VPN Primer for Noobs

What VPN Solution are you using?


  • Total voters
    836

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
Oops... Realized that I forgot to mention one crucial step required for the above.

You need to have them activate the Ethernet LAN port on the ONT and run CAT cable for your router (vs the coax) so that you have a media connection for it. Just takes a call in most cases. If an older ONT that they need to replace or if you have to run cable that may complicate things some otherwise easy to do.
 

reflection

Getting comfortable
Joined
Jan 28, 2020
Messages
348
Reaction score
261
Location
Virginia
Oops... Realized that I forgot to mention one crucial step required for the above.

You need to have them activate the Ethernet LAN port on the ONT and run CAT cable for your router (vs the coax) so that you have a media connection for it. Just takes a call in most cases. If an older ONT that they need to replace or if you have to run cable that may complicate things some otherwise easy to do.
For mine, the OTN was already connected to the ActionTec via Ethernet. I guess the VZ installations vary depending on your location. This was about 4 years ago when I switched from Comcast to VZ.

I just moved the OTN connection from the ActionTec to my WAN vlan and moved my ActionTec to DMZ vlan.
 

aerospace1

n3wb
Joined
Jul 20, 2020
Messages
15
Reaction score
2
Location
NJ
Oops... Realized that I forgot to mention one crucial step required for the above.

You need to have them activate the Ethernet LAN port on the ONT and run CAT cable for your router (vs the coax) so that you have a media connection for it. Just takes a call in most cases. If an older ONT that they need to replace or if you have to run cable that may complicate things some otherwise easy to do.
Oops I did not mention that in my OP. I should of said besides the LAN to WAN connection to the Asus I have coax and Ethernet WAN to the AT.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
For mine, the OTN was already connected to the ActionTec via Ethernet. I guess the VZ installations vary depending on your location. This was about 4 years ago when I switched from Comcast to VZ.

I just moved the OTN connection from the ActionTec to my WAN vlan and moved my ActionTec to DMZ vlan.
Yeah, depends on what you've got. How old and how installed. Most are OK but I know from another forum that I'm on that there still are some out there with coax only connections so thought that I should mention.


Oops I did not mention that in my OP. I should of said besides the LAN to WAN connection to the Asus I have coax and Ethernet WAN to the AT.
You're in good shape then. Easy switch around the other way. As long as you don't care about the in-coming features at least.
 

Stev Wolf

Young grasshopper
Joined
May 7, 2017
Messages
84
Reaction score
7
I have a router from my Service provider. It has IPSec settings but I don't know how to set up.
I'm hoping to use it to view my cameras from my phone and tablet when away , I assume I can install software todo this on these devices?

I have called the service provider and they do not provide help on this. I cant really find any help for this modem on line either. (Smart/RG - SR516ac)
Can anyone provide help for me to set it up?

Here is a picture of the GUI.
I have a reasonable understanding of networking but this is new to me.

Thank you.

SmartRG_IPSec_Gui.JPG
 

redfive

Pulling my weight
Joined
Apr 13, 2016
Messages
509
Reaction score
205
This is for a site-to-site IPSEC, not remote access. Personal advice, buy an Edgerouter -X, put it behind the ISP router, and install WireGuard
 

Stev Wolf

Young grasshopper
Joined
May 7, 2017
Messages
84
Reaction score
7
This is for a site-to-site IPSEC, not remote access. Personal advice, buy an Edgerouter -X, put it behind the ISP router, and install WireGuard
mm rats. So you would port forward to another router that has VPN ??
What about IPTunnel. ? asume that is the same. Between two networks, there is no client for phone .
 

Stev Wolf

Young grasshopper
Joined
May 7, 2017
Messages
84
Reaction score
7
IPTunnel ??
Yes well Im not sure it fits.

