VPN Why use OpenVPN

[InspectHerGadget]

I am new to this, probably obvious.

On this basis I will ask an obvious question!

I am running Windows 10 Pro on two machines. I want my remote VPN Client to powered by my phone hotspot to connect to my desktop computer which is behind my Cable internet Modem which is bridged to my AC87 Assus Router.

I was looking through these guides for VPN on the router but all were using a third party product called OpenVPN.

It seems complicated and messy and most of the guides I read basically just said create a port forward for 1723, an incoming VPN connection on the server computer then just create a new VPN connection on the remote computer for PPTP connection. This obviously hasn't worked.

I also found the instructions even for OpenVPN just concentrated on the router settings but not much else so I am still lost.

I need some help on this.

Grant

 

[RMerlin]

PPTP is an obsolete technology that uses a broken encryption method (meaning anyone can easily decrypt your data, including your password). That's why it's being phased out and replaced by more secure technologies like OpenVPN.

Setting OpenVPN is nowhere as difficult as you think. On an Asus router, you just enable it, export the .ovpn config file, edit the "remote" field to ensure it displays your DynDNS address, import it on your client device, and you're done. No port to forward.

You must also make sure that your computer's firewall isn't configured to block out connections from your remote client, but that's the case with any VPN technology.

 

[sfx2000]

PPTP is an obsolete technology that uses a broken encryption method (meaning anyone can easily decrypt your data, including your password). That's why it's being phased out and replaced by more secure technologies like OpenVPN.

PPTP is just fine - it's fast - it's just not that secure these days... it's still kinda secure actually for many - security nuts will have an opinion - but it's going away in any case - so one shouldn't go down that path...

It wouldn't be my first choice... PPTP is fast, but kinda secure.

OpenVPN - pretty secure - challenge is getting the clients configured, as no Major OS has OpenVPN as a built-in option, which might suggest a bit... that and performance with OPVN is generally bad compared to other VPN technologies...

L2TP/IPSec - another option...

 

[RMerlin]

PPTP is just fine

It's not fine. The protocol has been cracked, you can easily retrieve the password:

http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html

Consider it in the same category as WEP and WPA-TKIP.

 

[Xentrk]

I am new to this, probably obvious.

On this basis I will ask an obvious question!

I am running Windows 10 Pro on two machines. I want my remote VPN Client to powered by my phone hotspot to connect to my desktop computer which is behind my Cable internet Modem which is bridged to my AC87 Assus Router.

I was looking through these guides for VPN on the router but all were using a third party product called OpenVPN.

It seems complicated and messy and most of the guides I read basically just said create a port forward for 1723, an incoming VPN connection on the server computer then just create a new VPN connection on the remote computer for PPTP connection. This obviously hasn't worked.

I also found the instructions even for OpenVPN just concentrated on the router settings but not much else so I am still lost.

I need some help on this.

Grant

There are many commercial providers of VPN services. Members on the forum have their favorites. For my use case, I use TorGuard, They have client apps for Androids, iPads, iPhones, Windows OS, Mac OS, etc.. They also support stock ASUS, ASUS Merlin, pfSense and DD-WRT router firmware. It's nice being able to route all or some traffic as desired at the router level. They also have a Private IP VPN service that allows me to have my own private IP which allows me to stream media services which block VPNs.

You can also create your own VPN server on Amazon AWS. There are instructions on their site and many others have written how to blogs and youtube videos on how to do it. There is a free tier if you don't use that much bandwidth.

Having VPN has greatly enhanced my expat life. One thing I like about a commercial VPN service, is they often have a lot of server locations around USA and other countries. This allows me to change my geo location so I can have access to channels in major media markets on SlingTV. Plus, watch sporting events **Football** that may be blocked in my current vpn geo location.

When I go to the gym, I connect to the VPN using the client app on my Android or iPad. I can then stream music from various music streaming services with no geo blocks while working out.

 

[sfx2000]

It's not fine. The protocol has been cracked, you can easily retrieve the password:

Consider it in the same category as WEP and WPA-TKIP.

