Support NeoGAF

[QuantumZebra]

Hey GAF,

So I'm not really sure where to look, as this question is a bit beyond Google's capabilities... but I have what should be a simple home VPN question.

My network:

Linksys AC6350 (ISP modem/router - 192.168.1.1 LAN / Internet on WAN ) - this is running DHCP to -> TPLink R600 VPN Router (192.168.0.1 LAN / 192.168.1.17 WAN) which then has my Linksys AC6150 running off of that via DHCP (192.168.2.1 LAN / 192.168.0.50 WAN)

My entire network is running off the 192.168.2.1 subnet (6150 router).

What I want to do: access my home network externally.

So my questions are:

A) What do I need to do to access my home network via VPN? Is this something that is set-up on the TPLink VPN Router (for instance it has PPTP VPN server but I am unsure how to use it).

B) Is the above configuration proper? Do I need to have everything hitting the VPN Router and have that hitting my ISP router/modem (6350) and use the 6150 for an AP?

 

[Darren870]

Port forward ssh (22) on your router to whatever device you are trying to hit.

Why VPN? What are you trying to do by accessing your network externally?

 

[Vic]

OpenVPN should do the job if you want to remotely connect to your home network.

 

[QuantumZebra]

Port forward ssh (22) on your router to whatever device you are trying to hit.

Why VPN? What are you trying to do by accessing your network externally?

Learning / access to my ESXi via RDP & Putty where I'm hosting a Ubuntu workstation / web server / other stuff while im away at the office / friends place / etc..

IE my main goal is to be on a PC in a remote location and be able to VPN into my home network and then RDP into my Ubuntu WS or W10 gaming PC

OpenVPN should do the job if you want to remotely connect to your home network.

Does that negate the need for the hardware VPN router completely? I'll have to look into it

 

[seb_n]

You've got like 3 layers of NAT going on there, that's going to confuse things. The real solution would be to spin up an openvpn vm on the esxi host and forward the port to its ip, however with all those routers in its path you might get some weird troubleshooting issues. Why do you have 3 routers all on different subnets?

 

[bundaberg]

I'm not in networking but that set up seems overly complex and prone to configuration problems. Just ditch everything but the ISP modem / router (or replace it with a better one if it's lacking) and then either VPN to that or to OpenVPN (or other software VPN solution) running on the network.

 

[Quote]

Like others have stated, you have too much going on but I'm guessing there's a reason but triple NAT will not make this easy.

Also, do you have a static or dynamic IP?

 

[QuantumZebra]

Like others have stated, you have too much going on but I'm guessing there's a reason but triple NAT will not make this easy.

Also, do you have a static or dynamic IP?

Dynamic from the ISP, so assuming I will need a DDNS provider?

You've got like 3 layers of NAT going on there, that's going to confuse things. The real solution would be to spin up an openvpn vm on the esxi host and forward the port to its ip, however with all those routers in its path you might get some weird troubleshooting issues. Why do you have 3 routers all on different subnets?

I am new to the networking side of things (more of a VMWare/SysAdmin guy) so my line of thinking was to have my ISP modem/router coming in be the default 192.168.1.1, and have the VPN router (192.168.0.1) in between that and my actual router that my network is on (192.168.2.1).

Now that you point it out I guess that is going to complicate things greatly, lol.

What would be the optimal solution? I cannot have my ISP's modem behind my VPN router (the most I can do is set it to hand out an IP to the router) because it has settings from my ISP that I can't mess with (IE turning the ISP router into a bridge mode box and sending everything to the VPN router).


Should I have my ISP router hand out an IP on the 192.168.1.XXX network to my VPN router, and then have everything run off the VPN router's subnet (192.168.0.1)?

If so, will that mess up my wifi? Since the VPN router doesn't have wifi ability I assumed I needed to have everything running off the 2nd Linksys Router (192.168.2.1 subnet) as it has wifi capability. Sorry if this is confusing.

Should my layout be something like:

Linksys ISP Router (192.168.1.1 LAN) -> VPN Router (192.168.2.1 LAN / 192.168.1.XXX WAN) -> Linksys WiFi Router (also on 192.168.2.XXX subnet)? Will that allow me to broadcast the .2 subnet if my DHCP is being handled by the VPN router?

This networking stuff is complicated

 

[QuantumZebra]

.

 

[Transistor]

Is the ISP cable or DSL?

 

[LordCanti]

I had real advice typed up and then:

I guess I did over do it a little bit. I'll probably look into software VPN. I tend to get excited and over do things. I have a collection of several thousand male model pics that I just can't leave home without. I don't want to put them on a cloud drive because my wife knows all my login info and I don't want her knowing my dirty secret.

 

[mackattk]

I guess I did over do it a little bit. I'll probably look into software VPN. I tend to get excited and over do things. I have a collection of several thousand male model pics that I just can't leave home without. I don't want to put them on a cloud drive because my wife knows all my login info and I don't want her knowing my dirty secret.

Not gonna touch that with a 10' pole... Obvious answer is to discretely upload them to a cloud drive that your wife doesn't know about and don't use the same damn password for everything.

 

[QuantumZebra]

I had real advice typed up and then:

Not gonna touch that with a 10' pole... Obvious answer is to discretely upload them to a cloud drive that your wife doesn't know about and don't use the same damn password for everything.

My co-worker got my pc while I was away lmao

--

Is the ISP cable or DSL?

It's fiber off the street to a Linksys AC6350 router/modem - I guess technically DSL but I get 100mbps up/10 down

 

[QuantumZebra]

I had real advice typed up and then

No, please, I need the real advice, lol

 

[BuddyL33]

I'd also get rid of the triple NAT as well. That's just a networking nightmare and also impacting your performance. I totally get wanting to run your own modem/router of the providers. If you're lucky, like I am with AT&T fiber, I have complete access to their router, so I simply tell it to pass it's IP through to my R7000. Then I turn off all the security features on it and let my R7000 do the work.

 

[QuantumZebra]

I'd also get rid of the triple NAT as well. That's just a networking nightmare and also impacting your performance. I totally get wanting to run your own modem/router of the providers. If you're lucky, like I am with AT&T fiber, I have complete access to their router, so I simply tell it to pass it's IP through to my R7000. Then I turn off all the security features on it and let my R7000 do the work.

I'm guessing that's what I'll need to do.

My ISP has the router configured with a login and some other stuff so I'm iffy on messing with it... not sure if putting it into bridge mode (or is there some other passthrough mode) would mess up my internet connection.

Ideally I'd like the ISP modem/router to just be a door to the VPN router, have that as 192.168.1.1 (or 1.2 with the ISP router as 1.1) and then have my APs running off that.

I guess that's probably my best shot. I'll try tinkering with the ISP router to see if I can disable DHCP and use it as a door to the VPN router.