VPN Primer for Noobs

[danimal86]

I'm back with an Asus router, bought a RT-AX86U on Friday, installed over the weekend.

Was fairly straightforward to get OpenVPN working with it. Didn't work the first time I tried, not sure if it just needed more time, was less then an hour after setting up openVPN. Or if the Home Assistant page I was testing need internet and local access. I started with local network access only. I enabled both, tried the next day, and it worked fine.

So I'm in the process of updating my blogger instructions based on what I did.

Note that I installed ASUSWRT-MERLIN before I did anything, so this will be based on merlin, and not the stock asus firmware.

Link

Randy

Thanks for putting this together. I just followed your instructions step by step and it worked on the first try.....that never happens!

I have it setup on my android. I'm guessing that i'll have to connect to my OpenVPN Profile each time i want to access the blue iris app. I'm not sure i want to just leave it connected forever....am i wrong in thinking that?

 

[sebastiantombs]

Data use when the VPN is "idle" is very low and probably won't be noticed at all. If you enabled internet access through the VPN that's a different story. Then your data will be whatever it was prior to the VPN plus a tiny bit for overhead. The advantage is that you're on a VPN, to you home network anyway, which makes using your phone more secure while out and about.

 

[danimal86]

Data use when the VPN is "idle" is very low and probably won't be noticed at all. If you enabled internet access through the VPN that's a different story. Then your data will be whatever it was prior to the VPN plus a tiny bit for overhead. The advantage is that you're on a VPN, to you home network anyway, which makes using your phone more secure while out and about.

Thanks!

So when i setup the vpn on my asus router, it said:

Client will use VPN to access	Local network only Internet and local network

I opted to choose the Local Network Only. So i'm thinking that only when i access my home network it will be routed through the vpn?

I was really worried about messing with anything with our home network (especially during work hours....oops) since the whole Work From Home thing is looking more permanent, we have to have internet 100% of the time.

 

[sebastiantombs]

The VPN will only work when you're outside your own local LAN.

 

[danimal86]

The VPN will only work when you're outside your own local LAN.

That's great to hear. I'm just going to leave it running in the background of my phone and laptop.

Its also nice to be able to close another port that I was using for my unRAID server!

 

[randytsuch]

Thanks for putting this together. I just followed your instructions step by step and it worked on the first try.....that never happens!

I have it setup on my android. I'm guessing that i'll have to connect to my OpenVPN Profile each time i want to access the blue iris app. I'm not sure i want to just leave it connected forever....am i wrong in thinking that?

Thanks for confirming my instructions are good. I thought they were, but its nice to know someone was able to follow them without issues.

FWIW, I turn off VPN when I'm not using it, but I guess it really doesn't matter. Pretty easy to turn on and off on my phone where I use it.

Randy

 

[danimal86]

Thanks for confirming my instructions are good. I thought they were, but its nice to know someone was able to follow them without issues.

FWIW, I turn off VPN when I'm not using it, but I guess it really doesn't matter. Pretty easy to turn on and off on my phone where I use it.

Randy

I need to revise my thinking. I ran into my first problem with leaving the vpn on all the time. I noticed my phone wouldn't connect to android auto, and waze and google maps was offline when i tried to use it outside of my home network. Looks like i'll be leaving it off until i need it.

 

[user8963]

i had time yesterday to install wireguard on pfsense 2.5.2 again (after they removed it) ... its now(for 2-3 months) there as a package.
speed is good... can easily max out my fiber, which was never possible with openvpn, works lot better than on rpi because you can setup rules directly for wireguard.

an interesting feature on the wireguard app... you can setup the apps you wish to use the vpn only.. and it is working fine !

what i still not figured out is how i can setup the wireguard tunnel in an interface to have the different rules for different tunnels "better". sure you can set rules for a tunnel subnet only inside the wireguard rules tab, but i like interface way more.



not sure if i am doing right, but it works this way.

also what i still not figured out... how to transfer the keys "secure". when dealing with many users its really stressfull to setup wireguard for each device because it seems you have to copy the keys manually.

have to look into battery drain from wireguard app/win client,, you cannot disconnect the tunnel like on openvpn... it seems to run always and if you close it, it connect automatic after some time / reboot

 

[ARAMP1]

i had time yesterday to install wireguard on pfsense 2.5.2 again (after they removed it) ... its now(for 2-3 months) there as a package.
speed is good... can easily max out my fiber, which was never possible with openvpn, works lot better than on rpi because you can setup rules directly for wireguard.

an interesting feature on the wireguard app... you can setup the apps you wish to use the vpn only.. and it is working fine !

what i still not figured out is how i can setup the wireguard tunnel in an interface to have the different rules for different tunnels "better". sure you can set rules for a tunnel subnet only inside the wireguard rules tab, but i like interface way more.

