Menu
What's new
By:
Filters Better Search

Newbie in need of guidance. Warning: minimal knowledge!

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

P

patrick sullivan

Regular Contributor
I have the PIA VPN service running on a windows 7 machine with one NIC. My LAN is visible, and everything appears to be working well; I am able to use the VPN service (torrent download), as well as access my local network to transfer files that were downloaded via the VPN. I am replacing that machine with a newer server that will have 2 NIC's. My questions are:

1: How should I set up my new machine to ensure that access to my LAN is NOT possible through the VPN. In other words, I want to make sure my LAN is secure from intrusion via the VPN service.
2. How do I ensure that the server is not going to access the internet via the LAN NIC, but instead ONLY connect to the internet via the VPN NIC? So, one NIC for LAN, and one NIC for VPN.
3. How can I test to ensure that my desired setup is indeed working as described above? Is all of my browsing activity via the VPN untraceable from my ISP? Is the server only connecting to the internet via the VPN NIC?

Thank you for any help!
 
Great post. Thank you yorgi! Not familiar at all with writing scripts, but I'll try to research that. I hadn't read that post, very helpful indeed.
 
Last edited:
Since I have a dedicated Windows 7 machine for the VPN, and this machine is connected to my modem, would it be beneficial to use a router? “VPN on a router is better then software”. From this quote, it implies that configuring things for the VPN might be easier if it is routed through a router. I have an old Linksys router laying around that I could use. Again, I have two NIC’s on the motherboard of this Windows 7 machine. One that connects to my network, and one that connects directly to the modem (sole purpose is VPN)
 
patrick sullivan said:
I have the PIA VPN service running on a windows 7 machine with one NIC. My LAN is visible, and everything appears to be working well; I am able to use the VPN service (torrent download), as well as access my local network to transfer files that were downloaded via the VPN.
Click to expand...

And with the VPN client running on your router...

Do you realize that it bypasses all safeguards that your router could provide, and makes your entire LAN visible to the public internet?

How well do you know your "VPN" provider...
 
sfx what do you mean by that?
When your using a VPN the tunnel is between client and host.
Why do you say that the entire LAN is visible to public internet? doesn't the firewall work when you are on a VPN?
From what i know hardware VPN is way better then software.
Using a VPN on the router one can be vulnerable to attacks or hacks?
Even if you are on your LOCAL ISP your LAN can be visible to the internet. It all depends on the firewall of the router and your Operating system on how well it blocks ports etc.
Can you elaborate a bit on what you said because its quite a statement!
thanks
 
Last edited:
My current setup:
Main network: modem>firewall>network
Torrent host: modem>PC(VPN)
The two are connected via the second NIC on the torrent host: PC(VPN)>network. This allows me to access downloaded content, as well as remotely access the torrent host, as it is in a server cabinet without a monitor/keyboard.
I realize that I am allowing a "back door" into my network by this current setup. The only way around it that I can see is to remove that cat-6 cable that connects the two networks, and remotely access the torrent host PC(VPN) via a program like Team Viewer. Kinda a pain in the arse, but I would be leaving my LAN through the firewall to be directed back via the VPN into the torrent host. Is that what you guys are suggesting, or are you suggesting that I place a second firewall in front of the torrent host? Sorry guys, limited knowledge...
 
Last edited:
Looks like RouterOS or DD-WRT X86 might be an option for me since I have a dedicated PC. I don't see the point in buying a router if I can use my existing hardware?
 
yorgi said:
sfx what do you mean by that?
When your using a VPN the tunnel is between client and host.
Why do you say that the entire LAN is visible to public internet? doesn't the firewall work when you are on a VPN?
From what i know hardware VPN is way better then software.
Using a VPN on the router one can be vulnerable to attacks or hacks?
Even if you are on your LOCAL ISP your LAN can be visible to the internet. It all depends on the firewall of the router and your Operating system on how well it blocks ports etc.
Can you elaborate a bit on what you said because its quite a statement!
thanks
Click to expand...

A single client on a network logging into a VPN host - low risk... unless you don't own the host.. (see below)

A router logging into a VPN host assumes trust - because the VPN client on that router is behind the SPI/NAT - hence everything that the VPN client sees is also trusted... thus, when the client in the router is connected to the VPN host, everything behind it, is also trusted and visible...

