VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    836

danimal86

Getting the hang of it
Joined
Oct 8, 2019
Messages
141
Reaction score
54
Location
Sacramento, Ca
I'm back with an Asus router, bought a RT-AX86U on Friday, installed over the weekend.

Was fairly straightforward to get OpenVPN working with it. Didn't work the first time I tried, not sure if it just needed more time, was less then an hour after setting up openVPN. Or if the Home Assistant page I was testing need internet and local access. I started with local network access only. I enabled both, tried the next day, and it worked fine.

So I'm in the process of updating my blogger instructions based on what I did.

Note that I installed ASUSWRT-MERLIN before I did anything, so this will be based on merlin, and not the stock asus firmware.

Link

Randy
Thanks for putting this together. I just followed your instructions step by step and it worked on the first try.....that never happens!

I have it setup on my android. I'm guessing that i'll have to connect to my OpenVPN Profile each time i want to access the blue iris app. I'm not sure i want to just leave it connected forever....am i wrong in thinking that?
 

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
11,511
Reaction score
27,690
Location
New Jersey
Data use when the VPN is "idle" is very low and probably won't be noticed at all. If you enabled internet access through the VPN that's a different story. Then your data will be whatever it was prior to the VPN plus a tiny bit for overhead. The advantage is that you're on a VPN, to you home network anyway, which makes using your phone more secure while out and about.
 

danimal86

Getting the hang of it
Joined
Oct 8, 2019
Messages
141
Reaction score
54
Location
Sacramento, Ca
Data use when the VPN is "idle" is very low and probably won't be noticed at all. If you enabled internet access through the VPN that's a different story. Then your data will be whatever it was prior to the VPN plus a tiny bit for overhead. The advantage is that you're on a VPN, to you home network anyway, which makes using your phone more secure while out and about.
Thanks!

So when i setup the vpn on my asus router, it said:
Client will use VPN to access Local network only Internet and local network
I opted to choose the Local Network Only. So i'm thinking that only when i access my home network it will be routed through the vpn?

I was really worried about messing with anything with our home network (especially during work hours....oops) since the whole Work From Home thing is looking more permanent, we have to have internet 100% of the time.
 

randytsuch

Pulling my weight
Joined
Oct 1, 2016
Messages
495
Reaction score
176
Thanks for putting this together. I just followed your instructions step by step and it worked on the first try.....that never happens!

I have it setup on my android. I'm guessing that i'll have to connect to my OpenVPN Profile each time i want to access the blue iris app. I'm not sure i want to just leave it connected forever....am i wrong in thinking that?
Thanks for confirming my instructions are good. I thought they were, but its nice to know someone was able to follow them without issues.

FWIW, I turn off VPN when I'm not using it, but I guess it really doesn't matter. Pretty easy to turn on and off on my phone where I use it.

Randy
 

danimal86

Getting the hang of it
Joined
Oct 8, 2019
Messages
141
Reaction score
54
Location
Sacramento, Ca
Thanks for confirming my instructions are good. I thought they were, but its nice to know someone was able to follow them without issues.

FWIW, I turn off VPN when I'm not using it, but I guess it really doesn't matter. Pretty easy to turn on and off on my phone where I use it.

Randy
I need to revise my thinking. I ran into my first problem with leaving the vpn on all the time. I noticed my phone wouldn't connect to android auto, and waze and google maps was offline when i tried to use it outside of my home network. Looks like i'll be leaving it off until i need it.
 

user8963

Known around here
Joined
Nov 26, 2018
Messages
1,465
Reaction score
2,315
Location
Christmas Island
i had time yesterday to install wireguard on pfsense 2.5.2 again (after they removed it) ... its now(for 2-3 months) there as a package.
speed is good... can easily max out my fiber, which was never possible with openvpn, works lot better than on rpi because you can setup rules directly for wireguard.

an interesting feature on the wireguard app... you can setup the apps you wish to use the vpn only.. and it is working fine !

what i still not figured out is how i can setup the wireguard tunnel in an interface to have the different rules for different tunnels "better". sure you can set rules for a tunnel subnet only inside the wireguard rules tab, but i like interface way more.

rule1.PNG

not sure if i am doing right, but it works this way.

also what i still not figured out... how to transfer the keys "secure". when dealing with many users its really stressfull to setup wireguard for each device because it seems you have to copy the keys manually.

have to look into battery drain from wireguard app/win client,, you cannot disconnect the tunnel like on openvpn... it seems to run always and if you close it, it connect automatic after some time / reboot
 

ARAMP1

Pulling my weight
Joined
Feb 13, 2018
Messages
242
Reaction score
171
Location
Memphis, TN
i had time yesterday to install wireguard on pfsense 2.5.2 again (after they removed it) ... its now(for 2-3 months) there as a package.
speed is good... can easily max out my fiber, which was never possible with openvpn, works lot better than on rpi because you can setup rules directly for wireguard.

an interesting feature on the wireguard app... you can setup the apps you wish to use the vpn only.. and it is working fine !

what i still not figured out is how i can setup the wireguard tunnel in an interface to have the different rules for different tunnels "better". sure you can set rules for a tunnel subnet only inside the wireguard rules tab, but i like interface way more.

