Dubai Stu

I'm looking at an appliance for OpenVPN access to my home network and for confidential surfing. As more and more services are blocking public VPNs, I'd like to just tunnel through my own system.

By the way, I moved back to the US a long time ago. Despite my handle, I'm not interested in piping in the UAE's censored (though far less than before) internet into other locations.

gfunkdave

If you enjoy a little tinkering, you can get an Asus router (I recommend the RT-N66u - I don't care about AC wireless, personally) and put Tomato on it. I use it for OpenVPN all the time. I also maintain a site-to-site VPN between my parents' house, office, and my house.

slowmail

I have a QNAP NAS that acts as a OpenVPN server at home for me. It pretty much worked out of the box for me.

I also have a Asus RT-66U routher with Shibby Tomato firmware setup as a PPTP server. The NAS is also able to simultaneously run as a PPTP server, but I felt it was better to have a server on a second device as a backup instead in case the NAS falls over (it hasn't yet however; but I'm gone for long periods of time, and it would allow me the ability to reset the NAS as well as issue Wake-on-Lan packets to it via the router only, if ever required).

The router is also able to run as an OpenVPN server - but I found the NAS performance and throughput to be better than the router, hence stuck with it.

Dubai Stu

I have a dual NIC QNAP NAS but wasn't able to get the VPN to connect to my home (or outside network). I could VPN into the NAS just fine and access the files on it, but I couldn't get it to relay/bind with the other network connection.

I looked on the QNAP forum and saw others complaining about the same lack of this feature and assume it wasn't possible (absent serious hacking of the device). If I'm wrong, please let me know. One less device is always better.

chx1975

I find setting up VPN an absolute nightmare and use OpenSSH (built in SOCKS proxy) + redsocks instead (or sshuttle). You can set your SSHD to port 443 for something that's never blocked. If you need HTTPS too then use SSLH. Both OpenSSHD and SSLH are readily available for OpenWRT. (And QNAP http://wiki.qnap.com/wiki/Replace_ssh too)

slowmail

While my QNAP NAS has dual NICs, I'm effectively only using one Ethernet port on it, because I don't see how it makes any difference in my small home setup (just 1 router only, and a few PCs).

My QNAP OpenVPN settings page looks like this:


I believe, the VPN client IP pool must *not* be in the same subnet as the LAN IP pool (eg: Lan is 192.168.1.xxx; VPN is 10.18.0.xxx).

My .ovpn config file to connect to my home VPN looks like this:
credentials.txt is a simple text file with the username on the first line, and password on the second, kept in the same directory as the .opvn file.

And of course, my router has the correct port forwarding to the NAS internal ip address.

When I'm out and about, I can VPN home, and access the files on my NAS, as well as surf the net and do everything else normally. whatismyip.com shows my ip address as coming from my home system.

I don't remember right now, but it may not be possible to connect to the VPN while you are connected on your internal network at home... (eg: if you're at home, and connected to the internet by your home router).

Edited to add: I believe what they would like to do, is have incoming OpenVPN connections on ETH1, and 'outgoing' OpenVPN traffic on ETH2. I'm guessing if you could set this up, it might give you slightly better performance; but on the whole, I didn't care to make that happen, as I believe my main bottlenecks were the speed of my home internet connection, and my router itself...

Dubai Stu

Thanks. I will look at my config and see what I am doing differently. I tested the configuration with a cellular modem to avoid the problem of VPNing on the same network. I mentioned the dual NICs only for VPN reasons.

elCheapoDeluxe

Other than appliance vs PC, is there any particular advantage to open VPN versus using the PPTP server built into recent versions (<15yr) of windows?

Never mind. Answered my own question. Looks like there are some hoops to jump through to avoid vulnerabilities in MS-CHAP v2. However, if you VPN into something like a free-level Amazon EC2 server just for internet access from behind the great firewall... then I guess who really cares.

HDQDD

I use DD-WRT on a Linksys e4200 to route (some of) my traffic out of the US. Works great.

Boo_Radley

It's worth noting that the RT-N66U comes with an OpenVPN server out of the box. I considered putting DD-WRT or Tomato on mine, but the stock firmware did the job for me, so I left it alone.

nkedel

I pay a little bit each month for a VPS to host my web page and some personal backups. Having that anyway, I just run an OpenVPN server there -- pretty easy install on CentOS.

There's a PPTP server and not just a client in desktop versions of Windows?

My experience setting up the Linux PPTP daemon was that it was a pain in the neck to set up, and my home router didn't really pass everything it needed on incoming connections. SSL-based VPN which just needed a single port was easier.

Once running a free-level EC2 server, OpenVPN is pretty easy. Bunch of steps, but pretty much just "follow the instructions."

elCheapoDeluxe

Yes. Can't speak for "home" versions because I can't remember the last time I owned one - but certainly in XP pro, Win 7 pro, Win 8 pro. Go to your network adapters window, go to the file menu (press alt-F in Win 8 to display) and select "new incoming connection". Just need to allow the PPTP port through your firewall as applicable after that.

nkedel

Good to know. I've generally only had a Linux machine up 24/7, but that sounds much easier than the Linux version pre-OpenVPN.

docbert

If you want to go mid-ground, have a look at the ASUSWrt-Merlin firmware. It's a modified version of the default ASUS firmware that gives some additional functionality without going to full DD-WRT.

If you want to make your head hurt, consider this...

ASUSWrt-Merlin is an open-source product, which is based on a commercial product (ASUS standard firmware) which is based on an open source product (Tomato) which is based on a commercial product (Linksys firmware), which is based on an open source product (Linux).

unmesh

I'm intrigued enough to try this out! Where would I find these instructions?