1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Total noob to the world of VPN and OpenVPN

Discussion in 'Tomato Firmware' started by Kiwi8, Jul 11, 2008.

  1. Kiwi8

    Kiwi8 LI Guru Member

    I have been reading about the OpenVPN mod of Tomato but I could not understand some parts. Could any kind soul help to give some initial direction to my questions, to enable me to read further?

    1) Suppose I am currently remoting to a PC behind my home WRT54G router from outside, will VPN provide a better encrypted way for the remote access?

    2) If I want to set up an OpenVPN server on a PC behind my home WRT54G router, do I need the OpenVPN mod of Tomato, or even the non-OpenVPN version of Tomato will do?

    Thanks in advance.
  2. FRiC

    FRiC LI Guru Member

    1 - No. Using VPN lets you do more than just remoting to a single PC. It lets you join your local computer to the remote LAN and share resources. Or you can set up a site-to-site VPN where all computers on each site can access all remote resources.

    2 - if the OpenVPN server is behind the router, you don't need OpenVPN on the router itself, just forward the OpenVPN port from the router to the server.
  3. occamsrazor

    occamsrazor Network Guru Member

    Kiwi8 - Without knowing your exact needs..... From my experience running OpenVPN on the router has a lot of advantages over running VPN on your home PC:

    1. You only need the router switched on for remote access, not the PC running 24/7, saving power. You could even have your PC on sleep and wake it using the "Wake on LAN" function of Tomato when you do need to have remote access.

    2. Having OpenVPN running on the router gives you remote access to your whole network - not just the one machine. As far as all the devices on your local network are concerned, it's like your remote computer is plugged in at home via an ethernet cable. And when you start to want to do various remote things, e.g. access any device on your home network, that makes life a whole lot easier.


  4. Kiwi8

    Kiwi8 LI Guru Member

    Thanks for all your kind responses.

    Ok... perhaps I try to describe my current situation here.

    Now I have a PC (having a TV card) behind the WRT54G, that I have a remote administrating program installed. Then I use other PCs behind the same WRT54G to control that PC so that I can schedule some recording jobs for the TV card.

    1) So far I am only doing this via the LAN and not from the WAN. I am interested in doing this from the WAN too... ie control my PC from outside internet connection. Will VPN be able to achieve a better encryption than without it? How can I do it? And should I do OpenVPN on the PC or on the router?

    2) Another issue is the safe surfing on outside internet connection. Is it the case that VPN allows me to do a safe surfing by connecting to my VPN network at home and using it to browse the net?
  5. F157

    F157 LI Guru Member

    imho you do not need to set up vpn.
    after setting up vpn, you still have to use a remote controlling software.

    If you already planned to use e.g. rdp you could go without vpn.

    /e: I'm controlling my home pc via rdp from work/vacation/etc. since a few years, if you have questions on how to do that, you're welcome to ask me :)
    /e²: question after reading your post again: what remote software are you using for controlling your pc in your lan? this is important to know, when you want an answer to "is vpn more secure?"
  6. bigclaw

    bigclaw Network Guru Member

    NM. Responded to wrong thread.
  7. Kiwi8

    Kiwi8 LI Guru Member

    I use Remote Administrator. I dun like RDP because it seems to log out the remote terminal when I log out of the RDP session.
  8. Kiwi8

    Kiwi8 LI Guru Member

    U can always delete the post! :)
  9. F157

    F157 LI Guru Member

    It does not log out any existing session. When I start a program from work and close the session, at home the desktop is locked, but not logged out. After typing in my password I am able to continue from where I left at work, all the windows are there etc. This also works vice versa (home -> work).

    An important thing is to use the /console (or with Vista SP1 /admin) switch. This allows you to have the same Session as you would have right in front of your pc. Without this switch, depending on OS and configuration, the terminal logon could start a new session and you do not see the windows which sould already be open.

    I connect with the following shortcut to my pc:
    %windir%\system32\mstsc.exe /v:username.dyndns.com:port /console /w:1152 /h:864

    It works very well, and no other remote controlling software I tried (e.g. VNC solutions) worked as smooth as RDP does.
  10. Kiwi8

    Kiwi8 LI Guru Member

    That's precisely the thing. I do not want the desktop to be locked out when the session is over.
  11. F157

    F157 LI Guru Member

    This is a security feature. No one should be able to have access to your PC when you're at work and remotely connecd. However, with the command "tscon.exe 0 /dest:console" executed on the remote machine, the host machine should get unlocked. Haven't tried this yet. (See: http://support.microsoft.com/kb/302801)
  12. powersquad

    powersquad Addicted to LI Member

    Also from NZ. I use Windows RDP on port 110. Works like a charm. It's a great security feature to use a port other than 3389 to prevent bot attacks. Also if you work in a office which is behind a proxy like me and every port is blocked except for port 80 and port 110 for e-mails then RDP will also work for you. VPN has slightly better encryption than RDP but if you change the default port on RDP, you increase your security by miles....
  13. Kiwi8

    Kiwi8 LI Guru Member

    No such thing that I want, even though it may be a security feature. Moreover, that remote PC that I'm talking about is a HTPC in the living room that I occasionally connect in from another PC in the bedroom to set up the P2P to watch some live sports. Hence I would not want the HTPC to be locked out.

Share This Page