User Tag List

Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34

Thread: OpenVPN tunnel

  1. #11
    Site Sponsor
    Join Date
    Jun 2021
    Location
    Minnesota
    Posts
    1,559
    Mentioned
    25 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MoonShadow_1911 View Post
    To an extent. I liked it too this: out in public, you wear clothes because you don't want everyone to see you nekkid. This is WITH a VPN. Without a VPN, you are the emperor in the story book tail The Emperor's Clothes. A threat actor sees everything.

    As for your free VPN, it will depend on the endpoint of the VPN. It might have been in a different country, or is a known avenue for threat actors, based on the endpoint's IP address or address range.

    I can setup a WireGuard VPN server in a cloud space in the US and have no problems accessing my bank and other financially sensitive institutions.

    If I use a commercial VPN service, I do get more blocks.

    As to the Captchas that you see more of, is because of the IP address of the endpoint.

    Internet public IP address are "leased" from the ICANN, so, for instance, mygrandrv.com IP address is 172.67.216.158. If it was a VPN, all traffic coming through would be from that IP address. Let's say mygrandrv.com is a VPN provider, they might have a range of public IP adresses, let's say 172.67.216.*. The * indicates 1-254. So there are 254 IP addresses that they lease. And the endpoint could be any of them.

    It then becomes easy for websites to then block traffic from that IP address range, or enforce a stronger level of authentication on requests coming from the IP range.

    So, something like Xfinity, will have a range of 107.*.*.* (among others). So hundreds of thousands of IP addresses. Plus, because they are registered with ICANN, websites have a higher degree of certainty that the traffic coming from one of the IP addresses are an individual, not a VPN.

    Hope this makes sense, at a high level.
    Yes, makes sense in general. Just read up a bit on WireGuard too, so thanks for sharing. I had thought about trying a subscription to NordVPN or other to see how it works in comparison to the free version I had tried. May well do that. I love banking and other financial stuff online but have been concerned about security. I know the sites are encrypted but still would prefer additional layers because everything we have these days is online.
    Chad
    2023 23LDE 965W Solar, Victron Multiplus, Solar Controllers, Cerbo GX, 4x280AH DIY Lithium Batteries, SeeLevel Tank Monitoring, Shock Absorbers (Replaced 2022 22MLE)
    2022 F350 6.7L Superduty, Carbonized Gray, Ultimate Lariat Pkg, 4WD, Crew Cab, 160" Wheelbase, 3.55EL Rear End, 3566# Payload
    Adaptive Steering, Ultimate Camera Pkg, 20" Wheels, 397 Amp Dual Alternator, ARE Topper (Replaced 2004 F150)

  2. #12
    Seasoned Camper
    Join Date
    Apr 2021
    Location
    Minneapolis Area
    Posts
    184
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MoonShadow_1911 View Post
    To an extent. I liked it too this: out in public, you wear clothes because you don't want everyone to see you nekkid. This is WITH a VPN. Without a VPN, you are the emperor in the story book tail The Emperor's Clothes. A threat actor sees everything.

    As for your free VPN, it will depend on the endpoint of the VPN. It might have been in a different country, or is a known avenue for threat actors, based on the endpoint's IP address or address range.

    I can setup a WireGuard VPN server in a cloud space in the US and have no problems accessing my bank and other financially sensitive institutions.

    If I use a commercial VPN service, I do get more blocks.

    As to the Captchas that you see more of, is because of the IP address of the endpoint.

    Internet public IP address are "leased" from the ICANN, so, for instance, mygrandrv.com IP address is 172.67.216.158. If it was a VPN, all traffic coming through would be from that IP address. Let's say mygrandrv.com is a VPN provider, they might have a range of public IP adresses, let's say 172.67.216.*. The * indicates 1-254. So there are 254 IP addresses that they lease. And the endpoint could be any of them.

    It then becomes easy for websites to then block traffic from that IP address range, or enforce a stronger level of authentication on requests coming from the IP range.

    So, something like Xfinity, will have a range of 107.*.*.* (among others). So hundreds of thousands of IP addresses. Plus, because they are registered with ICANN, websites have a higher degree of certainty that the traffic coming from one of the IP addresses are an individual, not a VPN.

    Hope this makes sense, at a high level.


