Best VPN Solution for Extensive Home Network

Hey Guys -

I have a "server" at home which hosts many different applications and services.  It's a hardware powerhouse, but needs to be.  Due to the amount of things I host, I have over 20 different ports forwarded in my router alone.

For remote connectivity, I do use DynDNS to set a purchased domain name and run the utility to update DNS if my ip changes.  To Remote Desktop to the server, I still use the standard Windows RDP.  I did forward the listening port to something other than 3389, but besides that, my credentials is the only security I have in place.

I'm used to working in an IT environment which has a much larger budget where we have Cisco, Juniper, or some other high end VPN to connect.  I'd like to have something similar at home, but don't know what would be best and sill have the features I need.

Overall Question
I'm looking for the best VPN (preferably software) which fits my needs.  Since i work from home, my job said they'd pay for a software VPN to my house, but not a hardware one for whatever reason so price isn't the biggest issue.  The only thing more important than security for me is compatibility & usability.  I connect to services (besides RDP) on the same network/server with my iPad, iPhone, Android phone, etc; and would need for a client or other simple solution to exist for them too.  If need be, would is be possible to just secure some services which are scanned for like RDP, etc?

One idea I did think of was using OpenWRT.  I just set up a new router with it, but would this help the situation at all?  With all the packages it offers, surely something would help out.  Below are the specs of my environment:

Environment Specs
If setting up a software VPN, it would be on Windows 7 x64.  Don't know if it's neccesary, but here's some of the other hardware I have:
- Current Router:  WNDR4500 (Have new Buffalo with OpenWRT I'm testing with, though)
- Hardware on Network
- x1 Windows 7 x64 Workstations (my primary "server that hosts 95% of what I connect to remotely" )
- x1 ESX 5.1 server (installed on a workstation for testing)
   - x2 Linux VMs
   - x3 Windows Server VMs
- x6 iPhones / iPads / Android / iPod Devices
- x2 Raspberry Pis (1 a dedicated OpenElec XBMC Server / other for testing)
- plus a few other things like consoles & receivers

Any ideas?  Thanks!
Who is Participating?
Dan CraciunConnect With a Mentor IT ConsultantCommented:
1. No, you do not need a domain. Ignore that section if you do not have a DC at home.

2. Using VPN does not close other ports. You can even keep the current RDP port open (although I do not see a reason why).

3. IOS has an official OpenVPN client here:
The official client for Android is here:

It's not going to be a walk in the park on your first try, so read carefully any guide you find.
Dan CraciunIT ConsultantCommented:
OpenWRT can use OpenVPN to setup a VPN in the router, which you can then use to remote into your network and from there work securely almost as if you are locally connected.

Here's and article on how to configure it:

PS: I use, at one of my clients, an old Linksys RV042.
I setup VPN in it and use ShrewVPN client to allow remote computers to log into the network.
Work well for years.

BzowKAuthor Commented:
Dan -

Thanks for the reply.  I've got a few questions, though.
1.  I briefly read through the documentation from the link you sent me.  It seems as though the computers must be joined to a domain to be able to connect (about half way down.)  Is that true?

2. Can I just use VPN for RDP and keep other services / ports publicly open for services such as media servers?

3. IOS (iPad/iPhone) comes with native VPN configuration capability plus you can download apps to extend this for more complex settings.  Know if possib le to connect iPad / iPhone / Android to this "type" of VPN?

Sorry for all the questions.  Going to try to play with it this afternoon and see if I can figure out some of it.

Rob WilliamsCommented:
Just to provide food for thought, are you sure you need a VPN?

-If connecting from many devices you may have issues with VPN client compatibility
-In order to be compatible, you will likely choose a basic VPN such as PPTP.  If so port scanners will determine port 1723 and you are back to basic username and password for security
-RDP encryption is as good or better than PPTP encryption
-VPN's have 1 major security flaw, a wide open tunnel between the corporate network and a remote network over which IT has no control.  If ehe remote site gets hacked they can often access the corporate site, or a network shared virus can easily be spread over the VPN
-RDP with the default port changed, avoid common user names like admin, a strong password, and local group policy set for account lockouts after 5 or 6 wrong guesses, is actually quite secure

Though I am a supporter of VPN's, as you can see by my profile, unless you incorporate a good VPN solution such as Cisco and use better protocols like IPSec and possibly certificates, you may not be gaining much security.

As mentioned, just food for thought.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.