Best VPN Solution for Extensive Home Network

Posted on 2013-11-23
Last Modified: 2013-12-29
Hey Guys -

I have a "server" at home which hosts many different applications and services.  It's a hardware powerhouse, but needs to be.  Due to the amount of things I host, I have over 20 different ports forwarded in my router alone.

For remote connectivity, I do use DynDNS to set a purchased domain name and run the utility to update DNS if my ip changes.  To Remote Desktop to the server, I still use the standard Windows RDP.  I did forward the listening port to something other than 3389, but besides that, my credentials is the only security I have in place.

I'm used to working in an IT environment which has a much larger budget where we have Cisco, Juniper, or some other high end VPN to connect.  I'd like to have something similar at home, but don't know what would be best and sill have the features I need.

Overall Question
I'm looking for the best VPN (preferably software) which fits my needs.  Since i work from home, my job said they'd pay for a software VPN to my house, but not a hardware one for whatever reason so price isn't the biggest issue.  The only thing more important than security for me is compatibility & usability.  I connect to services (besides RDP) on the same network/server with my iPad, iPhone, Android phone, etc; and would need for a client or other simple solution to exist for them too.  If need be, would is be possible to just secure some services which are scanned for like RDP, etc?

One idea I did think of was using OpenWRT.  I just set up a new router with it, but would this help the situation at all?  With all the packages it offers, surely something would help out.  Below are the specs of my environment:

Environment Specs
If setting up a software VPN, it would be on Windows 7 x64.  Don't know if it's neccesary, but here's some of the other hardware I have:
- Current Router:  WNDR4500 (Have new Buffalo with OpenWRT I'm testing with, though)
- Hardware on Network
- x1 Windows 7 x64 Workstations (my primary "server that hosts 95% of what I connect to remotely" )
- x1 ESX 5.1 server (installed on a workstation for testing)
   - x2 Linux VMs
   - x3 Windows Server VMs
- x6 iPhones / iPads / Android / iPod Devices
- x2 Raspberry Pis (1 a dedicated OpenElec XBMC Server / other for testing)
- plus a few other things like consoles & receivers

Any ideas?  Thanks!
Question by:BzowK
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 35

Expert Comment

by:Dan Craciun
ID: 39671797
OpenWRT can use OpenVPN to setup a VPN in the router, which you can then use to remote into your network and from there work securely almost as if you are locally connected.

Here's and article on how to configure it:

PS: I use, at one of my clients, an old Linksys RV042.
I setup VPN in it and use ShrewVPN client to allow remote computers to log into the network.
Work well for years.


Author Comment

ID: 39675433
Dan -

Thanks for the reply.  I've got a few questions, though.
1.  I briefly read through the documentation from the link you sent me.  It seems as though the computers must be joined to a domain to be able to connect (about half way down.)  Is that true?

2. Can I just use VPN for RDP and keep other services / ports publicly open for services such as media servers?

3. IOS (iPad/iPhone) comes with native VPN configuration capability plus you can download apps to extend this for more complex settings.  Know if possib le to connect iPad / iPhone / Android to this "type" of VPN?

Sorry for all the questions.  Going to try to play with it this afternoon and see if I can figure out some of it.

LVL 35

Accepted Solution

Dan Craciun earned 500 total points
ID: 39675560
1. No, you do not need a domain. Ignore that section if you do not have a DC at home.

2. Using VPN does not close other ports. You can even keep the current RDP port open (although I do not see a reason why).

3. IOS has an official OpenVPN client here:
The official client for Android is here:

It's not going to be a walk in the park on your first try, so read carefully any guide you find.
LVL 77

Expert Comment

by:Rob Williams
ID: 39687261
Just to provide food for thought, are you sure you need a VPN?

-If connecting from many devices you may have issues with VPN client compatibility
-In order to be compatible, you will likely choose a basic VPN such as PPTP.  If so port scanners will determine port 1723 and you are back to basic username and password for security
-RDP encryption is as good or better than PPTP encryption
-VPN's have 1 major security flaw, a wide open tunnel between the corporate network and a remote network over which IT has no control.  If ehe remote site gets hacked they can often access the corporate site, or a network shared virus can easily be spread over the VPN
-RDP with the default port changed, avoid common user names like admin, a strong password, and local group policy set for account lockouts after 5 or 6 wrong guesses, is actually quite secure

Though I am a supporter of VPN's, as you can see by my profile, unless you incorporate a good VPN solution such as Cisco and use better protocols like IPSec and possibly certificates, you may not be gaining much security.

As mentioned, just food for thought.

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question