I read here if I had a vpn router upstream (as I do) and it has VPN do I just port forward to that router and then set up VPN on that router, since I cant change my wan router?
 

redfive

Pulling my weight
Joined
Apr 13, 2016
Messages
509
Reaction score
205
If you put a VPN router behind the ISP router, you have to simply port-forward the required port
 

pbc

Getting comfortable
Joined
Jul 11, 2014
Messages
1,024
Reaction score
156
This is for a site-to-site IPSEC, not remote access. Personal advice, buy an Edgerouter -X, put it behind the ISP router, and install WireGuard
Curious, why WireGaurd instead of OpenVPN?

Also, when you say put the Edgerouter "behind the ISP router", do you mean to put the ISP router into bridge mode and use the Edgerouter as the main router...or something else?
 

redfive

Pulling my weight
Joined
Apr 13, 2016
Messages
509
Reaction score
205
You can put the ISP router in bridge mode ( or pppoe passthrough, if allowed), and manage the whole network via the edgerouter, you may lose the WiFi of the ISP router (if there, but also not, depend on how you configure the edgerouter-x) , or simply use the edgerouter as VPN box, forwarding the required port. I used for years OpenVPN (and I still use it), but there's no story, with WireGuard ... much much more faster, and I can keep Wireguard always connected, with my cell, it fastly switches between 4G or WiFi around, and when I'm at home, connected to my WiFi, it automatically disconnects. Last, but not least, the battery ... with WireGuard always on, I can even forget to charge the cell, with OpenVPN, the story, is slightly different
 

pbc

Getting comfortable
Joined
Jul 11, 2014
Messages
1,024
Reaction score
156
Interesting. I actually just purchased an Asus AX59U or whatever it was as my now 7 year old R7000 router is starting to bite the dust. Is there a tutorial you know of somewhere that explains how to use the Edgerouter X as a VPN box/forwarding the required port? ~$70 for the Edgerrouter-X sounds more appealing than the CAD$250 for the AX59U.
 

flynreelow

Known around here
Joined
Dec 12, 2016
Messages
1,198
Reaction score
1,086
Interesting. I actually just purchased an Asus AX59U or whatever it was as my now 7 year old R7000 router is starting to bite the dust. Is there a tutorial you know of somewhere that explains how to use the Edgerouter X as a VPN box/forwarding the required port? ~$70 for the Edgerrouter-X sounds more appealing than the CAD$250 for the AX59U.
Just set up openvpn on a raspberry pi
 

redfive

Pulling my weight
Joined
Apr 13, 2016
Messages
509
Reaction score
205
So, why not setup WireGuard on RPI ? Consider also the battery lifetime, and other advantages ...
 

pbc

Getting comfortable
Joined
Jul 11, 2014
Messages
1,024
Reaction score
156
That's a great idea, I have an RPI that's basically collecting dust. Maybe I will try WireGaurd.
 

pbc

Getting comfortable
Joined
Jul 11, 2014
Messages
1,024
Reaction score
156
Just put it on my Pi and forwarded the port (is there no security risk forwarding the port?)...and Wiregaurd seems to be working well, lightning fast connection compared to OpenVPN anyhow.

I think I messed up somewhere in the DDNS setup, and for the life of me can't find the Wiregaurd application on the Pi and therefore how to adjust parameters. But will see how it goes!
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
Wireguard is awesome. Seamless roaming between cellular and wifi (for phones/tablets), zero overhead, etc... It is also being mainlined into the Linux kernel of not already.
 

spile

Young grasshopper
Joined
Jun 11, 2020
Messages
53
Reaction score
18
Location
MIdlands UK
Curious, why WireGaurd instead of OpenVPN?

Also, when you say put the Edgerouter "behind the ISP router", do you mean to put the ISP router into bridge mode and use the Edgerouter as the main router...or something else?
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
It is also being mainlined into the Linux kernel of not already.
Code:
alastair@PC-I5 ~ $ locate wireguard
/lib/modules/5.4.0-47-generic/kernel/wireguard
/lib/modules/5.4.0-47-generic/kernel/wireguard/wireguard.ko
/lib/modules/5.4.0-48-generic/kernel/wireguard
/lib/modules/5.4.0-48-generic/kernel/wireguard/wireguard.ko
alastair@PC-I5 ~ $
 
Top