Security vpn
- Thread starter fes_786
- Start date
I assume your VPS is hosted somewhere in the cloud and not by you? If so, you would need to look at what you had and check with the hosting company what they support.
Basically, VPN is best imagined as a tunnel, data goes in one end and comes out the other but INSIDE the tunnel it's encrypted. Since the end-points of the tunnel are behind firewalls only those systems behind the end-points can see the unencrypted data. However, this also means there's two parts to consider, the VPN client end-point and the VPN server end-point. You have full control of the VPN client end-point as it's on your home PC and your router/firewall will normally pass outbound traffic without interference.
The problem occurs at the VPN server end-point as you may not be able to install VPN server software plus, depending on the VPN type, you would have to open at least one port on the firewall and maybe add a protocol.
The simplest VPN is PPTP (Peer to Peer Tunneling Protocol), you'll only need to open port 1723 and allow protocol GRE over it. The firewall affected is at the server end so it's the hosting site firewall. Consequently only they can tell you whether they support it or not although they may offer other options too.
Once the network is compliant you can look at the end-points. On Windows servers RRAS has VPN support built-in, on Linux you can use OpenVPN. On the client end Windows supports it natively while under Linux you may have to install a client although all decent distributions have one in the repos.
Once the tunnel is established you don't need to worry about routing PROVIDED the remote network is a different subnet to your own. In other words, the tunnel gets added to the routing table automatically. The only things you may have to be concerned about is DNS and Default Gateway i.e. whether these remain as they were BEFORE the tunnel was established or whether they need to be different AFTER the tunnel is established. Although, with a hosted VPS I suspect leaving them unchanged irrespective of whether the tunnel is established or not would be the best solution.
If you can find out what the hosting company supports I should be able to provide more detail on how to set it up.
Since it's an encrypted tunnel all ports are automatically open - you can run anything as if you were locally connected
Nice
I think me and u will b having a nice chat
does using VPN tunnel affect ping ?
Will it go higher if going through tunnel or it will b same?
There's a small overhead with all traffic, not just ping, because it's encrypted but mostly the overhead doesn't interfere provided you have at least reasonable response times normally.
You can 'split' anyway so if you need a fast response for some stuff (like gaming) you can configure responsive stuff direct and other stuff via the tunnel - harder but do-able
K will want everything to go via tunnel
Plus will need to setup ip tables firewall to block all ports on the open side except a few that I will use
Will do a bit of research regarding the hosting provider and let u know
Plus will need to setup ip tables firewall to block all ports on the open side except a few that I will use
Will do a bit of research regarding the hosting provider and let u know
Once you set up the VPN client the firewall is pretty much irrelevant for the tunnel? Think about it as a road junction, left is open but connected to the remote end-point (VPN), right is firewalled but connected to the World
I knew what you meant M8, see them as two separate routes, VPN open but Internet blocked by the firewall as required
If you can afford it, get an ASA (adaptive security appliance), its cisco kit, but you can then use ipsec vpn, and setup ACL's (access control lists), these can be applied in 3 ways. Protocol, direction, port, although this will take a bit more knowledge and configuring, it will be more secure. Depends how secure you want to be, and what you are trying to do really. The ASA will work as a hardware firewall, and will be much more controllable, and customisable. You can download some iOS from various sites, and can be configured remotely. Again depends on how indepth you want to go, and what you're actually looking for.
+1 can recommend openvpn, really good community support as well on there forums
ok ive got openvpn installed on dedicated server
made the certificates and self signed it
made a certificate for client machine
couldnt install openvpn on it because it couldnt find bin so doing a upgrade to latest release oneric
now what do i have to do once openvpn is installed on client machine??
how do i go about setting it up.etc
cheers
made the certificates and self signed it
made a certificate for client machine
couldnt install openvpn on it because it couldnt find bin so doing a upgrade to latest release oneric
now what do i have to do once openvpn is installed on client machine??
how do i go about setting it up.etc
cheers
Code:
You don't have permission to view the code content. Log in or register now.
Last edited:
or with Tomato and DDWRT open vpn server and client are built it, so you can create the VPN tunnel from the router.
I am in process of setting up a vpn connection between 2 sites, both using Tomato routers.
These are more Small Business I am presuming, rather than larger businesses, or enterprise networks?
Youre running a dedi server, is this a seedbox by any chance?
Are you not able to FTP to the server, as this would be encrypted. You could simply purchase a VPN, or even use TOR to connect to the server, and this would hide your IP/cover what youre actually doing.
Similar threads
