iwebslinger

How many of you have vpn to your home network? If you have done this how did you set it up? I have a static ip address. Anything else I need?

SpaceBass

I've been doing it for years...its such a valuable too for privacy security and getting around other people's NAT.

Back in 2000 when I was getting my (now worthless) MCSE I had a windows 2000 server setup at home and I just forwarded the appropriate ports. We eventually graduated to two 2003 DCs, one of which I used for remote access (VPN, etc)...

Around late 2003 I switched to using IPcop FireWall and in 2004 I used its built in VPN with Server 2003's RADIUS server...

All of the above was PPtP VPN and in 2006 I switched to L2TP for greater security. I also switched to PFsense for my firewall. I also have two site-to-site VPNs (OpenVPN) running with the PFsense box (to other PFsense boxes).

Now I'm using OS X server as my backend with PFsense forwarding the L2TP requests.

I recognize that this is pretty much overkill for most people, but it highlights the range of options you have. Just about any linux system can function as either an PPTP or l2tp server. If you want to get some extra functionality you might look at building a PFsense or IPcop box. There are ways to implement a VPN server on windows including OpenVPN which is great (albeit a little complex to setup)... I could have sworn that XP used to include a built in PPTP server, but I can never find the setup anymore.

Others may mention things like hamachi but due to its 3rd party nature and closed source, I just cannot trust it. In my mind if you cannot trust something 100%, then you cannot trust it at all.

There are also consumer level routers from linksys or netgear that support incoming VPN. They are great for accessing network resources, but you cannot use them to send you traffic through the remote gateway. Thats a problem if you intend to use the VPN to surf from public hotspots (hotels, starbucks, etc) or to circumvent firewalls (NAT).

Its also worth noting that not all consumer routers (linksys in particular comes to mind as does dlink) allow you to pass the incoming GRE protocol to a computer behind the router. GRE is critical to PPtP VPN servers.

I'd recommend starting with some research into OpenVPN and then check out IPcop (which, while less robust, is more user friendly than PFsense). Another very simple option is to use SSH. You can google "ssh vpn" for ways to forward all your traffic through a remote SSH server although that doesnt have the same security effect of removing you from a LAN that a well configured VPN does.

cbd_sea

i use openvpn and it has been very useful and reliable. it has a windows gui interface (openvpngui) that i use for my laptops, as well.

it was complicated to setup, and i bought my company's IT admin lunch for debugging a routing problem i was having with it... well worth it.

iwebslinger

Thanks - for the feedback.

I have os x server running in our house right now.

SpaceBass

Your good to go then!
L2TP is a beast to get running but turning PPTP on is a snap (assuming your router will forward GRE packets). I mean...like 1 click of the mouse easy.

CrazyOne

Does running some kind of VPN remote access at home run afoul of typical home internet terms that bar servers? Just wondering if this has been an issue, or if you simply pay more for a connection that expressly allows it, or they (Comcast, Verizon, etc.) don't care?

SpaceBass

I have to be careful to separate my philosophical belief from what may be the reality here

My philosophical stance is that we should demand unfettered access from ISPs who claim to provide unfettered access. Personally I won't use an ISP that dictates how I can use my connection (with the exception of the provision of adhering to the laws of the land of course).

That being said, I can't imagine that many ISPs would expressly bar VPN servers the way they do web and email servers.

CrazyOne

Hm. Well, guess I'll just have to try it. At my house it's Comcast or nothing so far.

bdjohns1

I recently set up Hamachi to be able to access my home network from the road. It's nice to be able to SSH into my linux box without having to have a permanent port-forwarding rule set up on my firewall that anyone could try to get to me through.

No whining from Comcast yet.

scotty00

Regarding Hamachi, I downloaded it recently but haven't had the chance to use it on the road yet. The main benefit I wanted to get out of it is not networking into my home laptop (when on the road), but for security purposes when using hotel, airport, starbucks, etc internet connections. It would provide that as well, correct?

Separately, as for the networking aspect, as I posted here: http://flyertalk.com/forum/showthread.php?t=701074 I am having an issue wanting to access Lotus Notes (installed on my work laptop) from my personal laptop. Would networking through Hamachi allow me to do this? If so, that would be an acceptable solution as I haven't figured out how to redirect mail coming into my Lotus account to my yahoo or gmail account.

Global_Hi_Flyer

I do use a VPN to the home network.

I have a couple of static IPs on a dsl circuit with no server limitations (I suppose that if you don't send too much traffic, then the ISP won't care even if you have a 'no servers' provision in your agreement).

I've operated a VPn for some time and I use it for a variety of things (including full secure email access... as well as securing the wifi transmissions within the house).

The cost was around $100. I picked up a Netgear router w/VPN endpoint for something like $35 (refurb), and I use client software from The Green Bow. Configuration was not hard at all - Green Bow had detailed instructions.

I've only had two problems...
1) certain hotels and "free wifi" sites block the ports necessary for VPN operation... in other words, their routers are not set to pass VPN. The most obnoxious one is a hotel in which I've stayed 40 nights this year.

2) my endpoint router locked up one time and needed to be rebooted. I suspect heat as the cause, as it sat in a tightly enclosed cabinet on top of an operating server, and next to the furnace room. I moved the server, and haven't had a lick of a problem since.

If you have a server that supports SSH, then you may have a cheaper alternative. What I have works great for me, and allows me a lot of flexibility....

bdjohns1

To the first part - yes, if you have a proxy server of some kind set up on your Hamachi network (ie, a spare PC doing server duty). All Hamachi does is let you securely communicate between a set of computers (your "Hamachi network") - Hamachi itself doesn't provide any proxying service.

To the second part - maybe, assuming your work computer is online and running Hamachi. I don't know Notes.

Global_hi_flyer, Hamachi might work in those situations - it's designed to be able to make connections that are a little more difficult. Unless you're on a connection that's port-80 only, it might do the trick.

SpaceBass

I'm going to be honest...not a huge hamachi fan here....but facts are facts.
Fact is that its easy to use and its good for getting access to a remote machine. Fact is that you have to trust a 3rd party in the process.

Hamachi will not help you much with the security aspect of your question. There are two things at stake there. 1) protecting your traffic from prying eyes on a public hotspot. 2) protecting your laptop from incoming traffic from a public hotspot (by effectively preventing your network card from responding to traffic from the hotspot network). I'm not satisfied that Himachi effectively does either of those things. In the first example, Himachi does not route all of your traffic through the remote endpoint (b/c theres not one, really). It only "securely" routes traffic bound for the other, remote, computer(s) running Himachi. Secondly, it does no protect you from incoming traffic on the same hotspot. (which is done by using a remote VPN 'gateway' as the 'first hop').

The way people get around the first limitation is to use XPs remote desktop or a VNC setup to browse from the remote computer in question.

For people who want protection without a complex setup, look into JanusVM. I have not vetted it well enough to say that its a perfect setup, but it seems very impressive so far....although its slow as heck.

tlc

Some ISPs do actually block VPNs for people who have 'personal' level accts rather than business. A lot of cable companies seem to be culprits. They consider it a 'business only' application.

We have one for home. Bought a Cisco router from a friend and paid in dinner to have it set up. But then hubby and I both work for a rather well known security company so it's pretty necessary.

coxta

I use a checkpoint sofaware box. It allows me to use securemote to authenticate and then I use RDP to XP or Win 2003. I've also used VNC in the past. I've used port forwarding too with RDP, but it's advisable to redefine the port numbers on the Windows boxes. I've got a cisco box lying around somewhere, but I've always been pleased with the security that Checkpoint offers.