    MoonShadow_1911 - Excellent description....thanks. As you mentioned the location of the endpoint is important. Some of the VPN providers have multiple server endpoints and others not so much. Its all give and take with this stuff, and I believe that each person needs to decide how much and how far they want to go. VPN's basically provide two services: They encrypt your data between two points and hide the IP address where you're located. That said, you also need to trust your VPN provider - especially free ones. It wouldn't be the first time a malware provider set up a free VPN service. I personally don't have a VPN yet as I'm still researching. For now I'm avoiding public WIFI as much as possible and using my phones LTE. I know that its still vulnerable, but it does skirt around some of the more obvious risks. This whole VPN thing can get complicated real quick. For those wanting read more this might be a good starting point.

    https://www.zdnet.com/article/what-i...-does-it-work/
    2019 Solitude S-Class 2930RL
    2021 RAM 3500 SRW CC Short Box HO Cummins Rear Air Suspension

  3. #13
    Big Traveler dryfly's Avatar
    Join Date
    Oct 2018
    Location
    Texas
    Posts
    1,220
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Riverbug View Post
    But aren't you doing the same thing with VPN since everything is routed through a server wherever that might be located? I also tried VPN (just a free version for testing it out) and found that if I tried to access my bank account for example, it wouldn't let me. Shut off VPN and it was fine. Also found it annoying that I would get those "are you a person" quizzes much more often when I had VPN turned on. Maybe it's because I was trying out the free version, not sure, but it was a pain. In addition, it often seemed slower but my guess is that was due to the free account and saturation of the server which mostly showed 90%+ usage.
    To add to what Moonshadow said, there are different types of VPN's. The more common ones being the one you are probably thinking about, one that simply masks your IP address so your internet traffic cannot be traced to your WAN IP address.

    With my router as an OpenVPN server I am creating a tunnel to my home router, meaning when I'm at a remote location all traffic is both encrypted and appears to be coming through my home WAN IP address, not the WIFI or network I am connected to.
    2020 Reflection 273MK

  4. #14
    Site Team Soundsailor's Avatar
    Join Date
    Aug 2021
    Location
    New Hampshire
    Posts
    3,213
    Mentioned
    51 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dryfly View Post
    With my router as an OpenVPN server I am creating a tunnel to my home router, meaning when I'm at a remote location all traffic is both encrypted and appears to be coming through my home WAN IP address, not the WIFI or network I am connected to.
    Yep, this approach takes a bit more work as one must set up the VPN server. But it does have many advantages such as allowing secure access to one's home network.
    Stephen and Judy
    2022 Reflection 150 Series 260RD (Stella)
    2017 Chevy Silverado 2500 HD (Blue)
    Traded - 2018 Forest River Rockwood Minilite 2104S

  5. #15
    Big Traveler dryfly's Avatar
    Join Date
    Oct 2018
    Location
    Texas
    Posts
    1,220
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Soundsailor View Post
    Yep, this approach takes a bit more work as one must set up the VPN server. But it does have many advantages such as allowing secure access to one's home network.
    Yes, it does, and the even the simplest approach that I found required using a router that had built in OpenVPN capabilities. The Asus router fit the bill for me. It was kind of steep learning curve, but once I got the hang of it it's really pretty simple.

    The reason I initially got into it was remote access of my home IP camera system. 99% of folks use port forwarding for this. Opening ports to your router is dangerous. I'm not so concerned about someone looking at my cameras, but about getting into them and using them as bots, spewing span everywhere.

    Several times I've been in campgrounds and needed to make future reservations, and only having access to the public WIFI. It just don't like the small iPhone screen for internet use. It finally dawned on me to use the OpenVPN connection to be able to put on credit card info, etc, and still be secure.
    2020 Reflection 273MK

  6. #16
    Site Sponsor
    Join Date
    Jun 2021
    Location
    Minnesota
    Posts
    1,559
    Mentioned
    25 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dryfly View Post
    Yes, it does, and the even the simplest approach that I found required using a router that had built in OpenVPN capabilities. The Asus router fit the bill for me. It was kind of steep learning curve, but once I got the hang of it it's really pretty simple.

    The reason I initially got into it was remote access of my home IP camera system. 99% of folks use port forwarding for this. Opening ports to your router is dangerous. I'm not so concerned about someone looking at my cameras, but about getting into them and using them as bots, spewing span everywhere.

