Low end firewall appliances like sonic wall or fortigate can accomplish that, forcing all traffic via secure network.Bigjohn32819 wrote:Hi,
Here's what I would ideally like to do ---
I would like to force all outgoing connections from my home through a VPN. I understand that my access will most probably slow down but I accept that downside.
I believe there is some hardware available that will sit between my incoming fibre box and the router to do this job.
Can anyone advise? Or point me in the right direction?
Thanks in advance.
- John
the router is zhone ... as supplied by viewquest ...ecureilx wrote:Low end firewall appliances like sonic wall or fortigate can accomplish that, forcing all traffic via secure network.
What router are you using ?
Do some search to see if it's really worthwhile.
Is the VPN set up on the ZHONE router ? if so, if you can, set 0.0.0.0 to be routed via VPN It should do the trick ?Bigjohn32819 wrote:the router is zhone ... as supplied by viewquest ...ecureilx wrote:Low end firewall appliances like sonic wall or fortigate can accomplish that, forcing all traffic via secure network.
What router are you using ?
Do some search to see if it's really worthwhile.
the online search seems to only throw up results pertaining to creating vpn on individual computers ... which isn't what i'm looking for ...
thanks for your input mate.
Secure to where? Every VPN requires a client and a server to make the connection. If the OP wants to make secure inbound connections to his home network then see my other post. But you can't just have a one sided VPN connection.ecureilx wrote:Low end firewall appliances like sonic wall or fortigate can accomplish that, forcing all traffic via secure network.
He just wants to route everything to whatever VPN the Fibre provider does.Strong Eagle wrote:Secure to where? Every VPN requires a client and a server to make the connection. If the OP wants to make secure inbound connections to his home network then see my other post. But you can't just have a one sided VPN connection.ecureilx wrote:Low end firewall appliances like sonic wall or fortigate can accomplish that, forcing all traffic via secure network.
I am not sure if you will manage to find such router and the reason I think so, is, you need a pair client server. Although there are some standardised protocols I believe, normally the server needs a match with dedicated client so you would need a specific client software (or proprietary protocol) on your router to connect to a specific VPN server. Normally people are pretty happy using software clients without channeling the whole traffic via the VPN link what combined with the client-server matchmaking gives rather limited market.Bigjohn32819 wrote:Hi,
Here's what I would ideally like to do ---
I would like to force all outgoing connections from my home through a VPN. I understand that my access will most probably slow down but I accept that downside.
I believe there is some hardware available that will sit between my incoming fibre box and the router to do this job.
Can anyone advise? Or point me in the right direction?
Thanks in advance.
- John
Then the OP needs two things.ecureilx wrote:He just wants to route everything to whatever VPN the Fibre provider does.
i honestly do not know enough about it but if i recall correctly, this router doesn't have that feature.ecureilx wrote:Is the VPN set up on the ZHONE router ? if so, if you can, set 0.0.0.0 to be routed via VPN It should do the trick ?
to prevent local sniffing ...Strong Eagle wrote:I don't understand what you mean when you say you want to "force all outgoing connections" to run through a VPN. Outgoing to where? Every VPN connection requires a server to make the VPN connections and a client that requests and processes them. The VPN connection is secure between the VPN server and the VPN client, nowhere else.
So... this works great if you are in a Starbucks with an open connection. Without VPN, you connect to the internet with the Starbucks wifi and if you bring up a banking page, everyone can see it.
So, you fire up your VPN client and make connection with the VPN server. Your data is now tunneled and encrypted. Now, it doesn't matter if Starbucks is open and sniffable... your data is encrypted between the server and the client, and your internet connection to your bank is actually from the VPN server now, which is presumably a more secure, hard wired connection.
So again, I say, "Outgoing to where?" If a website uses http protocol and you access it, there is nothing that you can do to prevent that connection from potentially being sniffed somewhere along the network path.
If you want all your computers to go through VPN when you are not inside your home network, then you must either have a server with VPN services enabled (ie - Windows Server 2012 R2), and operate your PC's and users on a domain with active directory control, or you must have a hardware appliance that supports the same. An example of such a box is the Netgear FVS318 ProSafe VPN/Firewall... http://www.amazon.com/NETGEAR-FVS318-Pr ... B00006B9HC
Or, if you want the cat's meow in firewwall appliances, you'll want to get the Cisco Meraki brand... pricey but very capable and very easy to use. https://www.meraki.com/products/appliances In all these cases, the PC making the connection requires software to make the connection... Windows VPN, Cisco AnyConnect, etc.
The point is, though, that you VPN a VPN client TO a VPN server. For example, employees in my company use our VPN to access the company network when traveling. They use the client's VPN when accessing the client's network. Or, we can really stretch things. The employee uses our VPN to connect to our network, then uses remote desktop (RDP) to access their workstation in the office, then uses the client VPN setup on the workstation to access the client network.
Maybe you can tell me more about what you are trying to achieve?
i've heard and read of this and am trying to understand it more since it appears to do what i want since all traffic will go through it.x9200 wrote:Having said that, if you are sufficiently skilled and still insist on such solution, I would look if anything is available under openwrt and similar software router platforms. For example, I see no reason why such strategy could be not implemented with a router running the openwrt with an openvpn client and a vpn server running the openvpn server.
Again, it's very difficult to sniff a hard wired connection, from your house to anywhere. Companies insist on VPN connections not because they are concerned about a hard wired connection being breached but because they cannot guarantee that a remote PC doesn't have an open wireless connection.Bigjohn32819 wrote:to prevent local sniffing ...
so create a tunnel between my connection and say a server in the US or wherever ...
so effectively have a US IP address ...
hope this is clearer
thanks for this ... appreciate it ...Strong Eagle wrote:Again, it's very difficult to sniff a hard wired connection, from your house to anywhere. Companies insist on VPN connections not because they are concerned about a hard wired connection being breached but because they cannot guarantee that a remote PC doesn't have an open wireless connection.Bigjohn32819 wrote:to prevent local sniffing ...
so create a tunnel between my connection and say a server in the US or wherever ...
so effectively have a US IP address ...
hope this is clearer
Unless you are paying hard money for a VPN service, it's hard to tell what the dodgy buggers at the free services are doing with your connection and your supposedly secure data.
More and more companies (aka Netflix) are onto the VPN thing and are now blocking access.
And, of course, you are totally reliant upon your VPN provider's bandwidth.
If you Google 'router VPN client' there is lots of information on creating one.
Unless the sniffer is a gov agency.Strong Eagle wrote:Again, it's very difficult to sniff a hard wired connection, from your house to anywhere.Bigjohn32819 wrote:to prevent local sniffing ...
so create a tunnel between my connection and say a server in the US or wherever ...
so effectively have a US IP address ...
hope this is clearer
Users browsing this forum: No registered users and 12 guests