soliciting help and options for robust road warrior VPN (Open VPN?)

[BassBlu]

I am currently reworking my road warrior setup and looking for some opinions. I haven't had a proper setup for years and was using PPTP before the security problems were exposed. Here are my options:

1. Amazon AWS VPS running OpenVPN server
   • I have been trying this with limited success. I cannot seem to get communication between clients even with client-to-client enabled
   • This costs money to transfer data and would not want all my home network traffic going this way
2. Router hosting OpenVPN server
   • WRT1200AC running LEDE
   • Use AWS or DDNS for DNS?
3. Figure out a way to connect back with my virtual server inside my main machine
   • Virtual CentOS 7 server running on my main machine
4. Raspberry Pi plugged into the router
   • Bypasses the need to manage a server on the router itself
   • Original model B+ with 10/100

What I want to be able to do is use Microsoft RDP to access my content creation VM and my file server from the road. This way I am able to use SolidWorks and Lightworks from wherever. This worked well with PPTP years ago and now I need mobile availability again and PPTP is not an option.

Some other things I am unsure about is whether or not to use tunneling or ethernet bridging. I am also considering using L2TP with IPsec for easier integration with iOS devices.

 

[bnhf]

Interesting set of equipment, requirements and services!

It's hard to argue with an OpenVPN server hosted on your own equipment, given the broadband performance that many have in their homes these days. If you're looking for ease of use, it's a dual-core Asus router running AsusWRT-Merlin (not one of your options I know), ~$150 on Amazon for an RT-AC68U.

The WRT1200AC is a fine router, but LEDE is going to be more demanding of your time than one based on Merlin. You can have multiple OpenVPN servers and clients running, and once you've configured your server it generates the .ovpn config file along with the keys and certs -- dead easy! Also the free Asus DDNS service has been great for me and anyone else I've heard talk about. It's free (as opposed to $40/year for DynDNS), and there's no account setup required -- just "register it" from within the router GUI and GO. Sell your WRT1200AC on eBay and count it as time saved!

If a new router doesn't appeal, then the ROOter build of LEDE would be a good way to go, either on the WRT1200AC directly, or you can also run that same build of LEDE on your Raspberry Pi. If you don't already have LEDE up-and-running, ROOter is a distro that's ready-to-deploy with the packages a road warrior would likely need, and really good support for USB cellular modems. In fact, you could use ROOter on your WRT1200AC at home, and use the Raspberry Pi running the same router OS on the road, to support multiple devices in a hotel room or wherever. It has support for cellular devices or WWAN out-of-the-box -- OpenVPN is there too. I have yet to need to add any packages to ROOter. This would be more work than the Merlin approach, so it depends on how much time you have for this kind of stuff when you're off the road.

 

[BassBlu]

Thanks, bnhf! This kinda makes me realize that I may be trying to overcomplicate my setup by doing it ALL myself. I also use no-ip (paid) for a few things so DDNS will be no problem.

I might as well keep my AWS instance for something else as well. I was thinking of trying to have the openvpn server there to keep my speeds higher for stuff outside my home connection. I have 10mbps up at home and AWS is a lot faster if I am not doing any work there.

I did have a question about ROOter though. Is it open source and where can I get it? I cannot seem to find a clear download location or much info about the project. It's important that it be open source like LEDE and Merlin because I think the extra community oversight keeps it more secure and up-to-date. If it is truly just a collection of packages I would trust it more, but just being sure here

 

[bnhf]

I did have a question about ROOter though. Is it open source and where can I get it? I cannot seem to find a clear download location or much info about the project. It's important that it be open source like LEDE and Merlin because I think the extra community oversight keeps it more secure and up-to-date. If it is truly just a collection of packages I would trust it more, but just being sure here

The site is called "Of Modems and Men" and can be found here:

https://ofmodemsandmen.com/index.html

In addition to all of the pre-built images for the routers they support, you can also find the scripts to build from source yourself. From my perspective it's OpenWRT/LEDE, but with all of the packages one needs to be up-and-running with a minimum of fuss. I'm mobile full-time, so the emphasis on cellular modems is great, and hard to find in many routers. If you've already got LEDE installed and fitted-out the way you want it, there's no reason to switch. But, if it's going to be new to you, the ROOter build is nicely done.

I did a post on setting up an OpenVPN client on a Raspberry Pi running ROOter which may save you some time if you decide to go this route:

https://www.snbforums.com/threads/r...e-fork-rooter-build-pia-openvpn-client.41024/

 

[BassBlu]

EDIT: I got it working now with the included script. I may do a writeup here soon. All is working smoothly!



I got my VPN up and running on stock LEDE without too much trouble, but my DDNS isn't working properly. For whatever reason no-ip isn't in the list of hosts. I downloaded the script and config from the repo but it's not working right either.

If anyone knows of a script that would work for no-ip.com I would be happy to have it

Thanks for all the help