    Several times I've been in campgrounds and needed to make future reservations, and only having access to the public WIFI. It just don't like the small iPhone screen for internet use. It finally dawned on me to use the OpenVPN connection to be able to put on credit card info, etc, and still be secure.
    Thanks for all of this information. I have a Netgear Nighhawk and it appears I may be able to setup OpenVPN on it. Will have to start researching that. I would also like to see our cameras when not at home. I never did port forwarding because I didn't like the security aspect of it so I've never been able to see them when we are traveling.
    Chad
    2023 23LDE 965W Solar, Victron Multiplus, Solar Controllers, Cerbo GX, 4x280AH DIY Lithium Batteries, SeeLevel Tank Monitoring, Shock Absorbers (Replaced 2022 22MLE)
    2022 F350 6.7L Superduty, Carbonized Gray, Ultimate Lariat Pkg, 4WD, Crew Cab, 160" Wheelbase, 3.55EL Rear End, 3566# Payload
    Adaptive Steering, Ultimate Camera Pkg, 20" Wheels, 397 Amp Dual Alternator, ARE Topper (Replaced 2004 F150)

  7. #17
    Site Sponsor leselmore's Avatar
    Join Date
    Feb 2022
    Location
    Vail AZ
    Posts
    26
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I was using a Netgear Nighthawk R8000 router for years when I first started using a home VPN. I accessed it with OpenVPN clients on my Android devices and Windows laptop. It allowed access to banking and other sites in the US when we vacationed outside the US. Also, it allowed access to our home network and allowed me to monitor/change thermostats, irrigation system settings, access Netflix programming in the US., and a local NAS network storage device. To access movies or content not yet released in the US and only available in other countries, a commercial VPN service can be used. I do have Surfshark's VPN service. With Surshark, I do sometimes while surfing the web get the pain-in-the-********** requests to verify that I am a human and do have issues even connecting to some websites. For that reason, I rely mostly on my home VPN service. However, I did install Surfshark on a Firestick so we can watch US content on Netflix when in another country by connecting to one of the many Surshark servers in various cities around the US. I could not figure out how to install an OpenVPN client on the Firestick, so that I could connect to my home VPN server.

    In 2021, I upgraded our home router to a Netgear Orbi RBK853 WiFi 6 mesh system. If I had waited a few more months a WiFi 6E router would have been available. It's a pretty simple checkmark in the router to turn the VPN service on. It will work with OpenVPN clients.

    One issue I faced in the past with running a home VPN was an occassional change in our home IP address which is controlled by our service provider. It would change sometimes when we were overseas and was inconvient to find out the new ip address so I could update the OpenVPN clients configuration files. I solved that issue by subscribing to NO-IP's DDNS (Dynamic Domain Name Service). The Orbi router will update NO-IP with it's new IP Address whenever it changes. It can be configured in the Orbi's VPN setup page to use a DDNS with NO-IP. NO-IP provided me with my own Domain Name which points to my home router's IP Address. The communication between the home router and NO-IP keeps my NO-IP domain name pointed to my new home IP Address within a minute or two of it changing. This way my domain name is configured within the my devices' OpenVPN client configuration files and is always up-to-date.
    Les & Nel
    2019 Reflection 315 RLTS w/Dual Pane Windows; 2nd AC
    -- 7K Axles; 3500 lb Springs; MORRyde SRE-4000; Roadmaster Comfort Ride Shocks
    -- 400 Ah BB Lithium; 1590 watts solar; MultiPlus-II Inverter; Renogy 40A DC DC Charger

    2016 RAM 2500 CC SB 4x4 Diesel
    -- Blue Ox SwayPro 20k/2k hitch; Timbren Rear Bump Stops


  8. #18
    Site Team Soundsailor's Avatar
    Join Date
    Aug 2021
    Location
    New Hampshire
    Posts
    3,213
    Mentioned
    51 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by leselmore View Post
    I was using a Netgear Nighthawk R8000 router for years when I first started using a home VPN. I accessed it with OpenVPN clients on my Android devices and Windows laptop. It allowed access to banking and other sites in the US when we vacationed outside the US. Also, it allowed access to our home network and allowed me to monitor/change thermostats, irrigation system settings, access Netflix programming in the US., and a local NAS network storage device. To access movies or content not yet released in the US and only available in other countries, a commercial VPN service can be used. I do have Surfshark's VPN service. With Surshark, I do sometimes while surfing the web get the pain-in-the-********** requests to verify that I am a human and do have issues even connecting to some websites. For that reason, I rely mostly on my home VPN service. However, I did install Surfshark on a Firestick so we can watch US content on Netflix when in another country by connecting to one of the many Surshark servers in various cities around the US. I could not figure out how to install an OpenVPN client on the Firestick, so that I could connect to my home VPN server.

