Sharing a single VPN connection

weeblesfall · 1 May 2010 at 18:08

Firstly, i appologise if this issue has already been covered in the forums - i did do a search, but may have overlooked a relevent thread.

Also, whilst i have pleny of pc hardware knowledge, my networking experience is next to none.

Anyway, my query. I've been looking into puchasing a secure home VPN connection from a company such as StrongVPN for the purpose of securing and encrypting my outgoing home broadband internet traffic through a secure VPN tunnel.

However, my home network consists of 3 PC's, each wifi connected to a basic Buffalo WBMR-G54 adsl modem router, and i would like to be able to use each PC at the same time, each sharing the same outgoing VPN tunnel.

I have done some research on this, and found that many routers don't like more than one VPN link active, with a second VPN link simply kicking the first off the net.

Is it reasonably possible to somehow split a VPN tunnel coming into the modem to each of my 3 PC's, just as the internet connection itself is split?

Or is it possible to buy a VPN enabled adsl modem router where i can setup the VPN connection within the router, so my PC's can then simultaneously access the router via regular WEP encrypted wifi, where they can then enter the VPN tunnel?

Sorry about my limited knowledge on this - hopefully someone can figure out what i'm trying to get accross!

wij · 1 May 2010 at 19:25

Not sure why you think this is necessary at all (unless you live somewhere like China perhaps...) but if I were doing it myself I'd go and get a router that can act as a VPN endpoint as you suggested and just make that the default route for all the clients.

I *think* a WRT54GL flashed with Tomato can act as an OpenVPN client which should work with someone like StrongVPN's service.

J.B · 1 May 2010 at 20:06

Im going to ask what the need for this is as well?

I dont know the company but I assume once your traffic hits the StrongVPN servers it is then out the VPN tunnel and in the clear. The most you will be doing is masking your location/IP.

Like wij says the way to do with would be to have a router that can support being a VPN endpoint.

Why though, Im not sure.

bigredshark · 1 May 2010 at 21:05

He'd also be masking bittorrent traffic or similar from his ISP, I'm not condoning that as a reason, it's a rubbish one and you'd be stupid and selfish to do it for that reason.

Azuse05 · 1 May 2010 at 21:41

wij said:
I *think* a WRT54GL flashed with Tomato can act as an OpenVPN client which should work with someone like StrongVPN's service.

Tomato VPN mod

weeblesfall · 1 May 2010 at 22:16

Thanks for the advise guys - the VPN endpoint solution makes sense.

My reasoning for the encryption is a response to the UK's hastily passed and highly controversial 'Digital Economy Act', which does actualy have the potential to bring our internet a step closer to China's system; in that any website found to be linking to copyrighted content available for free download (e.g. google) could now be blocked from UK end users.

I'd advise anyone reading this to research the act, as it also allows an internet account holder's connection to be cut, and he/she to be fined up to £50000, should their connection be found downloading copyrighted content. This stands even if your kids are to blame, or if someone has hacked in and is using your wifi from next door etc. http://www.trustedreviews.com/netwo...s-Beware--MPs-Approve-Digital-Economy-Bill/p1

There is also a recent streamable BBC episode of Panorama which highlights the issue/consequences.

As i am the internet account holder in my shared student house, and cannot control what my housemates use their connections for, i can't risk the loss of my connection and more importantly, a £50000 fine; hence the VPN route.

I appreciate the concern over filesharing, and am, as countless others must be, guilty of quite a bit of Napster/Kazaa usage on the parents old dialup connection.

However, now things like VPN seem set to become just as much of a precausionary measure as an active aide to filesharers, as the law will not discriminate whether the blame for any copyright infringement lies with the internet account holder, or anyone managing to use/hack in to the same wifi connection.

Fat Dog · 4 May 2010 at 12:29

Been doing research on vpns myself recently. I would suggest as others have a WRT54GL with Tomato OpenVPN is the way forward if you want all traffic to be routed down the VPN. In case you haven't seen this check the yearly special out from strongvpn - http://www.strongvpn.com/packages_special.shtml - seems a pretty sweet deal.

Sp00n · 4 May 2010 at 12:45

weeblesfall said:
There is also a recent streamable BBC episode of Panorama which highlights the issue/consequences.

I saw that, it was very ammusing.

You will have to tunnel at the router in order for all the traffic to go out over the vpn, as has been said ddwrt or tomato is capable of this and securevpn does both ipsec and openvpn.

I use VyprVPN for the same result

anything I don't mind · 4 May 2010 at 13:50

i wouldnt recommend routing all your lans traffic through a vpn, due to bandwidth performance considerations. I have never used any of the managed vpn services and they might be easy. But setting up a vpn server and routing all your traffic through it, is not easy for new comer.

What i do is rent a dedicated box that is 100mbit in another country, then i use ssh tunnel to route all my http and dns through it. Then all my games and torrents and big http downloads just go out through my normal network. Alternativaly what i can do is use the 100mbit box to download torrents with and then connect to the box with sftp and download from that. But as you have several people on your network enforcing this kind of policy would be difficult.

so ssh tunnel for https (send dns through it with firefox option remote.dns) then use remote box to download torrents, then use sftp to download from it. Pretty secure setup and a lot better than routing everything through a vpn.

I am pretty sure game latency will take a dive if you route it through a vpn. If you can set certain ports to go through the vpn and others not then that might be a good idea.

You can setup windows on the remote box and then use vpn+vnc or vpn+rdp and show people how to use it to download linux isos...

When i was living in a shared house, i banned all these lame file sharing applications. like emule. they just kill my upload bandwidth with like 500 connections.

occasionally my housemates would use it and i would know immediatly.

once the spanish girls, who let their friends use our living room like a hotel, one of their friends was staying over and i noticed bandwidth problems i go down stairs and he is downloading and updating WOW on my network, lol. i killed his inet hahaha

Westyfield2 · 4 May 2010 at 14:30

<Subscribes>

I'm interested in this.... would want to route all the traffic down the VPN as default, but be able to selectively un-VPN certain traffic (games).

Hmm...