Singapore Expats Forum

Any VPN experts here ???

Discuss about computers & Internet. Including mobile phones, home appliances & other gadgets. Read about Windows security risks or virus updates.
Bigjohn32819
Regular
Regular
Posts: 52
Joined: Wed, 23 Mar 2016

Any VPN experts here ???

Postby Bigjohn32819 » Wed, 25 May 2016 12:21 pm

Hi,

Here's what I would ideally like to do ---

I would like to force all outgoing connections from my home through a VPN. I understand that my access will most probably slow down but I accept that downside.

I believe there is some hardware available that will sit between my incoming fibre box and the router to do this job.

Can anyone advise? Or point me in the right direction?

Thanks in advance.

- John

User avatar
ecureilx
Immortal
Immortal
Posts: 9808
Joined: Fri, 20 Aug 2010

Re: RE: Any VPN experts here ???

Postby ecureilx » Wed, 25 May 2016 1:52 pm

Bigjohn32819 wrote:Hi,

Here's what I would ideally like to do ---

I would like to force all outgoing connections from my home through a VPN. I understand that my access will most probably slow down but I accept that downside.

I believe there is some hardware available that will sit between my incoming fibre box and the router to do this job.

Can anyone advise? Or point me in the right direction?

Thanks in advance.

- John

Low end firewall appliances like sonic wall or fortigate can accomplish that, forcing all traffic via secure network.

What router are you using ?

Do some search to see if it's really worthwhile.

Bigjohn32819
Regular
Regular
Posts: 52
Joined: Wed, 23 Mar 2016

Re: RE: Any VPN experts here ???

Postby Bigjohn32819 » Wed, 25 May 2016 6:52 pm

ecureilx wrote:Low end firewall appliances like sonic wall or fortigate can accomplish that, forcing all traffic via secure network.

What router are you using ?

Do some search to see if it's really worthwhile.


the router is zhone ... as supplied by viewquest ...

the online search seems to only throw up results pertaining to creating vpn on individual computers ... which isn't what i'm looking for ...

thanks for your input mate.

User avatar
ecureilx
Immortal
Immortal
Posts: 9808
Joined: Fri, 20 Aug 2010

Re: RE: Any VPN experts here ???

Postby ecureilx » Wed, 25 May 2016 6:55 pm

Bigjohn32819 wrote:
ecureilx wrote:Low end firewall appliances like sonic wall or fortigate can accomplish that, forcing all traffic via secure network.

What router are you using ?

Do some search to see if it's really worthwhile.


the router is zhone ... as supplied by viewquest ...

the online search seems to only throw up results pertaining to creating vpn on individual computers ... which isn't what i'm looking for ...

thanks for your input mate.


Is the VPN set up on the ZHONE router ? if so, if you can, set 0.0.0.0 to be routed via VPN :D It should do the trick ?

User avatar
Strong Eagle
Moderator
Moderator
Posts: 10726
Joined: Sat, 10 Jul 2004
Location: Off The Red Dot
Contact:

Re: Any VPN experts here ???

Postby Strong Eagle » Wed, 25 May 2016 9:30 pm

I don't understand what you mean when you say you want to "force all outgoing connections" to run through a VPN. Outgoing to where? Every VPN connection requires a server to make the VPN connections and a client that requests and processes them. The VPN connection is secure between the VPN server and the VPN client, nowhere else.

So... this works great if you are in a Starbucks with an open connection. Without VPN, you connect to the internet with the Starbucks wifi and if you bring up a banking page, everyone can see it.

So, you fire up your VPN client and make connection with the VPN server. Your data is now tunneled and encrypted. Now, it doesn't matter if Starbucks is open and sniffable... your data is encrypted between the server and the client, and your internet connection to your bank is actually from the VPN server now, which is presumably a more secure, hard wired connection.

So again, I say, "Outgoing to where?" If a website uses http protocol and you access it, there is nothing that you can do to prevent that connection from potentially being sniffed somewhere along the network path.

If you want all your computers to go through VPN when you are not inside your home network, then you must either have a server with VPN services enabled (ie - Windows Server 2012 R2), and operate your PC's and users on a domain with active directory control, or you must have a hardware appliance that supports the same. An example of such a box is the Netgear FVS318 ProSafe VPN/Firewall... http://www.amazon.com/NETGEAR-FVS318-Pr ... B00006B9HC

Or, if you want the cat's meow in firewwall appliances, you'll want to get the Cisco Meraki brand... pricey but very capable and very easy to use. https://www.meraki.com/products/appliances In all these cases, the PC making the connection requires software to make the connection... Windows VPN, Cisco AnyConnect, etc.

The point is, though, that you VPN a VPN client TO a VPN server. For example, employees in my company use our VPN to access the company network when traveling. They use the client's VPN when accessing the client's network. Or, we can really stretch things. The employee uses our VPN to connect to our network, then uses remote desktop (RDP) to access their workstation in the office, then uses the client VPN setup on the workstation to access the client network.

Maybe you can tell me more about what you are trying to achieve?