    In 2021, I upgraded our home router to a Netgear Orbi RBK853 WiFi 6 mesh system. If I had waited a few more months a WiFi 6E router would have been available. It's a pretty simple checkmark in the router to turn the VPN service on. It will work with OpenVPN clients.

    One issue I faced in the past with running a home VPN was an occassional change in our home IP address which is controlled by our service provider. It would change sometimes when we were overseas and was inconvient to find out the new ip address so I could update the OpenVPN clients configuration files. I solved that issue by subscribing to NO-IP's DDNS (Dynamic Domain Name Service). The Orbi router will update NO-IP with it's new IP Address whenever it changes. It can be configured in the Orbi's VPN setup page to use a DDNS with NO-IP. NO-IP provided me with my own Domain Name which points to my home router's IP Address. The communication between the home router and NO-IP keeps my NO-IP domain name pointed to my new home IP Address within a minute or two of it changing. This way my domain name is configured within the my devices' OpenVPN client configuration files and is always up-to-date.
    Great post, very thorough. The system you describe should be helpful to a lot of "road warriors'.
    Stephen and Judy
    2022 Reflection 150 Series 260RD (Stella)
    2017 Chevy Silverado 2500 HD (Blue)
    Traded - 2018 Forest River Rockwood Minilite 2104S

  9. #19
    Big Traveler dryfly's Avatar
    Join Date
    Oct 2018
    Location
    Texas
    Posts
    1,220
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by leselmore View Post
    I was using a Netgear Nighthawk R8000 router for years when I first started using a home VPN. I accessed it with OpenVPN clients on my Android devices and Windows laptop. It allowed access to banking and other sites in the US when we vacationed outside the US. Also, it allowed access to our home network and allowed me to monitor/change thermostats, irrigation system settings, access Netflix programming in the US., and a local NAS network storage device. To access movies or content not yet released in the US and only available in other countries, a commercial VPN service can be used. I do have Surfshark's VPN service. With Surshark, I do sometimes while surfing the web get the pain-in-the-********** requests to verify that I am a human and do have issues even connecting to some websites. For that reason, I rely mostly on my home VPN service. However, I did install Surfshark on a Firestick so we can watch US content on Netflix when in another country by connecting to one of the many Surshark servers in various cities around the US. I could not figure out how to install an OpenVPN client on the Firestick, so that I could connect to my home VPN server.

    In 2021, I upgraded our home router to a Netgear Orbi RBK853 WiFi 6 mesh system. If I had waited a few more months a WiFi 6E router would have been available. It's a pretty simple checkmark in the router to turn the VPN service on. It will work with OpenVPN clients.

    One issue I faced in the past with running a home VPN was an occassional change in our home IP address which is controlled by our service provider. It would change sometimes when we were overseas and was inconvient to find out the new ip address so I could update the OpenVPN clients configuration files. I solved that issue by subscribing to NO-IP's DDNS (Dynamic Domain Name Service). The Orbi router will update NO-IP with it's new IP Address whenever it changes. It can be configured in the Orbi's VPN setup page to use a DDNS with NO-IP. NO-IP provided me with my own Domain Name which points to my home router's IP Address. The communication between the home router and NO-IP keeps my NO-IP domain name pointed to my new home IP Address within a minute or two of it changing. This way my domain name is configured within the my devices' OpenVPN client configuration files and is always up-to-date.
    Good info and gives me security that my VPN will provide the security I'm looking for when on a public network. Asus provides a free DDNS service that functions like NO-IP. Not having a static IP address was one of my concerns when considering setting up a VPN. I have used Netgear products before and they are top notch. It's interesting to learn the router, apparently running as a non-OpenVPN server, can be accessed with OpenVPN clients.
    Last edited by dryfly; 03-23-2023 at 09:29 AM.
    2020 Reflection 273MK

  10. #20
    Fireside Member
    Join Date
    Jul 2020
    Location
    Marrero, La
    Posts
    86
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Here is a link to a new product that gl-inet is coming out with just for the RVs. https://mailchi.mp/gl-inet.com/share...6?e=9f3c3a5636
    I'm using a Slate router and VPN now and works pretty. I'm no expert and use my son in law to help me.
    Dana & Janet H.
    New Orleans, La.
    Imagine 2450RL (MY2020)
    2018 GMC 1500 Sierra, SLT Z71 4X4

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

DISCLAIMER:This website is not affiliated with or endorsed by Grand Design RV, LLC or any of its affiliates. This is an independent site.