  Don't know if it's neccesary, but here's some of the other hardware I have:
- Current Router:  WNDR4500 (Have new Buffalo with OpenWRT I'm testing with, though)
- Hardware on Network
- x1 Windows 7 x64 Workstations (my primary "server that hosts 95% of what I connect to remotely" )
- x1 ESX 5.1 server (installed on a workstation for testing)
   - x2 Linux VMs
   - x3 Windows Server VMs
- x6 iPhones / iPads / Android / iPod Devices
- x2 Raspberry Pis (1 a dedicated OpenElec XBMC Server / other for testing)
- plus a few other things like consoles & receivers

Any ideas?  Thanks!
0
Comment
Question by:BzowK
  • 2
4 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39671797
OpenWRT can use OpenVPN to setup a VPN in the router, which you can then use to remote into your network and from there work securely almost as if you are locally connected.

Here's and article on how to configure it: http://wiki.openwrt.org/doc/howto/vpn.openvpn

PS: I use, at one of my clients, an old Linksys RV042.
I setup VPN in it and use ShrewVPN client to allow remote computers to log into the network.
Work well for years.

HTH,
Dan
0
 

Author Comment

by:BzowK
ID: 39675433
Dan -

Thanks for the reply.  I've got a few questions, though.
1.  I briefly read through the documentation from the link you sent me.  It seems as though the computers must be joined to a domain to be able to connect (about half way down.)  Is that true?

2. Can I just use VPN for RDP and keep other services / ports publicly open for services such as media servers?

3. IOS (iPad/iPhone) comes with native VPN configuration capability plus you can download apps to extend this for more complex settings.  Know if possib le to connect iPad / iPhone / Android to this "type" of VPN?

Sorry for all the questions.  Going to try to play with it this afternoon and see if I can figure out some of it.

Thanks!
0
 
LVL 34

Accepted Solution

by:
Dan Craciun earned 500 total points
ID: 39675560
1. No, you do not need a domain. Ignore that section if you do not have a DC at home.

2. Using VPN does not close other ports. You can even keep the current RDP port open (although I do not see a reason why).

3. IOS has an official OpenVPN client here: https://itunes.apple.com/app/openvpn-connect/id590379981
The official client for Android is here: https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en

It's not going to be a walk in the park on your first try, so read carefully any guide you find.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39687261
Just to provide food for thought, are you sure you need a VPN?

-If connecting from many devices you may have issues with VPN client compatibility
-In order to be compatible, you will likely choose a basic VPN such as PPTP.  If so port scanners will determine port 1723 and you are back to basic username and password for security
-RDP encryption is as good or better than PPTP encryption
-VPN's have 1 major security flaw, a wide open tunnel between the corporate network and a remote network over which IT has no control.  If ehe remote site gets hacked they can often access the corporate site, or a network shared virus can easily be spread over the VPN
-RDP with the default port changed, avoid common user names like admin, a strong password, and local group policy set for account lockouts after 5 or 6 wrong guesses, is actually quite secure

Though I am a supporter of VPN's, as you can see by my profile, unless you incorporate a good VPN solution such as Cisco and use better protocols like IPSec and possibly certificates, you may not be gaining much security.

As mentioned, just food for thought.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now