All things in good time. I don't want to go further astray or risk the wrath of anyone on the forum by doing so. You deserve a starting point, but private posting is considered bad form, and everyone is swamped with their projects. You need to search for a trusted, quality local professional who is able to personally offer you an bottom line estimate of how to secure your machines on your LAN, using what you have, and free, firewall clients with a user friendly interface. It can be done with the Windows firewall, but most people don't care for the interface. I assume you don't or can't afford for more than what a technically proficient local person can provide you in an hour or two to set up firewalls on all of your systems, while at your home; not over the internet. It really shouldn't take more than that.
Softether is a secure server/client that can utilize multiple protocols to securely 'tunnel' traffic from one point (your home) to another point, ie, to your Lumia. Similar to a VPN provider, softether helps protect your traffic in certain ways, but doesn't protect the machine, that are sitting in your home, protected only by the NAT firewall in your router router. When you're away and log into a commercial (cafe) or public WiFi access point, such as the public library might provide, you[re at a risk that you may learn isn't acceptable after you learn what you're really up against. I have a good idea that the local library can't afford the kind of security I'd have to have for my data. The governent(s) monitors all public library traffic, who almost never erases any of your access time, their logs, patron logins or your browsing history. They have to meet these arbitrary guidelines since they're existing on federal funds. Most private donations have drastically plummeted in recent years, so if they want to serve the public, they had to adjust and go where the funding was. I won't touch cafe/motel/library, etc access. If you do, you're surrendering everything on your machines, on the hope, 'what could possibly go wrong/happen? In that case, you're at the mercy of and totally dependant on the amount of whatever security is/isn't rovided by the unknown owner/operator/provider of the WiFi you access, not to mention the unknown ISP that WiFi connects to. Most commercial businesses have to keep records of all internet records of their users, for insurance purposes and under various federal statutes, including SOX. If you don't want to have your phones hacked, shut off the WiFi when you go shopping at a big-box store this holiday season, or when you take your wife out for dinner at the local restaurant. If your phone runs on ATT's network, that's the most untrustworthy telecom on the N. American continent. They get to legally lie to all of their customers every day, and can't be sued for it; ever. It was written into certain post-911 law. See what EFF.org says. Imagine if you will, thinking no one will bother stopping to stare at you, if you decided it might be fun to cut your front lawn in the buff; how long do you think it will be until the TV news truck, followed by the local law enforcement arrives at your home? I used to joke, 'try streaking in rush-hour traffic and hope no one stares or calls 911' but that analogy is as old as Ray Stevens, still alive in Nashville. None of it's a joke. Softether isn't a firewall. There's a difference and you'll have to learn the basics of NAT before it becomes clear what it is, and isn't. The bare minimum of NAT firewalls are included with consumer grade routers, because people expect it, and it makes them 'feel' protected. It gives everyone a false sense of security but is like a glass jaw when compared to a well-configured software firewall on each machine.
Go here:
https://www.grc.com/x/ne.dll?bh0bkyd2
This is Steve Gibson's site, one of the best, true security experts, who still writes in machine code; look through his site, after you allow his Shield's Up test to scan your connection and router. I'd bet a dime you'll have your eye's opened with the results. If your router only shows 3 ports open, or 'all green/blue' as a result, then pay no attention to the old guy behind the curtain; you're probably in OZ.
You should -always- run a properly configured firewall client with secure rules on every computer behind the router, even the server, unless, you learn and employ something like PfSense firewall/router. If I had to allow any video exit my home, that's the only way I'd it would happen; others say I'm just old and paranoid. Remeber the XFiles...Trust No One, especially online. I'm a nice guy, but just because I think so, don't invite me into your network; I'd refuse since we've never met, not because you aren't deserving. (any bad guys -anywhere- on earth, who are reading this on the forum, are hunting for your public IP address on your ISP as you read this). Remember, there's a sucker born every minute, and was was said many decades prior to the existance of computers and the internet. If you can't find a qualified, trustworthy pro, who will come to your home, to give you a free or low-cost estimate in order to offer you a poor man's proposal for the best minimum you can afford, you'll have to start reading books, and watching some good youtube videos, made by pros who do this for a living. Don't count amusing jokers who talk fast hip-hop, to see how many likes they can generate in a month. There are millions of bad actors out there every moment of the day, trying to find the traffic coming from your public IP. If you don't know what that is, resign yourself to some serious studying.
Even if you paid $300-$500 for the highest-end Asus thats out there, or any other consumer-grade router, and even if you tried to set it up the best way you could mange without outside pro help, simply by reading the guides on the Merlin forum, kids using readily downloadable, standard hacking tools, can scan entire countries in less than 20 seconds; don't take my word for it, the info has existed for many years. Unless you have someone you can trust, to not take advantage of your setup, and who can personally look at your server, router and firewall software, you will have to be your own resident IT 'expert'. Usually, local professionals won't betray a potential customer's trust, but they won't be able to help you unless they look at your network, even a tiny one, to see how best to secure it, within your means. Never-ever trust and and don't extend a remote invitation to anyone to 'look at your computer or desktop' to 'fix it' unless you know for a fact who they are, including someone claiming to be from Microsoft. If you've met with a local pro, and know them personally, you might agree in writing to assign them a one-time sign in to verify something, but it makes me uneasy to suggest it. I don't recommend not using a software firewall, with any Windows OS, including Win7-10. Windows has always been the most hacked OS on the planet, because it's so easy for kids to break in. I always remove remote access from all Windows OS immediately on a new installation, before plugging into the router. Then, firewall, A/V, spyware/malware software is also installed before allowing a Windows machine to be plugged into your router to reach the internet the very first time. It -is- that dangerous; anyone who tells you otherwise, should be suspect.
Anyone who gains access to your set up remotely or in person, including anyone you allow to use your computer on wired or wireless access, can slip in rules to allow them to get inside your LAN and the computers, at any time and place of their choosing. They usually like to do it when you're staring at the screen, and you'll never know they were there. No forks nor scripting will ever exist to secure your router, no firewall rules can be inserted to do so.
The universe of networking, routing and firewalls is so incredibly complicated and deep, you can study for years before being truly adept, much less competent with it. That's the short-short version. If you have a local public library, they likely have these books, if not others; please, read them, or there's Amazon; 1) "Networking, A Beginner's Guide, 6th edition/2014" and 2) Networking for Dummies, (9 books in one). The 'Dummies' guides are a great place to start. You can laugh and learn simultaneously. Start a search, but be prepared to learn how woefully unprotected people really are. If you need further help on this, I'll post a link or two, but I'm confident you'll be able to do this. Good luck.
. Get some rest, and you're welcome.