View attachment 104298

not sure if i am doing right, but it works this way.

also what i still not figured out... how to transfer the keys "secure". when dealing with many users its really stressfull to setup wireguard for each device because it seems you have to copy the keys manually.

have to look into battery drain from wireguard app/win client,, you cannot disconnect the tunnel like on openvpn... it seems to run always and if you close it, it connect automatic after some time / reboot

Thanks for posting. I forgot about wireguard. Just downloaded it and I'm going to try it out.

 

[asq19]

i had time yesterday to install wireguard on pfsense 2.5.2 again (after they removed it) ... its now(for 2-3 months) there as a package.
speed is good... can easily max out my fiber, which was never possible with openvpn, works lot better than on rpi because you can setup rules directly for wireguard.

an interesting feature on the wireguard app... you can setup the apps you wish to use the vpn only.. and it is working fine !

what i still not figured out is how i can setup the wireguard tunnel in an interface to have the different rules for different tunnels "better". sure you can set rules for a tunnel subnet only inside the wireguard rules tab, but i like interface way more.

View attachment 104298

not sure if i am doing right, but it works this way.

also what i still not figured out... how to transfer the keys "secure". when dealing with many users its really stressfull to setup wireguard for each device because it seems you have to copy the keys manually.

have to look into battery drain from wireguard app/win client,, you cannot disconnect the tunnel like on openvpn... it seems to run always and if you close it, it connect automatic after some time / reboot

Thank you for providing this as an alternative. Seems flexible as well.

 

[ARAMP1]

I ended up setting up wireguard and it works like a champ.


This guy Christian McDonald was just playing around with wireguard and making it better and was eventually hired by pfSense to develop wireguard. I watched his channel to help set mine up.

 

[asq19]

Thought this was an interesting read. WireGuard vs OpenVPN: 7 Big Difference

 

[gregip]

As a newbie to CCTV and networking, I've read pages and pages and then discover to my surprise (page 65 of this thread) that a VPN won't work on my 4G wireless modem. Is this correct? Maybe in my ignorance I misread something or misunderstood something.
I'm considering installing a Dahua CCTV / NVR system here at home that I can access remotely and the only home internet access I have is via a wireless modem. No wires around in this rural area!

 

[spile]

As a newbie to CCTV and networking, I've read pages and pages and then discover to my surprise (page 65 of this thread) that a VPN won't work on my 4G wireless modem. Is this correct? Maybe in my ignorance I misread something or misunderstood something.
I'm considering installing a Dahua CCTV / NVR system here at home that I can access remotely and the only home internet access I have is via a wireless modem. No wires around in this rural area!

I cannot see why. Obviously you will need a ddns like noip or duckdns to deal with not having a static IP address from your phone provider.

 

[SouthernYankee]

Wireless service do not provide a static IP addresses for home cellular networks in the United States. This may be country dependent. Your wireless IP address may change during an on going conversation.

Look at ngok or Hamachi for remote access to a home cellular network (I have NOT used these)

 

[Bob Schulz]

I am starting to look into replacing my Linksys EA9500 router. For a VPN service I have been mostly using ExpressVPN for hiding my activity. This runs as a client on my computers and not on this router.
From what I am understanding an alternative router would be the Asus RT-AX86U with Merlin installed.
Would this be a good setup to go with or are there better alternatives?
Would I be better off running OpenVPN or should I still use expressvpn installed on it?
Thanks for any help offered.

 

[wittaj]

If you goal is to isolate your cameras from the internet, then you need a VPN that does not hide your IP for your porn addiction

The whole point of using a VPN for cameras is to put your device back onto your home IP address range. ExpressVPN does just the opposite and looks like you are in India.

OpenVPN is free. If you are paying for a VPN, that is not the VPN needed to secure your system. In fact it can be the opposite because all your data is being routed who knows where in order to hide your IP address.

 

[sebastiantombs]

ExpressVPN is an outbound VPN designed to hide your surfing. OpenVPN is an inbound VPN designed to secure your network by only allowing authenticated connections from outside to access your network. ExpressVPN does nothing to secure or allow you to protect your network from being hacked by outside source. OpenVPN does exactly that.

 

[Bob Schulz]

I did have an OpenVPN that I installed on a Raspberry Pi. It has been down for quite awhile now and that is one of the reasons I was thinking about the ASUS RT-AX86U or better, running OpenVPN. Would I still need to run ExpressVPN on my PCs to hide my illicit activities?

 

[cyberwolf_uk]

I did have an OpenVPN that I installed on a Raspberry Pi. It has been down for quite awhile now and that is one of the reasons I was thinking about the ASUS RT-AX86U or better, running OpenVPN. Would I still need to run ExpressVPN on my PCs to hide my illicit activities?

I'm a big fan of running your VPN and the front door...i.e. your router / modem... As for you access to PornHub, you will still need to have ExpressVPN running to hide your IP address from them