Using a VPN opens up your threat surface, as the VPN means trust - and that includes everyone else attached to the VPN host - so if I were logged onto the same public VPN host, do you trust me - someone with in-depth technical knowledge on how networks, and VPN's actually work?

I didn't think so...

VPN's don't hide addresses, and they don't provide privacy - what VPN's do is allow one to build a tunnel from one site to another - and one must trust both ends - so I can be in a coffee shop, and dial into my VPN (I host my own), and I can trust it to carry the packets to my home network, and from there, out to the internet when I'm surfing Facebook or checking email...

I can do a site to site VPN (office to office, business to business) and ensure that those packets are protected end-to-end - I do site to site VPN's as part of my day to day job...

Using a VPN doesn't make you invisible to the internet - actually it's like any other traffic - but to some, OpenVPN's footprint/signature might cause one to be a person of interest to certain public safety agencies...

And...

If I were a 3-letter/4-letter public safety agency - would be prudent to invest, or perhaps event create - a public VPN host that folks can log into - think about it - folks like you think they're safe, but at the same time, I don't even have to decrypt it, scary now? They can put up a WWW site and say trust us... and they have the resources to make it really attractive... bandwidth included...

When using VPN, do you really know, really trust, the connection you're logging into to?

Please - practice safe-hex... don't put your packets in a place that you don't know where they're really going...
 
Gah - "This message is awaiting moderator approval, and is invisible to normal visitors."
 
hmm
Your comments are very interesting.
From what I understand if i am on a VPN like PIA and an expert in networking like yourself is in the same IP as me from PIA, what you are saying is that you get get into my router and hack me? can you override my firewall? are you like serious?
You keep saying do you trust me? not very clear on what the results of being on a VPN can be?
Please explain it a little better because I am sure there are millions of people out there who are relying on a VPN for privacy and it seems that its all make believe according to your statements.

All i can say is that before i got a VPN i would get emails from my ISP threatening me for downloads. Since I got a VPN that never happened again.
If VPN's were really not safe as you say, don't you think that out of the millions of people that are using the service someone like yourself who is a netowork guru would have brought these issues out in the open and these companies would have to address them?
If a 3 letter agency wanted to create a VPN to nail people well we know they can do anything.
For the regular Joe who just wants a little privacy, I don't think its worth the hassle listening to guys like you who just scare people with their paranoid and conspiracy crap.
I am sure you are an expert in networks but I think you are exaggerating.

thanks for your post
 
Last edited:
I think sfx2000 is not exaggerating at all. Without question these practices happen. However, Yorgi's interest relate to torrent downloads, and his desire is to prevent his own IP from being traced by the media industry. Sfx2000's interest lie far beyond torrent use, but rather user privacy as a whole. I agree 100% with sfx2000, and hope to one day be "off the grid", but my current interests lie more in yorgi's realm. Neither of you are helping me with my setup I might add. :D
 
Last edited:
Don't forget that VPN tunnel providers can also apply NAT on your tunnel, which does hide your source IP. Otherwise, how else would you break out of geolocation fences if your original IP was still being used...
 
RMerlin said:
Don't forget that VPN tunnel providers can also apply NAT on your tunnel, which does hide your source IP. Otherwise, how else would you break out of geolocation fences if your original IP was still being used...
Click to expand...

Netflix is rapidly closing that hole - not surprised there...
 
You must log in or register to reply here.

Similar threads

gdgross
Setting up VPN server (router?) for offsite access
Replies
13
Views
918
gdgross
gdgross
D
How to restrict VPN network access to certain IP Range or Hosts for specific VPN client
Replies
8
Views
524
ZebMcKayhan
Z
R
ASUS RT-AX86U Double Hop VPN?
Replies
2
Views
215
Rickety Jim
R
Stardust
VPN server running but Linux Client can't connect?
Replies
4
Views
481
Ripshod
Ripshod
G
VPN router on AIS
Replies
0
Views
407
georges
G

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 708 (members: 28, guests: 680)
Top