As you might have noted - I said it wasn't my first choice... and it's not something I would recommend - but if one needs to build a tunnel in a hurry, sure, why not?

Unless one is a target of a three/four letter agency - and for a short time, it's going to be lost in the noise...

It's not in the same category as WEP - but even there, WEP is better than nothing, but I wouldn't recommend it...

WPA/TKIP - I do take some exception there - PSK is vulnerable to dictionary attacks, as is WPA2/AES these days - that being said - with a robust passphrase, WPA/TKIP is still fairly secure.

At the enterprise level - with Radius - WPA/TKIP and WPA2/AES are still similar - there's an edge case with TKIP, but it's pretty hard to exploit, and even then, the window is pretty small, as the keys rotate not only on a time basis, but also when any client joins or leaves the BSSID...

I suppose my point it - be safe, be secure, use the best that you have on hand - that's always the best approach.

 

[sfx2000]

When I go to the gym, I connect to the VPN using the client app on my Android or iPad. I can then stream music from various music streaming services with no geo blocks while working out.

The more one uses any VPN, the more they are at risk - use it wisely...

 

[Xentrk]

The more one uses any VPN, the more they are at risk - use it wisely...

I don't understand the risk? I use VPN on my routers at home 24x7. I always use VPN when connected to public WIFI.

 

[sfx2000]

I don't understand the risk? I use VPN on my routers at home 24x7. I always use VPN when connected to public WIFI.

Because... you can't hide on the internet.

a) you're not really hiding anything - deep packet inspection, pattern recognition -- machine learning and AI and big data - you're not going to hide from Big Bro there - and worse yet, little brother, he's looking inside your browser...

I'd worry more about little brother, as he doesn't have restrictions - Big Bro does to some extent..

b) performance with a VPN on the home lan - it's going to suffer... esp with OVPN, as it's performance on a ARM Cortex-A9 generally sucks...

Always good to run a VPN from a public hotspot - and there, it can be fairly simple - even an ssh tunnel is more than enough...

 

[Xentrk]

Because... you can't hide on the internet.

a) you're not really hiding anything - deep packet inspection, pattern recognition -- machine learning and AI and big data - you're not going to hide from Big Bro there - and worse yet, little brother, he's looking inside your browser...

I'd worry more about little brother, as he doesn't have restrictions - Big Bro does to some extent..

b) performance with a VPN on the home lan - it's going to suffer... esp with OVPN, as it's performance on a ARM Cortex-A9 generally sucks...

Always good to run a VPN from a public hotspot - and there, it can be fairly simple - even an ssh tunnel is more than enough...

Thanks for clarifying your statement. My main use case is getting around geo restrictions. I use search engines a lot. Having my geo location come from USA helps in that regard. Otherwise, I get the Thai language when using the Thai version of google which is not my preference. My avatar lives in San Diego BTW.

 

[InspectHerGadget]

I wanted to get PPTP to work. It is for a customer who simply wants to connect to a home desktop for licensing authentication. It is very basic.

I can get the VPN to work on my system only if I am on the same network using WiFi. Once I use my phone hotspot. It doesn't work. I opened port 1723 and GRE protocol 47 and using just windows firewall correctly configured and forwarded to my desktop IP which I fixed. I didn't use the VPN PPTP server on my Asus AC87 as I felt it was possibly more complication. I probably still don't understand how to use that. It seems it does get to the router but the connection is refused.

 

[InspectHerGadget]

I should have asked just how to setup PPTN and whether I needed to use the VPN PPTN built into the router I have. I'm not interested in OpenVPN really. I just wanted to set up a customer so he could activate software licenses remotely which simply requires a network connection. I spent ages on it and still couldn't get it to work.

 

[sfx2000]

Open VPn is considered to be the most secured protocol in VPN

Erm, not really... it's good

But not the most...

 

[Butterfly Bones]

Erm, not really... it's good

But not the most...

A reference link would be really helpful for those of us learning and researching VPN security. I don't doubt you, I just seek more information. Thank you.

Net searches on this subject don't offer many reliable sources, IMHO. Recent US / World government shenanigans have created worry / paranoia / concern (good) and those trying to sell solutions (many bad).