Best VPN Solution for Extensive Home Network

Posted on 2013-11-23
Medium Priority
Last Modified: 2013-12-29
Hey Guys -

I have a "server" at home which hosts many different applications and services.  It's a hardware powerhouse, but needs to be.  Due to the amount of things I host, I have over 20 different ports forwarded in my router alone.

For remote connectivity, I do use DynDNS to set a purchased domain name and run the utility to update DNS if my ip changes.  To Remote Desktop to the server, I still use the standard Windows RDP.  I did forward the listening port to something other than 3389, but besides that, my credentials is the only security I have in place.

I'm used to working in an IT environment which has a much larger budget where we have Cisco, Juniper, or some other high end VPN to connect.  I'd like to have something similar at home, but don't know what would be best and sill have the features I need.

Overall Question
I'm looking for the best VPN (preferably software) which fits my needs.  Since i work from home, my job said they'd pay for a software VPN to my house, but not a hardware one for whatever reason so price isn't the biggest issue.  The only thing more important than security for me is compatibility & usability.  I connect to services (besides RDP) on the same network/server with my iPad, iPhone, Android phone, etc; and would need for a client or other simple solution to exist for them too.  If need be, would is be possible to just secure some services which are scanned for like RDP, etc?

One idea I did think of was using OpenWRT.  I just set up a new router with it, but would this help the situation at all?  With all the packages it offers, surely something would help out.  Below are the specs of my environment:

Environment Specs
If setting up a software VPN, it would be on Windows 7 x64.  Don't know if it's neccesary, but here's some of the other hardware I have:
- Current Router:  WNDR4500 (Have new Buffalo with OpenWRT I'm testing with, though)
- Hardware on Network
- x1 Windows 7 x64 Workstations (my primary "server that hosts 95% of what I connect to remotely" )
- x1 ESX 5.1 server (installed on a workstation for testing)
   - x2 Linux VMs
   - x3 Windows Server VMs
- x6 iPhones / iPads / Android / iPod Devices
- x2 Raspberry Pis (1 a dedicated OpenElec XBMC Server / other for testing)
- plus a few other things like consoles & receivers

Any ideas?  Thanks!
Question by:BzowK
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 35

Expert Comment

by:Dan Craciun
ID: 39671797
OpenWRT can use OpenVPN to setup a VPN in the router, which you can then use to remote into your network and from there work securely almost as if you are locally connected.

Here's and article on how to configure it: http://wiki.openwrt.org/doc/howto/vpn.openvpn

PS: I use, at one of my clients, an old Linksys RV042.
I setup VPN in it and use ShrewVPN client to allow remote computers to log into the network.
Work well for years.


Author Comment

ID: 39675433
Dan -

Thanks for the reply.  I've got a few questions, though.
1.  I briefly read through the documentation from the link you sent me.  It seems as though the computers must be joined to a domain to be able to connect (about half way down.)  Is that true?

2. Can I just use VPN for RDP and keep other services / ports publicly open for services such as media servers?

3. IOS (iPad/iPhone) comes with native VPN configuration capability plus you can download apps to extend this for more complex settings.  Know if possib le to connect iPad / iPhone / Android to this "type" of VPN?

Sorry for all the questions.  Going to try to play with it this afternoon and see if I can figure out some of it.

LVL 35

Accepted Solution

Dan Craciun earned 2000 total points
ID: 39675560
1. No, you do not need a domain. Ignore that section if you do not have a DC at home.

2. Using VPN does not close other ports. You can even keep the current RDP port open (although I do not see a reason why).

3. IOS has an official OpenVPN client here: https://itunes.apple.com/app/openvpn-connect/id590379981
The official client for Android is here: https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en

It's not going to be a walk in the park on your first try, so read carefully any guide you find.
LVL 77

Expert Comment

by:Rob Williams
ID: 39687261
Just to provide food for thought, are you sure you need a VPN?

-If connecting from many devices you may have issues with VPN client compatibility
-In order to be compatible, you will likely choose a basic VPN such as PPTP.  If so port scanners will determine port 1723 and you are back to basic username and password for security
-RDP encryption is as good or better than PPTP encryption
-VPN's have 1 major security flaw, a wide open tunnel between the corporate network and a remote network over which IT has no control.  If ehe remote site gets hacked they can often access the corporate site, or a network shared virus can easily be spread over the VPN
-RDP with the default port changed, avoid common user names like admin, a strong password, and local group policy set for account lockouts after 5 or 6 wrong guesses, is actually quite secure

Though I am a supporter of VPN's, as you can see by my profile, unless you incorporate a good VPN solution such as Cisco and use better protocols like IPSec and possibly certificates, you may not be gaining much security.

As mentioned, just food for thought.

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question