View attachment 104298

not sure if i am doing right, but it works this way.

also what i still not figured out... how to transfer the keys "secure". when dealing with many users its really stressfull to setup wireguard for each device because it seems you have to copy the keys manually.

have to look into battery drain from wireguard app/win client,, you cannot disconnect the tunnel like on openvpn... it seems to run always and if you close it, it connect automatic after some time / reboot
Thanks for posting. I forgot about wireguard. Just downloaded it and I'm going to try it out.
 

asq19

n3wb
Joined
Feb 1, 2020
Messages
4
Reaction score
6
Location
Oregon
i had time yesterday to install wireguard on pfsense 2.5.2 again (after they removed it) ... its now(for 2-3 months) there as a package.
speed is good... can easily max out my fiber, which was never possible with openvpn, works lot better than on rpi because you can setup rules directly for wireguard.

an interesting feature on the wireguard app... you can setup the apps you wish to use the vpn only.. and it is working fine !

what i still not figured out is how i can setup the wireguard tunnel in an interface to have the different rules for different tunnels "better". sure you can set rules for a tunnel subnet only inside the wireguard rules tab, but i like interface way more.

View attachment 104298

not sure if i am doing right, but it works this way.

also what i still not figured out... how to transfer the keys "secure". when dealing with many users its really stressfull to setup wireguard for each device because it seems you have to copy the keys manually.

have to look into battery drain from wireguard app/win client,, you cannot disconnect the tunnel like on openvpn... it seems to run always and if you close it, it connect automatic after some time / reboot
Thank you for providing this as an alternative. Seems flexible as well.
 

ARAMP1

Pulling my weight
Joined
Feb 13, 2018
Messages
242
Reaction score
171
Location
Memphis, TN
I ended up setting up wireguard and it works like a champ.


This guy Christian McDonald was just playing around with wireguard and making it better and was eventually hired by pfSense to develop wireguard. I watched his channel to help set mine up.

 

gregip

Young grasshopper
Joined
Nov 16, 2017
Messages
59
Reaction score
9
Location
Australia
As a newbie to CCTV and networking, I've read pages and pages and then discover to my surprise (page 65 of this thread) that a VPN won't work on my 4G wireless modem. Is this correct? Maybe in my ignorance I misread something or misunderstood something.
I'm considering installing a Dahua CCTV / NVR system here at home that I can access remotely and the only home internet access I have is via a wireless modem. No wires around in this rural area!
 
Last edited:

spile

Young grasshopper
Joined
Jun 11, 2020
Messages
53
Reaction score
18
Location
MIdlands UK
As a newbie to CCTV and networking, I've read pages and pages and then discover to my surprise (page 65 of this thread) that a VPN won't work on my 4G wireless modem. Is this correct? Maybe in my ignorance I misread something or misunderstood something.
I'm considering installing a Dahua CCTV / NVR system here at home that I can access remotely and the only home internet access I have is via a wireless modem. No wires around in this rural area!
I cannot see why. Obviously you will need a ddns like noip or duckdns to deal with not having a static IP address from your phone provider.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
Wireless service do not provide a static IP addresses for home cellular networks in the United States. This may be country dependent. Your wireless IP address may change during an on going conversation.

Look at ngok or Hamachi for remote access to a home cellular network (I have NOT used these)
 

Bob Schulz

Pulling my weight
Joined
Apr 29, 2019
Messages
97
Reaction score
125
Location
MD
I am starting to look into replacing my Linksys EA9500 router. For a VPN service I have been mostly using ExpressVPN for hiding my activity. This runs as a client on my computers and not on this router.
From what I am understanding an alternative router would be the Asus RT-AX86U with Merlin installed.
Would this be a good setup to go with or are there better alternatives?
Would I be better off running OpenVPN or should I still use expressvpn installed on it?
Thanks for any help offered.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,428
Reaction score
47,541
Location
USA
If you goal is to isolate your cameras from the internet, then you need a VPN that does not hide your IP for your porn addiction :lmao:

The whole point of using a VPN for cameras is to put your device back onto your home IP address range. ExpressVPN does just the opposite and looks like you are in India.

OpenVPN is free. If you are paying for a VPN, that is not the VPN needed to secure your system. In fact it can be the opposite because all your data is being routed who knows where in order to hide your IP address.
 

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
11,511
Reaction score
27,690
Location
New Jersey
ExpressVPN is an outbound VPN designed to hide your surfing. OpenVPN is an inbound VPN designed to secure your network by only allowing authenticated connections from outside to access your network. ExpressVPN does nothing to secure or allow you to protect your network from being hacked by outside source. OpenVPN does exactly that.
 

Bob Schulz

Pulling my weight
Joined
Apr 29, 2019
Messages
97
Reaction score
125
Location
MD
I did have an OpenVPN that I installed on a Raspberry Pi. It has been down for quite awhile now and that is one of the reasons I was thinking about the ASUS RT-AX86U or better, running OpenVPN. Would I still need to run ExpressVPN on my PCs to hide my illicit activities?
 

cyberwolf_uk

Getting comfortable
Joined
Sep 27, 2014
Messages
606
Reaction score
705
I did have an OpenVPN that I installed on a Raspberry Pi. It has been down for quite awhile now and that is one of the reasons I was thinking about the ASUS RT-AX86U or better, running OpenVPN. Would I still need to run ExpressVPN on my PCs to hide my illicit activities?
I'm a big fan of running your VPN and the front door...i.e. your router / modem... As for you access to PornHub, you will still need to have ExpressVPN running to hide your IP address from them ;)
 
Top