Accessing local network from WAN (Securely)

[Scottland]

Hi,

I have a few services running on my home PC/Server that I'd like to connect to remotely (e.g. TV server and be able to issue record commands).

I could open up the ports and access them via my public IP address, but I'm concerned about the security of that. Another option would be to setup a VPN (via a DD-WRT router).

As far as I can tell in order of most to least secure it's as follows:
1. OpenVPN
2. PPTP VPN
3. Port forwarding only

Other than extra setup time etc, is there any reason not to setup an OpenVPN server on the DD-WRT router? Am I being too paranoid about 'security'?

Interested in others opinions and feedback on this, as I figure there will be a few people on here that have similar setups in place to access their home network remotely.

 

[Confused]

I've got ports forwarded to my automation apps, and then just make use of the in-built security of the apps.

I doubt anyone really cares about trying to "hack" into your TV server.

 

[bledd]

Two main options..

Use Teamviewer
Use router's VPN with remote desktop


I have both set up.

 

[Confused]

Oh yeah, and when I need to actually view/access the desktop, I use TeamViewer, as bledd does.

 

[Andre]

Neorouter free, and host your own server - gives you a proper VPN
I quite happily access home from work and work from home - either ssh in, or full-blown desktop access

 

[Scottland]

I doubt anyone really cares about trying to "hack" into your TV server.

I know, I'm just trying to work out the appropriate level of Security vs. Paranoia

There will be about 5 services in total which will all need ports opened for me to access.

 

[FerretBoy]

I was under the impression Ipsec vpn was the most secure. Free on linux

 

[Scottland]

I was under the impression Ipsec vpn was the most secure. Free on linux

Not necessarily looking for most secure, certainly don't need a separate linux box running as a VPN server either. Just trying to find a happy medium really. Like Confused said, it's not like hackers are queueing up trying to hack into my network, but I don't want to leave it wide open either.

 

[FerretBoy]

I believe there are consumer routers with ipsec vpn servers now. For example the Asus ones.

 

[Sin_Chase]

PPTP is no longer considered secure.
L2TP with IPSEC is secure as is OpenVPN
You could also run SSH and tunnel ports over that. Although this option is less widely supported depending on the client you want to use and more complex to configure.

If your Router with DD-WRT supports OpenVPN natively as part of the firmware then this is by far the most secure, easy and widely compatible option available to you. OpenVPN supports certificate based authentication as well as File Based configuration of clients. Is supported on Mac, Linux, Windows AND Android.

I run OpenVPN on my pfSense appliance and it works beautifully. I use it for internet usage when connected to unencrypted Wireless APs on my laptop and mobile phone.

 

[Scottland]

I believe there are consumer routers with ipsec vpn servers now. For example the Asus ones.

Ah ok, thanks.

PPTP is no longer considered secure.
L2TP with IPSEC is secure as is OpenVPN
You could also run SSH and tunnel ports over that. Although this option is less widely supported depending on the client you want to use and more complex to configure.

If your Router with DD-WRT supports OpenVPN natively as part of the firmware then this is by far the most secure, easy and widely compatible option available to you. OpenVPN supports certificate based authentication as well as File Based configuration of clients. Is supported on Mac, Linux, Windows AND Android.

I run OpenVPN on my pfSense appliance and it works beautifully. I use it for internet usage when connected to unencrypted Wireless APs on my laptop and mobile phone.

Thanks, OpenVPN does seem to be widely supported - which is a bonus. Still not sure if it's overkill for my needs or not.

 

[Clav]

Thanks, OpenVPN does seem to be widely supported - which is a bonus. Still not sure if it's overkill for my needs or not.

It may technically be overkill but if it is an easy option to implement then you may as well use it.

 

[stuie]

Have a look at softether.

it utilises vpn and emulates a virtual hub giving you a local ip on your remote network giving you full internal access

 

[Cenedd]

PPTP, as Sin Chase said, isn't considered secure. It also can prove problematic to connect to from within some networks as it requires the firewall to monitor the connection negotiation and open the required ports. IPSEC doesn't have this problem and enjoys better support.

If you're going to set up OpenVPN just make sure that the router you're using is completely up to date as there have been a number of vulnerabilities discovered recently that can cause issues. Specifically the HeartBleed and ShellShock vulnerabilities. Once patched you should be fine.

Gareth