Open VPN- struggling to "get it".....

Discussion in 'Networking' started by injunear, Jun 30, 2019.

Share This Page

  1. Netwalker

    Netwalker Young grasshopper

    Joined:
    Aug 8, 2017
    Messages:
    41
    Likes Received:
    24
    Yes, if the vpn server isn’t on the router, you’ll have to use port forwarding in order to let the router know where you want data from that port sent to.

    In this case it’s only going to be the port for the vpn connection. The BI ports or anything else you may have inside your lan are still blocked from wan access, but can still be accessed using the vpn tunnel.
     
    TL1096r likes this.
  2. TL1096r

    TL1096r Pulling my weight

    Joined:
    Jan 28, 2017
    Messages:
    848
    Likes Received:
    190
    I am not trusting forwarding any ports. Maybe it is different here.

    "The default port you need to forward is 1194. However, we recommend port forwarding a different port and using that instead to try and avoid open port scans on your home network. Remember the port you set as you will need this later on in the tutorial. The protocol you will have to make use of for this port is UDP"

    Why would choosing a different port than 1194 avoid open port scans? Wouldn't any open port lead to scans and vulnerability?

    I bought an asus router to setup openvpn no port forwarding but interested in this as a safe option for other networks without the built in openvpn in their router.
     
  3. NoloC

    NoloC Getting comfortable

    Joined:
    Nov 24, 2014
    Messages:
    683
    Likes Received:
    414
    Arguably UDP does not respond to ping so you are essentially stealth.
     
    TL1096r likes this.
  4. Netwalker

    Netwalker Young grasshopper

    Joined:
    Aug 8, 2017
    Messages:
    41
    Likes Received:
    24
    It’s not really any less secure than router based other than the fact you’re exposing one more device to WAN than when you do it via router alone.

    When you run the VPN server on your router, you’re still opening a port. It’s just directly to software on the router, so you aren’t normally presented with the option.

    In fact running the VPN on a real computer could be more secure because that VPN server is generally going to receive software vulnerability patches more regularly.

    It’s also probably going to be a faster & more stable connection with more configuration flexibility because most routers are pretty underpowered system resource wise (ram+cpu).
     
    Last edited: Jul 6, 2019
    alastairstevenson and TL1096r like this.
  5. IAmATeaf

    IAmATeaf Getting comfortable

    Joined:
    Jan 13, 2019
    Messages:
    662
    Likes Received:
    315
    Location:
    United Kingdom
    If you setup the inbuilt Windows VPN as mentioned by @Netstalker how or what client would you use on say an iPhone to establish a connection?
     
  6. Netwalker

    Netwalker Young grasshopper

    Joined:
    Aug 8, 2017
    Messages:
    41
    Likes Received:
    24
    Either the built in, or if using OpenVPN, there’s an “OpenVPN Connect” app which is what I use.

    Edit:

    I see you asked specifically for Windows builtin. I use OpenVPN, so I’m not 100% certain the exact setup you’d need. Just stay away from L2TP I think windows has the ability for IPSec which is supported by iOS.

    Edit #2:

    Google tells me pptp is the only option supported by Windows builtin server. Not a good (secure) option, install OpenVPN instead.
     
    Last edited: Jul 17, 2019
  7. Holbs

    Holbs Pulling my weight

    Joined:
    May 1, 2019
    Messages:
    116
    Likes Received:
    103
    Location:
    Reno, NV
    from Amazon Review of this model. Something for future folk to take to mind since this router does not support any VPN of sort:
    "Looks like Linksys has abandanoded their promised features for this router?! Where is all-band steering (not just 5Ghz)? Where is VPN? This router came with the promise of a number of great innovations, advertised for months on Linksys' own website: DFS, VPN, true bandsteering and much more. Not just has none of it materialized, Linksys has now sheepishly removed all mention of it 'coming soon' from their site, making me worry they have ditched them altogether."
    Me personally, I would take it back. Doesn't seam linksys care to support or enhance this router. You said your router was only 2 days old back a couple weeks ago. Surely, you can return it and get another router.
     
    looney2ns likes this.