Adam Ochonicki on 21 Sep 2012 10:50:52 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] VPN design for home use


I have had a good experience with service from privateinternetaccess.

On Sep 21, 2012, at 1:39 PM, Paul L. Snyder wrote:

> Due to DCAnet's unfortunate exit from the home DSL market, I've just
> switched over to Verizon FiOS. The connection itself is great, fast and
> stable so far. Verzon's ancillary evilness, on the other hand is not so
> comfortable. Their privacy policy says, effectively, that they're building
> a profile of me by inspecting and keeping a record of every single thing I
> do or look at on the Internet. I've also just discovered that they're
> hijacking failed DNS lookups, a heinous practice that I had mistakenly
> thought was throughly discredited in the industry.
> 
> I take my privacy seriously, and this is unacceptable.
> 
> Thus, the time has come to look into a VPN provider. I've been considering
> this for some time, but lack of trust for my new ISP has pushed me over the
> edge. #plug pointed me to this review of several services:
> 
> http://lifehacker.com/5940565
> 
> Does anyone have experience with any of these, or with another provider?
> I'm wondering how speeds are, as well. My FiOS service is 50Mbps/25Mbps,
> and I'm seeing speeds as high as 60/30. While VPN will obviously introduce
> some latency, I would much prefer not to lose throughput.
> 
> Another issue is how to set this up on my home network. Given that I *have*
> a home network, I'd like to do some kind of a gateway setup. Up until now,
> I was running with an old WRT54G on OpenWRT, but the connection from the
> ONT to the router is now coax, so I'm stuck with the provided router unless
> I buy a new one. It also doesn't support VPN in the stock firmware.
> 
> My hardware choices are somewhat limited at the moment, though I'll
> probably look into sorting out something better next year. For the moment,
> though, what I have to work with are the WRT54G, my server box, and the
> Verizon router.
> 
> The server box is pretty straightforward. In my old setup, it had one port
> forwarded from the router, SSH on a non-standard port. It has a running
> tmux session with mutt and irssi that I connect back to from elsewhere. It
> also has an mpd server and an NFS music share for the local network...not
> externally accessible. This isn't ideal...I should really have a DMZ
> setup and split internal/external functions out, but that's for further
> down the road when I'm buying hardware again.
> 
> Option 1: Use the server as a VPN gateway. Add a second gigbit NIC and
> hang a switch off of it; connect all the other wired devices to the switch.
> Set up the server as an OpenVPN gateway to the VPN tunnel.
> 
> Option 2: Try to use the WRT54G as the gateway, directly behind the Verizon
> router. I'm a bit dubious that the CPU can handle the encryption, though,
> and it's likely to kill my speed.
> 
> Option 3: Break down and buy a new router. Is there an affordable home
> router that can actually keep up with OpenVPN on a 50Mbps connection
> (preferably with 802.11n, since both of the above setups are awfully ugly
> from the wifi side of things).
> 
> Most of the VPN providers offer multiple exit points, and I'd like to be
> able to adjust those on the fly, or direct particular types of traffic
> through particular exit nodes. I'd also like to be able to direct some
> traffic to not use the VPN when very low latency is desirable (such as for
> gaming).
> 
> And, as a final wrinkle...once all this is set up, I'd like to be able to
> connect my laptop back to my home network when I'm on the road. That is, I
> want to open up a VPN channel from whatever coffee shop or hotel room I'm
> in back to my home network, and then direct all traffic out through the
> VPN tunnel provider to insulate myself from wifi insecurity as much as
> possible. Some providers do have mobile clients to directly connect
> through their service remotely as well as from home, but that doesn't
> address use cases like being able to access the git repos on my home
> network without exposing more of my internal surface to external access.
> 
> So...any thoughts on the best design for this, or how close I'm likely to
> be able to get to this ideal scenario? And, as mentioned above, reviews of
> particular VPN providers are also appreciated.
> 
> Thanks,
> Paul
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug