Setting up VPN to access home PC from remote location

I have a dynamic IP address from my cable company...
I would like to set up a VPN so that when on vacation I can use my laptop
to access my primary computer at home...

I signed up with OpenDNS so that it would resolve my public IP...
I set up the OpenDNS settings in my router...
And I downloaded the the OpenDNS updater...

Now....I don;t know what to do and I'm not finding any good explanation at OpenDNS...

Can anyone talk me thru this...???
LVL 2
Steve MutchlerIT TechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
I use a VPN box for this. Easier. I have VPN to home and Radmin Server at home so I can connect to my machine and use it just like I was there.

I can help you if you wish.

If you want Open VPN, there is surely a person here who could help.

I also have DHCP on my home modem, but my ISP rarely changes it (one every couple of years or so). So I treat as Static and that works for me. I need home to be static because my remote connection is always dynamic and different depending on the location.
0
Steve MutchlerIT TechAuthor Commented:
You know....I never checked to see how long my IP stays....if it's not changed very often....I could consider it a "static" IP and treat it as such...
The problem is....If I am remote and I try to VPN in...and the IP HAS changed...then I'm locked out until I get home and can check it...
Quick read on the Radmin Server and there are possibilities there...but it seems like this is kinda a super dooper Team Viewer...
0
Owen RubinConsultantCommented:
OpenDNS will assign you (or you pick) a name which will be something like name.opendns.org. You will have to check your account to get that.  This should point to your router's outside address, NOT to your machine inside the router. That machine has a private address I assume, something like 192.168.10.x.

To get from your router to your computer, you should do three things:
1). Set your primary computer up to always receive the same address inside. There should be a setting somewhere in your router to assign Mac addresses to IP addresses so they always get the same address.
2). Add a Port Forwarding (usually under gaming in many routers) to forward an outside port to the proper inside port on your primary computer. Many routers will help you set this up. It usually entails picking the protocol you want to use (like RDP or VNC) and then specifying the outside port, the inside port, and the machine insider your local network that gets that traffic.
3). If you really want VPN, you will either need VPN software on your primary computer, or if VPN is available on your router, use that. Many routers now include an OpenVPN server, and there are free OpenVPN clients.  You would still have to forward the VPN protocol and port to your primary machine which will handle the VPN end.  Then you still need a program to access to computer if you want to do screen sharing.  

Remote Desktop Sharing is built into most Windows Machines, and Screen Sharing (in the Sharing System Preference) which uses VNC protocols is built into most Macs.

BUT, you really do not need VPN to connect to your primary computer.

You could use RDP (Remote Desktop) if Windows, or Screen Sharing if Mac.  RDP uses port 3389, Mac Screen Sharing  uses VNC protocols so it uses port 5900. I recommend using a different outside port #  since attacks on home routers usually try standard ports first.  So, for example, port forward for RDP say port 45012 (this can be almost any port number, I like higher ones) to port 3389. Then, when outside your house, use an RDP client, create a connection profile in RDP Client to your OpenDNS address and port 45012, and it should connect to your desktop.  Similar for a Mac, assign some high up port to forward to 5900, and then use a VNC client to connect to a Mac via that high port.

If you want VPN for added security, you could add a VPN server onto your primary machine.

NOTE: I would only turn on remote access when out of the home. Site scanners will look for open ports, and try and exploit them.  Make sure you use a very good password on ALL accounts if on Windows, and only allow one account to connect via RDP (in the RDP settings, Google Remote Desktop). Same for Mac, you can add a seperate Screen Sharing password. Make it very strong,

Happy to give more detail if needed.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Tom CieslikIT EngineerCommented:
It is much easier to install Teamviewer free and add your home computer to unattended support.
Then on laptop you going to be able connect to your home computer (similar like remote desktop) and you going to be able send / receive files.
Also you can shot home computer screen off remotely so no one will see what you doing.

TeamViewer for home users is free.


www.teamviewer.com
0
Giovanni HewardCommented:
If you want an ingress solution, I suggest a VPN as opposed to exposing RDP or VNC directly.  You need to combine a Dynamic DNS service (such as DynDNS or Dynu) with a VPN solution, such as OpenVPN.  The dynamic DNS service will give you a DNS name which will resolve to your public IP address.  They will give you a client to run on the same server you'll use for OpenVPN to automatically poll your public IP address at a preset interval.  Once your IP address changes it will automatically detect the change and update your host record with the correct IP address.  Additionally, you'll need to configure port address translation to direct your public 1194/UDP port to your private OpenVPN server.

If you want an egress solution, TeamViewer is a good choice.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Prabhin MPEngineer-TechOPSCommented:
can you try noIP , it supports various routers.
Its easy to configure
0
Giovanni HewardCommented:
If you want to use OpenDNS with Dynamic DNS services, see https://support.opendns.com/hc/en-us/articles/227987767-Using-Dynamic-DNS-with-OpenDNS
0
Steve MutchlerIT TechAuthor Commented:
Guys...thanks for all the comments...I realize I got to go back and do more studying...
I don't know as much about this stuff as I thought I did...

