How to make a homemade VPN

[Almighty_Denny]

How can I setup a homemade VPN? Are there any good and detailed tutorials about this?

Also, would a Core i3 2120 with 4GB RAM system and a TP-Link home router be enough to mount a VPN server?
And what would be the benefits for security and privacy? (specially comparing to paid commercial VPN services(

 

[Klueless]

I should know better than to take a stab at this.

So you're on your home network and connect to naughty.com

• Your wife has the potential to see what you're doing
• Your ISP (Internet Service Provider) has the potential to see what you're doing.

So you subscribe to a VPN service (and load the appropriate VPN client software onto your computer).

• Your wife can't see you.
• Your ISP can't see you.
• Your VPN has the potential to see what you're doing.

So you make your Router a VPN Server

• Your wife can still see you.
• Your ISP can still see you.
• But, if you have your laptop at the coffee shop and you connect to your Router/VPN Server
  • Nobody at the coffee shop can see you.

I'm sure this was no help : -)

 

[Almighty_Denny]

Well, it helped more than you may think, lol

Although I don't have any issues with any wife (i'm not even married, lol), I'm mostly interested in the third scenario, as I would have more concern when using public networks.

 

[eibgrad]

You can always set up your own OpenVPN server on some inexpensive VPS (e.g., Scaleway.com) if you don't want to deal w/ a commercial OpenVPN provider. The good and bad should be obvious.

On the good side, you control everything, including logging. The likelihood of VPS snooping, while not impossible, seems less likely to me. And you can use if for reverse tunneling back into your home network, thus obfuscating your home public IP. And of course, just having a VPS allows to do other things on that server.

On the bad side, YOU now have to maintain it. And not every VPS is reliable. Uptime seems to vary quite a bit. And at least the inexpensive VPS providers often have substantial limitations on bandwidth and total capacity per month (caps). You can easily exceed the cost of a commercial OpenVPN provider when rolling your own if you expect similar performance and capacity.

One last thought. Although this about to be corrected in the next Merlin release, most routers do NOT block unsolicited, inbound requests over the OpenVPN client tunnel.

https://www.snbforums.com/threads/openvpn-client-security-enhancement.56328/

By using your own OpenVPN server on the VPS, you can at least block that side of the tunnel, which is particularly important if you screw up the firewall on the public facing network interface of the VPS! Of course, there's still the possibility of someone at the VPS messing around w/ your own VPS, but that seems highly unlikely. I'm more concerned about commercial OpenVPN providers because I can't see what's happening on their side of the tunnel. Bringing that side of the tunnel in-house at least gives you a view (and control) into what's happening.

 

[Klueless]

I'm mostly interested in the third scenario

... TP-Link home router be enough to mount a VPN server

I don't know anything about TP-Link but I have used an Asus Router as a VPN host. The software is already there, you just have to configure the router ... and load the client software onto your PC. Encryption is CPU intensive so a few of the routers come with hardware encryption for performance reasons.

Asus supports three implementations of VPN; PPTP, OpenVPN TAP and OpenVPN TUN

• PPTP is the easiest. Most PCs come with the client software already loaded so all you have to do is configure it. Your client is bridged (OSI Layer 2) into the VPN network so things just seem to work. Some diss PPTP because encryption is uh primitive.
• OpenVPN TAP is also bridged. I imagine it works well but I didn't understand how to configure it.
• Open VPN TUN is "routed" (Layer 3). It is both secure and scalable (low overhead). But because it is routed not everything "just works", sometimes there's firewall rules to set.

 

[Paliv]

If you are looking at hosting your own VPN check out AlgoVPN. There’s a thread here about it. I had one on DigitalOcean for a bit. Decent way to do it at a low cost. I’ve never hosted one on my network or router.

 

[Almighty_Denny]

Interesting stuff!
I've never heard about AlgoVPN, only OpenVPN.
Will check its features and see its advantages/disadvantages.

I will also check all the options of my router and see if it has any of those implementations (PPTP, TAP or TUN)

 

[HeMaN]

you can always turn the i3 in to a pfsense appliance. there is a learning curve, but when you understand the basics there is a lot you can do with it apart from being a router/firewall. one of them is being a vpn server.

Verstuurd vanaf mijn SM-G955F met Tapatalk