User avatar
Strong Eagle
Moderator
Moderator
Posts: 10726
Joined: Sat, 10 Jul 2004
Location: Off The Red Dot
Contact:

Re: RE: Any VPN experts here ???

Postby Strong Eagle » Wed, 25 May 2016 9:32 pm

ecureilx wrote:Low end firewall appliances like sonic wall or fortigate can accomplish that, forcing all traffic via secure network.


Secure to where? Every VPN requires a client and a server to make the connection. If the OP wants to make secure inbound connections to his home network then see my other post. But you can't just have a one sided VPN connection.

User avatar
ecureilx
Immortal
Immortal
Posts: 9808
Joined: Fri, 20 Aug 2010

Re: RE: Any VPN experts here ???

Postby ecureilx » Wed, 25 May 2016 9:57 pm

Strong Eagle wrote:
ecureilx wrote:Low end firewall appliances like sonic wall or fortigate can accomplish that, forcing all traffic via secure network.


Secure to where? Every VPN requires a client and a server to make the connection. If the OP wants to make secure inbound connections to his home network then see my other post. But you can't just have a one sided VPN connection.


He just wants to route everything to whatever VPN the Fibre provider does.

I left it with my suggestion as I don't have time to go after his requirements :)

I have done such VPN set ups, for clients in SG who want all internet to go via their HQ network in US or Europe. Route 0.0.0.0 to secure network, and secure network would be the remote server. Provided, "PROVIDED" the remote side routes all of 0.0.0.0 via the remote gateway.

In theory and practice, it's possible, but with Fibre, no, I don't know yet.

User avatar
x9200
Moderator
Moderator
Posts: 9294
Joined: Mon, 07 Sep 2009
Location: Singapore

Re: Any VPN experts here ???

Postby x9200 » Wed, 25 May 2016 10:09 pm

Bigjohn32819 wrote:Hi,

Here's what I would ideally like to do ---

I would like to force all outgoing connections from my home through a VPN. I understand that my access will most probably slow down but I accept that downside.

I believe there is some hardware available that will sit between my incoming fibre box and the router to do this job.

Can anyone advise? Or point me in the right direction?

Thanks in advance.

- John

I am not sure if you will manage to find such router and the reason I think so, is, you need a pair client server. Although there are some standardised protocols I believe, normally the server needs a match with dedicated client so you would need a specific client software (or proprietary protocol) on your router to connect to a specific VPN server. Normally people are pretty happy using software clients without channeling the whole traffic via the VPN link what combined with the client-server matchmaking gives rather limited market.

Having said that, if you are sufficiently skilled and still insist on such solution, I would look if anything is available under openwrt and similar software router platforms. For example, I see no reason why such strategy could be not implemented with a router running the openwrt with an openvpn client and a vpn server running the openvpn server.

User avatar
Strong Eagle
Moderator
Moderator
Posts: 10726
Joined: Sat, 10 Jul 2004
Location: Off The Red Dot
Contact:

Re: RE: Any VPN experts here ???

Postby Strong Eagle » Wed, 25 May 2016 10:09 pm

ecureilx wrote:He just wants to route everything to whatever VPN the Fibre provider does.


Then the OP needs two things.

a) Needs to know the brand, protocol, and type of VPN server the fibre provider is using
b) Needs to find a router with a compatible built in client

The second one won't be so easy. Asus provides routers with clients. Or, the OP can flash a router with DD-WRT and set it up himself. The router then negotiates the VPN connection with the fibre provider.

I really don't see the point, though. This is all hard wired (in this case, at least partly fiber optic) data transmission. One would need to have direct access to connection points... routers, bridges, etc... to be able to intercept the stream, then identify the packets belonging to the OP.

Sure... the NSA has this backdoor capability and the computing power to extract individual data streams... but the average hacker? I don't think so.

Bigjohn32819
Regular
Regular
Posts: 52
Joined: Wed, 23 Mar 2016

Re: RE: Any VPN experts here ???

Postby Bigjohn32819 » Thu, 26 May 2016 8:17 am

ecureilx wrote:Is the VPN set up on the ZHONE router ? if so, if you can, set 0.0.0.0 to be routed via VPN :D It should do the trick ?


i honestly do not know enough about it but if i recall correctly, this router doesn't have that feature.

Bigjohn32819
Regular
Regular
Posts: 52
Joined: Wed, 23 Mar 2016

Re: Any VPN experts here ???

Postby Bigjohn32819 » Thu, 26 May 2016 8:20 am

Strong Eagle wrote:I don't understand what you mean when you say you want to "force all outgoing connections" to run through a VPN. Outgoing to where? Every VPN connection requires a server to make the VPN connections and a client that requests and processes them. The VPN connection is secure between the VPN server and the VPN client, nowhere else.

So... this works great if you are in a Starbucks with an open connection. Without VPN, you connect to the internet with the Starbucks wifi and if you bring up a banking page, everyone can see it.

