1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

DDNS vs VPN

Discussion in 'Asuswrt-Merlin' started by heysoundude, Apr 4, 2020.

  1. heysoundude

    heysoundude Very Senior Member

    Joined:
    Sep 20, 2016
    Messages:
    890
    I’m hoping for some insight so I can clarify in my own head. Please bear with me.
    Both are methods of securing my LAN, both mitigate a dynamic WAN IP (or am I mistaken on these?); what are the use-case differences that make differentiating between the two easiest for a secure and stable home network for the average user?

    Am I missing or misunderstanding a key piece of knowledge that’s preventing me from grasping the answers so I can make the decision for myself?


    Sent from my iPhone using Tapatalk
     
  2. Dabombber

    Dabombber Regular Contributor

    Joined:
    Apr 29, 2016
    Messages:
    187
    heysoundude likes this.
  3. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    12,608
    DDNS (Dynamic Domain Name System) is a way for a dynamic (i.e. not a static) public IP address to be used to connect to your network from anywhere on the internet. It is a service (paid or free) that tracks any change in your public IP address and updates regularly to resolve your current IP and allow you to connect (for instance, via OpenVPN).

    A VPN (Virtual Private Network) is a secure connection between you and the server/service you're connecting too.

    Just because its a secure connection it doesn't mean it is secure. To make it 100% secure, you need to 'control' and/or have full access/privileges to both ends of this 'tunnel' we're establishing over the 'wild' 'net. For example, a VPN connection using OpenVPN between your city home network and your cottage home network would be 100% secure as you are in control of both 'ends'. Nothing and nobody can see what you're doing over that connection (as long as you stay within your two networks and don't also go out to the 'wild' 'net through either end-point), that is why it is secure.

    A paid-for VPN (pick your favorite poison here) is secure only as far as others on the 'wild' 'net will not be able to see your actions between your VPN connected device (or the entire network, if the VPN is on the router and channels all connected clients via the VPN) and the VPN provider. But, once you connect to other servers (websites) outside from the VPN provider, there is no 'safety/privacy or security' anymore, because once again you'll be on the 'wild' 'net and all that entails.

    But, neither can this 'safety/privacy or security' be claimed even while you're within the VPN servers with 100% validity either. If you believe that, then the VPN provider's marketing has worked and I would love to sell you some ocean beachfront property in Las Vegas too, cheap! :)

    HTH.
     
    royarcher, joe scian and martinr like this.
  4. heysoundude

    heysoundude Very Senior Member

    Joined:
    Sep 20, 2016
    Messages:
    890
  5. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    12,608
    You're welcome @heysoundude.

    I don't think pixelserv-tls is related here... (@dave14305, any insights here for our friend)?

    That Asus support link is also unrelated I think as its merely for logging in to the GUI.

    As long as you don't let random strangers connect to your main home WiFi connection (or, allow them to have access to the LAN ports on your router or network switches), then HTTPS is overrated, IMO. :)
     
  6. dave14305

    dave14305 Part of the Furniture

    Joined:
    May 19, 2018
    Messages:
    2,940
    Location:
    USA
    Perhaps the use of “DDNS” in the OP refers to having generated a Pixelserv-CA-signed cert for the DDNS name of the router UI, as opposed to router.asus.com?
     
    royarcher, heysoundude and L&LD like this.
  7. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    12,608
    Fresh eyes, a new perspective, I didn't even consider that possibility before. :)

    Thank you @dave14305.
     
    royarcher likes this.