I googled and read a lot but could not find an answer to my question(s). I just got recently into network stuff so my knowledge is not that big.
I want to make my home network available from outside via VPN to e.g. access my NAS. I also want to send traffic from e.g. my mobile phone via VPN over my home router because of encryption (when in open wifi) and also to utilize my pihole in my home network.
Now there are two possibilities. Let the router be the VPN server to connect to or install a separate VPN server on another device inside my home network. For latter I think I have to open a port in the router and forward it to the server.
I think I also need to use DDNS in both cases then because of the changing IPs.
Questions:
Does activating the VPN server utility of the router + DDNS increase the risk of being attacked (and how much) and decrease the safty of my network?
Which of the two ways mentioned above is the safer one in terms of getting attacked from outside?
I hope I made my point clear and give enough infos.
Thanks in advance.
Be mindful of what ports are open (don’t open too much), use certificates to verify your VPN profiles and avoid password only based VPN configurations, and know that if a VPN Profile is stolen from you without your knowledge, the thief has access to your entire LAN.
What might be a great option for both learning and to have an exceptional router is to set up Pfsense (a routing OS that also can handle a VPN) on old hardware or a really popular choice is buying a Dell R210ii for ~$130 off of eBay. While more expensive than a pi it will handle routing for your entire network, be a great learning experience, and allow many more options in the future for a homelab.
I think at first I will work with what I currently have at my disposal (hardware). But maybe thats a good tip for the future.
Pfsense I will take a look at.
No problem. Pfsense does not take a lot so likely you could grab an extra Ethernet card throw it in an old system and be good to go. Ppl like the r210ii as they are cheap and sipp power which adds up quickly in a home lab. Best of luck!
OK, so this seems to fall under the category of “trying to be everything to everyone”. There’s no mention on the manufacturer’s website about what kind of processor it has or how much memory is installed, but I’m going to go with the assumption that it’s “shitty” and “not enough”.
That said, if you want to give it a shot, I’d say setup the VPN at home on the router first, then if it’s not up to snuff, then look at something a bit beefier. You’re running on DSL, so your performance is going to be pretty poor compared to a fiber connection, regardless.
Thanks… read and watched some stuff on networking to understand the fundamentals and then I like to read trought multiple opinions and options to evaluate the best thing for my usecase to start with.
My NAS is custom build with freenas as OS. It has a pentium dual core and 8gb ram.
NAS access is not the only primary purpose. I also want to route my mobile traffic via my home the utilize my pihole and the vpn encryption. Its multipurpose.
Thanks for the additional info. I will keep that in mind and will look up more info on those points.
thats the only windows client i know of for wireguard so yea. Nothing will ever be totally secure but wireguard is very secure compare to other vpn protocols but its also very fast