So, you fire up your VPN client and make connection with the VPN server. Your data is now tunneled and encrypted. Now, it doesn't matter if Starbucks is open and sniffable... your data is encrypted between the server and the client, and your internet connection to your bank is actually from the VPN server now, which is presumably a more secure, hard wired connection.

So again, I say, "Outgoing to where?" If a website uses http protocol and you access it, there is nothing that you can do to prevent that connection from potentially being sniffed somewhere along the network path.

If you want all your computers to go through VPN when you are not inside your home network, then you must either have a server with VPN services enabled (ie - Windows Server 2012 R2), and operate your PC's and users on a domain with active directory control, or you must have a hardware appliance that supports the same. An example of such a box is the Netgear FVS318 ProSafe VPN/Firewall... http://www.amazon.com/NETGEAR-FVS318-Pr ... B00006B9HC

Or, if you want the cat's meow in firewwall appliances, you'll want to get the Cisco Meraki brand... pricey but very capable and very easy to use. https://www.meraki.com/products/appliances In all these cases, the PC making the connection requires software to make the connection... Windows VPN, Cisco AnyConnect, etc.

The point is, though, that you VPN a VPN client TO a VPN server. For example, employees in my company use our VPN to access the company network when traveling. They use the client's VPN when accessing the client's network. Or, we can really stretch things. The employee uses our VPN to connect to our network, then uses remote desktop (RDP) to access their workstation in the office, then uses the client VPN setup on the workstation to access the client network.

Maybe you can tell me more about what you are trying to achieve?


to prevent local sniffing ... :D

so create a tunnel between my connection and say a server in the US or wherever ...

so effectively have a US IP address ...

hope this is clearer

Bigjohn32819
Regular
Regular
Posts: 52
Joined: Wed, 23 Mar 2016

Re: Any VPN experts here ???

Postby Bigjohn32819 » Thu, 26 May 2016 8:23 am

x9200 wrote:Having said that, if you are sufficiently skilled and still insist on such solution, I would look if anything is available under openwrt and similar software router platforms. For example, I see no reason why such strategy could be not implemented with a router running the openwrt with an openvpn client and a vpn server running the openvpn server.


i've heard and read of this and am trying to understand it more since it appears to do what i want since all traffic will go through it.

User avatar
Strong Eagle
Moderator
Moderator
Posts: 10726
Joined: Sat, 10 Jul 2004
Location: Off The Red Dot
Contact:

Re: Any VPN experts here ???

Postby Strong Eagle » Thu, 26 May 2016 9:05 am

Bigjohn32819 wrote:to prevent local sniffing ... :D

so create a tunnel between my connection and say a server in the US or wherever ...

so effectively have a US IP address ...

hope this is clearer


Again, it's very difficult to sniff a hard wired connection, from your house to anywhere. Companies insist on VPN connections not because they are concerned about a hard wired connection being breached but because they cannot guarantee that a remote PC doesn't have an open wireless connection.

Unless you are paying hard money for a VPN service, it's hard to tell what the dodgy buggers at the free services are doing with your connection and your supposedly secure data.

More and more companies (aka Netflix) are onto the VPN thing and are now blocking access.

And, of course, you are totally reliant upon your VPN provider's bandwidth.

If you Google 'router VPN client' there is lots of information on creating one.

Bigjohn32819
Regular
Regular
Posts: 52
Joined: Wed, 23 Mar 2016

Re: Any VPN experts here ???

Postby Bigjohn32819 » Thu, 26 May 2016 10:08 am

Strong Eagle wrote:
Bigjohn32819 wrote:to prevent local sniffing ... :D

so create a tunnel between my connection and say a server in the US or wherever ...

so effectively have a US IP address ...

hope this is clearer


Again, it's very difficult to sniff a hard wired connection, from your house to anywhere. Companies insist on VPN connections not because they are concerned about a hard wired connection being breached but because they cannot guarantee that a remote PC doesn't have an open wireless connection.

Unless you are paying hard money for a VPN service, it's hard to tell what the dodgy buggers at the free services are doing with your connection and your supposedly secure data.

More and more companies (aka Netflix) are onto the VPN thing and are now blocking access.

And, of course, you are totally reliant upon your VPN provider's bandwidth.

If you Google 'router VPN client' there is lots of information on creating one.


thanks for this ... appreciate it ...

User avatar
x9200
Moderator
Moderator
Posts: 9294
Joined: Mon, 07 Sep 2009
Location: Singapore

Re: Any VPN experts here ???

Postby x9200 » Thu, 26 May 2016 10:43 am

Strong Eagle wrote:
Bigjohn32819 wrote:to prevent local sniffing ... :D

so create a tunnel between my connection and say a server in the US or wherever ...

so effectively have a US IP address ...

hope this is clearer


Again, it's very difficult to sniff a hard wired connection, from your house to anywhere.

Unless the sniffer is a gov agency.


  • Similar Topics
    Replies
    Views
    Last post

Return to “Computer, Internet, Phone & Electronics”

Who is online

Users browsing this forum: No registered users and 1 guest