cancel
Showing results for 
Search instead for 
Did you mean: 

incoming vpn

scargill
Grafter
Posts: 41
Registered: 25-06-2015

incoming vpn

I'm now set up with the new Plusnet Plus One router for fibre and have high speed broadband all working.
So here's my problem - one reason for getting high speed UPLOAD ability - is to access my media when I am not at home. As this has to be secure the obvious way is to use a VPN - so that from an external location you would VPN into the house.
The problem is that the very lacklustre Plusnet Plus One router has no ability to do this at all. I have routers such as a Draytek and TP-LInk both of which will allow creation of VPNs.. but they won't talk to the fibre.
So - I'm trying to get my head around this.. how would you set up port forwarding on the - such that a second, internal router could provide the VPN capability? The kind of VPN I'm talking about is the kind you can set up by default on most Android and other tablets...
So for example  If I were to port forward TCP Port 1723 for link setup, and IPSec/ESP  Port 500 to an internal router that had VPN ability- would that work?  I read something about protocols and I think I saw something like GRE whereas the Plus one offers TCP or UDP only - I'm not sure even if that is relevant...
9 REPLIES
pwatson
Rising Star
Posts: 2,468
Thanks: 8
Fixes: 1
Registered: 26-11-2012

Re: incoming vpn

By far the simplest way of achieving this would be to buy a BT Openreach modem from eBay and use one of your existing routers. Alternatively you could use a Raspberry Pi as a VPN server or you may already have another device that can do this (NAS perhaps, or the machine holding the media you need to access?)
Using two routers is possible but you'll be going through two port address translation processes and may run into issues with double port forwards etc.
scargill
Grafter
Posts: 41
Registered: 25-06-2015

Re: incoming vpn

Quote from: pwatson
By far the simplest way of achieving this would be to buy a BT Openreach modem from eBay and use one of your existing routers. Alternatively you could use a Raspberry Pi as a VPN server or you may already have another device that can do this (NAS perhaps, or the machine holding the media you need to access?)
Using two routers is possible but you'll be going through two port address translation processes and may run into issues with double port forwards etc.

Hi
enlighten me please... BT Openreach - why?  And (this is likely a REALLY stupid question) as the PlusONE has a DMZ option - is there a reason I can't just point the DMZ to my draytek - and use the Draytek to do everything like address allocation, VPN etc...  on the surface that SEEMs like a practical solution or am I bypassing a load of security doing that?
Pete
Andrue
Aspiring Pro
Posts: 775
Thanks: 88
Fixes: 1
Registered: 12-01-2015

Re: incoming vpn

Are you sure you can't do it the other way around, access a VPN hosted at your office? I wouldn't be happy having a VPN endpoint running on domestic equipment. That's one more door you're presenting to the internet and it has a bright ring of flashing lights around it and a message saying 'This is where I keep the crown jewels'. I think it'd be far better to leave VPN hosting to business grade equipment.
scargill
Grafter
Posts: 41
Registered: 25-06-2015

Re: incoming vpn

My office is at home!
I'm hoping to try a more expensive Draytek 2830 tomorrow.. the think is the VDSL connection on that modem is an RJ45 whereas what we have coming in from Plusnet is the smaller version you'd normally use for ADSL....

Quote from: Andrue
Are you sure you can't do it the other way around, access a VPN hosted at your office? I wouldn't be happy having a VPN endpoint running on domestic equipment. That's one more door you're presenting to the internet and it has a bright ring of flashing lights around it and a message saying 'This is where I keep the crown jewels'. I think it'd be far better to leave VPN hosting to business grade equipment.
Community Veteran
Posts: 5,079
Thanks: 1,200
Fixes: 30
Registered: 16-10-2014

Re: incoming vpn

This may be of interest to you then:
https://www.draytek.co.uk/archive/vpn_setup.html
scargill
Grafter
Posts: 41
Registered: 25-06-2015

Re: incoming vpn

Thanks for that - but I know how to do that - my problem is that the Plusnet does not do VPNs and so I need something that does - I don't have Vigor 2200s... my 2800 apparently is no good for Plusnet VDSL and I have a 2830 coming on loan but I don't know if that supports Plusnet on the little adsl connector.
Really - Plusnet should be able to answer all of this - after all that's what they do for a living - but it seems not.

Quote from: Mook
This may be of interest to you then:
https://www.draytek.co.uk/archive/vpn_setup.html

dannyboy75
Rising Star
Posts: 90
Thanks: 16
Registered: 06-08-2015

Re: incoming vpn

Quote from: scargill
So - I'm trying to get my head around this.. how would you set up port forwarding on the - such that a second, internal router could provide the VPN capability? The kind of VPN I'm talking about is the kind you can set up by default on most Android and other tablets...
So for example  If I were to port forward TCP Port 1723 for link setup, and IPSec/ESP  Port 500 to an internal router that had VPN ability- would that work?  I read something about protocols and I think I saw something like GRE whereas the Plus one offers TCP or UDP only - I'm not sure even if that is relevant...

Never tried it on tablets, but you can configure a Windows PC to accept incoming PPTP VPN connections. In this case, as you say, you'd need to forward port 1723.
If you still can't connect into the VPN server on your LAN then you may also need to enable VPN passthrough on the Plusnet router. Whether it allows this or has an explicit option for it, I'm not sure though, as I've never really used any of the HomeHubs or their variants. Until I got Fibre I always stuck with DD-WRT routers, and now use an Asus RT-N66U with OpenReach ECI modem.
scargill
Grafter
Posts: 41
Registered: 25-06-2015

Re: incoming vpn

Quote from: dannyboy75
Quote from: scargill
So - I'm trying to get my head around this.. how would you set up port forwarding on the - such that a second, internal router could provide the VPN capability? The kind of VPN I'm talking about is the kind you can set up by default on most Android and other tablets...
So for example  If I were to port forward TCP Port 1723 for link setup, and IPSec/ESP  Port 500 to an internal router that had VPN ability- would that work?  I read something about protocols and I think I saw something like GRE whereas the Plus one offers TCP or UDP only - I'm not sure even if that is relevant...

Never tried it on tablets, but you can configure a Windows PC to accept incoming PPTP VPN connections. In this case, as you say, you'd need to forward port 1723.
If you still can't connect into the VPN server on your LAN then you may also need to enable VPN passthrough on the Plusnet router. Whether it allows this or has an explicit option for it, I'm not sure though, as I've never really used any of the HomeHubs or their variants. Until I got Fibre I always stuck with DD-WRT routers, and now use an Asus RT-N66U with OpenReach ECI modem.

Problem solved - another member pointed out that for non-Plusnet modems you need a password - same as your account password - that in the TP-Link is working a TREAT.
dannyboy75
Rising Star
Posts: 90
Thanks: 16
Registered: 06-08-2015

Re: incoming vpn

Tidy  Smiley