I thought OpenDNS would stabilize my public IP to my dynamic IP....evidently it does not but Dynamic DNS does...

If I am going to make this work I THINK I need to do the following...
1. Dynamic DNS so the public IP follows my dynamic IP...probably not saying this very well...
2. Put the new DNS settings in my router...
3. Check my router and see if I can set up a VPN...
4. On my remote computer...set up a VPN connection pointing to my Dynamic IP "name"...
Do I have this about right...???

My other option is to use Team Viewer or similar....
Right now I'm using Ultra Viewer and it works fine except it does not want to seem to run in the background after rebooting...
0
Giovanni HewardCommented:
0
JohnBusiness Consultant (Owner)Commented:
For 1 (if this is what you want) you need Dyn DNS which is a service you pay for. If you do this, ask them (Dyn DNS) about your own DN settings.

For 3 check your router documentation

For 4, yes if all set up right, although it might be easier to use the IP supplied by Dyn DNS . The latter is what we have done.
0
Owen RubinConsultantCommented:
Can you tell us the make and model of your router? Then we can look to see what is built in and what you need to set up and where. Thanks
0
Steve MutchlerIT TechAuthor Commented:
Owen...I have a Netgear WNDR3400 v3
And Thanks...
I have Dynamic IP supplied by ISP...
0
Steve MutchlerIT TechAuthor Commented:
Ok...my router does NOT have VPN capability...
I need a dynamic DNS service...

Who do I choose...
1. DynDNS.org
2.no-ip.com
Does it make any difference...???
0
JohnBusiness Consultant (Owner)Commented:
We have used Dyn DNS and it works well. I cannot say for no-ip
0
Giovanni HewardCommented:
Dynu is free (see link above).  Services are pretty much the same, you just want a hostname you can memorize easily.
0
Steve MutchlerIT TechAuthor Commented:
I'm going to close this question because...  1. leaving on vacation this coming weekend and will be gone for some time...and 2. From my studying of the issue...I need to learn a LOT and will need to get a VPN router...

HOWEVER....I am CERTAIN I will be back with more questions in a couple months as I get into this project...
0
Giovanni HewardCommented:
You don't necessarily need a VPN router. As long as your router supports port forwarding, you can direct VPN traffic to a dedicated internal host. OpenVPN works on Windows and Linux, so whichever your most comfortable with.
0
Steve MutchlerIT TechAuthor Commented:
Giovanni...it appears to me that a VPN router will make things easier...my router DOES support port forwarding...and I have used port forward...
But this VPN stuff is totally new to me...I thought understood it...but I really don;t...
So I need to study...experiment a bit...make a few mistakes and figure it out...

Many thanks for your help...but I think this is going to boil down to someone giving me some specific instructions
that I follow to set my first one up...after that I can expand out and figure out other ways of doing this...
0
Tom CieslikIT EngineerCommented:
Steve, try Team Viewer, you don;t need instruction for that and you don't need compromise your Firewall.
0
Owen RubinConsultantCommented:
Tom, has it improved recently. I just found its updates way too slow to be useful. Perhaps its time to look at it again.
0
Owen RubinConsultantCommented:
Steve, when do you leave. We can set up a temporary solution until you get a new router. I am happy to walk through a few different ways on on the PM board. But Tom could also be right here, for now, use something like Team Viewer until you can get a VPN router. I really liked my Linksys WRT1900AC. It has Dynamic DNS built in, as well as an OpenVPN server. It has all the proper forwarding options and rules. And it is an open source router.

https://www.linksys.com/us/p/P-WRT1900AC/
0
Steve MutchlerIT TechAuthor Commented:
Thanks guys....Leaving this coming Saturday for an extended vacation in Arizona, New Mexico and a short foray into Old Mexico....be gone about 5 weeks...

I am very familiar with Team Viewer...I have used the free version a number of times...and I think I used it too many times as they
cut me off....So I'm using Ultra Viewer now....works exactly and looks the same as Team Viewer...so that will be my ticket for this vacation...

I'm learning a lot and I'm hoping you guys are around when I get back and we can revisit this conversation...

There is also a second need with this question....I support a bunch of home users...but I have a few very small commercial accounts....1-4 people in the office.....one of these clients wants me to set up a VPN for their office....and I was going to do it in my home first as a
learning process....

And a third need as I am also considering using a VPN service for privacy concerns...So these 3 issues are all tied together and I'm
trying to figure things out....So the router I use for my home is a major consideration...

But this first question is for my home VPN only....and other questions I will post will be on the other aspects...

many thanks for all you help...
See you in a f ew weeks...

So...I;'ve got a ways to go...
0
JohnBusiness Consultant (Owner)Commented:
why not get a small Cisco router VPN box and just use IPsec. Easier, I think.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.