Accessing local network from WAN (Securely)

Scottland · 9 Oct 2014 at 15:55

Hi,

I have a few services running on my home PC/Server that I'd like to connect to remotely (e.g. TV server and be able to issue record commands).

I could open up the ports and access them via my public IP address, but I'm concerned about the security of that. Another option would be to setup a VPN (via a DD-WRT router).

As far as I can tell in order of most to least secure it's as follows:
1. OpenVPN
2. PPTP VPN
3. Port forwarding only

Other than extra setup time etc, is there any reason not to setup an OpenVPN server on the DD-WRT router? Am I being too paranoid about 'security'?

Interested in others opinions and feedback on this, as I figure there will be a few people on here that have similar setups in place to access their home network remotely.

Scottland · 9 Oct 2014 at 16:17

Confused said:
I doubt anyone really cares about trying to "hack" into your TV server.

I know, I'm just trying to work out the appropriate level of Security vs. Paranoia

There will be about 5 services in total which will all need ports opened for me to access.

Scottland · 10 Oct 2014 at 09:24

FerretBoy said:
I was under the impression Ipsec vpn was the most secure. Free on linux

Not necessarily looking for most secure, certainly don't need a separate linux box running as a VPN server either. Just trying to find a happy medium really. Like Confused said, it's not like hackers are queueing up trying to hack into my network, but I don't want to leave it wide open either.

Scottland · 10 Oct 2014 at 11:27

FerretBoy said:
I believe there are consumer routers with ipsec vpn servers now. For example the Asus ones.

Ah ok, thanks.

Sin_Chase said:
PPTP is no longer considered secure.
L2TP with IPSEC is secure as is OpenVPN
You could also run SSH and tunnel ports over that. Although this option is less widely supported depending on the client you want to use and more complex to configure.

If your Router with DD-WRT supports OpenVPN natively as part of the firmware then this is by far the most secure, easy and widely compatible option available to you. OpenVPN supports certificate based authentication as well as File Based configuration of clients. Is supported on Mac, Linux, Windows AND Android.

I run OpenVPN on my pfSense appliance and it works beautifully. I use it for internet usage when connected to unencrypted Wireless APs on my laptop and mobile phone.

Thanks, OpenVPN does seem to be widely supported - which is a bonus. Still not sure if it's overkill for my needs or not.