Remote access VPN?

[Ozymandyus]

Hey folks, I've used Asuswrt-Merlin for years, but have never dived much into the add-ons. I'm in a situation where I'm likely to be doing a lot of traveling, and want to be able to VPN back in to my home network for security and file access. For any of y'all who are experienced with the available addons (there are a LOT!) would you please be so kind as to recommend something that would enable this functionality?

 

[L&LD]

No additional scripts needed.

Simply enable the OpenVPN Server (I would enable both servers) and export the file to download to your device(s).

 

[martinr]

As L&LD says, the OpenVPN server on the router GUI is ideal and not too difficult to set up. You’ll also need to set up a DDNS address (inside the WAN page). The asuscomm.com DDNS is effortless to set up. Others will advise using a third-party DDNS, but I’ve used the Asus DDNS for years. It’s so easy to set up, that you’ll feel you must have missed something. I’d certainly get started with Asus and then, when you have everything working, you could then use a third-party DDNS, which I’m sure you’ll find considerably more fiddly to set up. If you get OpenVPN server working first time, very well done, but there’s no point in making life difficult by adding the variable of third-party DDNS at the same time.

 

[bbunge]

Two simpler options are Instantguard and Wireguard. Easier to set up than OpenVPN and work just as well. I use them both on Android devices and Wireguard on the laptops.

 

[elorimer]

Many moons ago I wrote up my notes: https://www.snbforums.com/threads/vpn-instructions-for-a-newbie.59478/post-523302

It's way more complicated than necessary but I look at it from time to time to remind me what various settings do.

 

[Ozymandyus]

Thanks a lot, folks! Looks like several good options here, I'll look through the materials you've referenced and try a few myself. Appreciate the responses.

 

[Viktor Jaep]

Not to totally diss our router's VPN/Wireguard capabilities, but for many years, I've just been using Teamviewer to remote back into my home environment while remote. It's fast, lean, secure, uses MFA... used to be free, but now it's a small cost/year, but still well-worth the hassle-free way of being able to connect to our remote computers inside our firewall, and utilize any internal services, DNS, VPN, etc... to get back out to the internet.

 

[L&LD]

I always regard Teamviewer as malware. Uninstall it asap!

 

[Viktor Jaep]

I always regard Teamviewer as malware. Uninstall it asap!

Well, I think it's better than having port 3389 open on your firewall to use Remote Desktop!

 

[Ozymandyus]

Not to totally diss our router's VPN/Wireguard capabilities, but for many years, I've just been using Teamviewer to remote back into my home environment while remote. It's fast, lean, secure, uses MFA... used to be free, but now it's a small cost/year, but still well-worth the hassle-free way of being able to connect to our remote computers inside our firewall, and utilize any internal services, DNS, VPN, etc... to get back out to the internet.

I've used TeamViewer before, it is a good tool for machine to machine access. Thanks for the tip!

 

[martinr]

My brother won’t like me saying this, but Teamviewer sponsors Manchester United, the very embodiment of malware; what more is there to say?

 

[Ozymandyus]

Cheers gents, I followed through with your recommendations and am pleased to report that I have everything up and running with minimal fuss. Special thanks to @elorimer for the detailed guide, I followed the suggestion of setting up the two servers with different ports/protocols so as to provide options in the event that one or the other wasn't working for some reason.

 

[elorimer]

Well, I think it's better than having port 3389 open on your firewall to use Remote Desktop!

Not the right way to do it. Set up an Openvpn user for RDP, connect to the router with it, have the router WOL the machine you will RDP into, and then open the RDP connection. Sleep the machine when you are done.

 

[Viktor Jaep]

Not the right way to do it. Set up an Openvpn user for RDP, connect to the router with it, have the router WOL the machine you will RDP into, and then open the RDP connection. Sleep the machine when you are done.

It was a tongue-in-cheek response, @elorimer lol But nah... I'll just stick with TeamViewer. It hasn't failed me yet in the many years I've used it.

 

[L&LD]

Why Cybersecurity Experts Hate TeamViewer, the Software Used to Tamper With Florida Water Supply

A hacker tried to poison the water supply of a town in Florida using TeamViewer. How common is the software in critical infrastructure and is it a good idea to use it?

www.vice.com

 

[Viktor Jaep]

Why Cybersecurity Experts Hate TeamViewer, the Software Used to Tamper With Florida Water Supply

A hacker tried to poison the water supply of a town in Florida using TeamViewer. How common is the software in critical infrastructure and is it a good idea to use it?

www.vice.com

Believe it or not, but that story is false. It actually never happened. See article below. It's crazy that this story continues to persist even years later. A great example of how media stories like this are never retracted when discovered they are in error.

Cyberattack on Oldsmar’s water supply never happened, official says

Al Braithwaite, the city manager at the time of a 2021 incident that made national news, said early conclusions about an alleged poisoning attempt were wrong.

www.tampabay.com

I would agree in theory... if you have a weak, commonly shared password to use a remote access tool at a critical infrastructure location like this, then you shouldn't be using it. Using unique, strong, random 16+char passwords with MFA is the way to go. Teamviewer is still safe.

 

[L&LD]

I don't see that it didn't happen.

 

[Viktor Jaep]

I don't see that it didn't happen.

"He described the so-called cyberattack as a “nonevent” likely caused by an error by “the same employee that was purported to be a hero for catching it.... After a four-month investigation, he said, “the FBI conclusion was, it didn’t happen.”

 

[L&LD]

Yes, I read that too.

But the FBI doesn't investigate a non-event for 4 months and doesn't state what they found either.

This happened.

 

[Viktor Jaep]

Yes, I read that too.

But the FBI doesn't investigate a non-event for 4 months and doesn't state what they found either.

You think FBI investigations with serious allegations like these go quicker than 4 months? This was literally one of the highest profile attacks on a public utility ever in the US. 4 months seems short! And they aren't allowed to state what they found when there's an active investigation going... and as of 2023, they had not closed it yet.

This happened.

Uhm. No.

Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not.

Statements from the FBI and former Oldsmar city manager indicate what happened at the plant may not have been the work of an outside hacker.

cyberscoop.com

In a statement to CyberScoop, the FBI said that “through the course of the investigation the FBI was not able to confirm that this incident was initiated by a targeted cyber intrusion of Oldsmar.”

"Early reports, including statements from the Sheriff Gualtieri, said that the remote access tool TeamViewer could have been the initial access point, but this was never confirmed."