Open VPN- struggling to "get it".....

Netwalker

Young grasshopper
Joined
Aug 8, 2017
Messages
41
Reaction score
24
I thought you did not need to port forward with VPN. Both links suggest port forwarding?
Yes, if the vpn server isn’t on the router, you’ll have to use port forwarding in order to let the router know where you want data from that port sent to.

In this case it’s only going to be the port for the vpn connection. The BI ports or anything else you may have inside your lan are still blocked from wan access, but can still be accessed using the vpn tunnel.
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,057
Reaction score
309
Yes, if the vpn server isn’t on the router, you’ll have to use port forwarding in order to let the router know where you want data from that port sent to.

In this case it’s only going to be the port for the vpn connection. The BI ports or anything else you may have inside your lan are still blocked from wan access, but can still be accessed using the vpn tunnel.
I am not trusting forwarding any ports. Maybe it is different here.

"The default port you need to forward is 1194. However, we recommend port forwarding a different port and using that instead to try and avoid open port scans on your home network. Remember the port you set as you will need this later on in the tutorial. The protocol you will have to make use of for this port is UDP"

Why would choosing a different port than 1194 avoid open port scans? Wouldn't any open port lead to scans and vulnerability?

I bought an asus router to setup openvpn no port forwarding but interested in this as a safe option for other networks without the built in openvpn in their router.
 

NoloC

Getting comfortable
Joined
Nov 24, 2014
Messages
683
Reaction score
414
Arguably UDP does not respond to ping so you are essentially stealth.
 

Netwalker

Young grasshopper
Joined
Aug 8, 2017
Messages
41
Reaction score
24
I am not trusting forwarding any ports. Maybe it is different here.

"The default port you need to forward is 1194. However, we recommend port forwarding a different port and using that instead to try and avoid open port scans on your home network. Remember the port you set as you will need this later on in the tutorial. The protocol you will have to make use of for this port is UDP"

Why would choosing a different port than 1194 avoid open port scans? Wouldn't any open port lead to scans and vulnerability?

I bought an asus router to setup openvpn no port forwarding but interested in this as a safe option for other networks without the built in openvpn in their router.
It’s not really any less secure than router based other than the fact you’re exposing one more device to WAN than when you do it via router alone.

When you run the VPN server on your router, you’re still opening a port. It’s just directly to software on the router, so you aren’t normally presented with the option.

In fact running the VPN on a real computer could be more secure because that VPN server is generally going to receive software vulnerability patches more regularly.

It’s also probably going to be a faster & more stable connection with more configuration flexibility because most routers are pretty underpowered system resource wise (ram+cpu).
 
Last edited:

IAmATeaf

Getting comfortable
Joined
Jan 13, 2019
Messages
747
Reaction score
369
Location
United Kingdom
If you setup the inbuilt Windows VPN as mentioned by @Netstalker how or what client would you use on say an iPhone to establish a connection?
 

Netwalker

Young grasshopper
Joined
Aug 8, 2017
Messages
41
Reaction score
24
If you setup the inbuilt Windows VPN as mentioned by @Netstalker how or what client would you use on say an iPhone to establish a connection?
Either the built in, or if using OpenVPN, there’s an “OpenVPN Connect” app which is what I use.

Edit:

I see you asked specifically for Windows builtin. I use OpenVPN, so I’m not 100% certain the exact setup you’d need. Just stay away from L2TP I think windows has the ability for IPSec which is supported by iOS.

Edit #2:

Google tells me pptp is the only option supported by Windows builtin server. Not a good (secure) option, install OpenVPN instead.
 
Last edited:

Holbs

Pulling my weight
Joined
May 1, 2019
Messages
159
Reaction score
134
Location
Reno, NV
from Amazon Review of this model. Something for future folk to take to mind since this router does not support any VPN of sort:
"Looks like Linksys has abandanoded their promised features for this router?! Where is all-band steering (not just 5Ghz)? Where is VPN? This router came with the promise of a number of great innovations, advertised for months on Linksys' own website: DFS, VPN, true bandsteering and much more. Not just has none of it materialized, Linksys has now sheepishly removed all mention of it 'coming soon' from their site, making me worry they have ditched them altogether."
Me personally, I would take it back. Doesn't seam linksys care to support or enhance this router. You said your router was only 2 days old back a couple weeks ago. Surely, you can return it and get another router.
 
Top