Access Home Network Remotely Having Recently Purchased a VPN

[frankie4fingers]

I am hoping someone can help answer a query I have having just purchased Torguard as a VPN provider (probably simple questions being asked but this is the first time with a VPN from a provider).

I have an AC66U router that is running Merlin's firmware and at the moment I have not set up Torguard. I plan to set up Torguard to run at the router so that all traffic goes via the VPN.

Right now my router is setup as an OpenVPN server and I have an OpenVPN client installed on my Nexus 5 to allow me to connect in to my network and access my NAS and other bits and pieces at home. I also allow for a couple of family members to access remotely via Openvpn as well to be able to grab family photos at times. This works well and there are no access issues.

I have installed the Torguard app on my Nexus 5 and setup a tunnel to various servers around the world and that works well.

What I am trying to understand is the following:

1. Once I have a tunnel set up to Torguard I cannot then have a second VPN connection established to my home network to access how I have done to date. How do I get access to my network using Openvpn when I already have a tunnel flowing through Torguard - Is this even possible? If it isn't then how do I ensure the most secure connection to my home network?
   
   
2. Once I setup my router to have all traffic flowing through Torguard how does that impact point 1 (if it impacts at all)?
   
   
3. When I have the router setup to flow all traffic through Torguard how do I change the Torguard server so that I can P2P if required (not often as most things I require are on Usenet).
   

Any pointers from the gurus out there would be welcomed.

Thanks

 

[System Error Message]

To secure your home network just stop using Tor. That thing is littered with governments and spies

If you want remote access to your home network use a VPN like L2TP/IPSEC or OpenVPN. By having your router as a VPN server you will need to bridge VPN to your LAN which is much easier than using a VPN provider because the speeds are limited by your router and internet line although if you dont have a fast router and want wirespeed VPN you will be looking at a VPN provider or a much better router.

 

[frankie4fingers]

A touch confused by the response, you mention Tor. Are you talking the Tor network there? Or Torguard as a VPN provider?

I chose Torguard as my VPN provider as they do not keep logs of users or their activity. That was backed up by various reviews by Torrentfreak over the last 2 - 3 years.

 

[Calisro]

1) yes its possible. You should be able to have the router vpn client doing policy routing for clients through torguard.
2) There shouldn't be any impact. Your vpn server is seperate from the client.
3) I don't understand this question. The torguard server isn't something you control. That is what you paid the provider for.

 

[frankie4fingers]

1) yes its possible. You should be able to have the router vpn client doing policy routing for clients through torguard.
2) There shouldn't be any impact. Your vpn server is seperate from the client.
3) I don't understand this question. The torguard server isn't something you control. That is what you paid the provider for.

Thanks for the reply.

Point 3 refers to the VPN provider having a large number of servers deployed across the globe. Some servers are not configured to allow for P2P while a number are (typically those located in countries that still allow for P2P). So on a day to day basis I would look to have my router connecting to the Australia servers as that is where I live. However, when I may need to grab something and utilise P2P I don't know who I change the router to connect to a server in a P2P friendly country.

Point 1 - Any guides on how I achieve this (bit green to all this so any nudge in the right direction would be great.)

 

[Calisro]

For changing the server, you would just logon to the GUI and change the server. Alternatively, you use 2 vpn clients and switch between the two. Did you want to do it some other way?


for 1, I believe it is in the readme
http://www.snbforums.com/threads/openvpn-policy-routing-guide.24384/

 

[frankie4fingers]

For changing the server, you would just logon to the GUI and change the server. Alternatively, you use 2 vpn clients and switch between the two. Did you want to do it some other way?


for 1, I believe it is in the readme
http://www.snbforums.com/threads/openvpn-policy-routing-guide.24384/

I am not fussed either way how to achieve switching between servers, I wasn't sure exactly how the best way to do it was. Is there a benefit of doing 2 VPN clients over just changing the server via the GUI?

Thanks for the link as well, I will have a look at that and try to get my head around it.

 

[Calisro]

I am not fussed either way how to achieve switching between servers, I wasn't sure exactly how the best way to do it was. Is there a benefit of doing 2 VPN clients over just changing the server via the GUI

I personally don't like logging into the router. I run 2 vpn clients with different server addresses. I enable policy based routing and I then change the ip address on my device which switches the vpn i use so that i can control if i use my vpn and which one i use just by changing my ip address.

 

[sfx2000]

To secure your home network just stop using Tor. That thing is littered with governments and spies

TorGuard is perhaps mis-named - has nothing to do with Tor (The Onion Router) - it's a basic VPN provider - which has security concerns of it's own (who owns the VPN server???)

 

[System Error Message]

As long as Torguard isnt a VPN that uses TOR than it should be fine.
When you use a VPN you have a choice of bridging or segmenting it. Segmenting it means using layer 3 routing whereas bridging will allow layer 2 to be passed but requires IGMP to be set up. Either method you use as long as your router is on the same network as your remote client you can remotely login to your router if you set the VPN interface as LAN on your router. It is much easier to login to your router if you used your router as the VPN server and you connected remotely.

 

[sfx2000]

1) yes its possible. You should be able to have the router vpn client doing policy routing for clients through torguard.
2) There shouldn't be any impact. Your vpn server is seperate from the client.
3) I don't understand this question. The torguard server isn't something you control. That is what you paid the provider for.

I hope all realize VPN's cut both ways - I would never put VPN on a router/AP - that's just a lot of trust that most shouldn't have to worry about..

 

[Calisro]

I hope all realize VPN's cut both ways - I would never put VPN on a router/AP - that's just a lot of trust that most shouldn't have to worry about..

Yes, this is a point that most are unaware. I'm actually surprised routers don't have an option to firewall the openvpn client/server in the gui but I suppose then they'd need even nore screens to manage forwards. People should be firewalling vpn providers (client or server) if they are untrusted.. Its a good point to make.

EDIT: it actually does have a firewall option in the gui. I've been setting up my own on top of that. guess that isnt neccessary.

 

[sfx2000]

Yes, this is a point that most are unaware. I'm actually surprised routers don't have an option to firewall the openvpn client/server in the gui but I suppose then they'd need even nore screens to manage forwards. People should be firewalling vpn providers (client or server) if they are untrusted.. Its a good point to make.

It's odd - depends on implementation, but many can translate and jump the NAT and SPI firewall - perhaps even a situation that a device in the DMZ - to be honest, VPN on the router just scares the heck out of me from a security perspective - one should always to a VPN connection from a single client, and not open the network...

And then, does one really know what's on the other end of the VPN - if not, one should consider the risks - if you don't own that end-point - that end-point could own you - and it might be blackhats or 3-letter agencies - irregardless of marketing speak - as blackhat and TLA's want you to _trust_ them..