cancel
Showing results for 
Search instead for 
Did you mean: 

Which VPN?

IMM
Rising Star
Posts: 54
Thanks: 12
Registered: ‎11-12-2023

Which VPN?

I have a TP-ER605 router which can act as a VPN server.

I'm considering setting it up so that I can access my home network when away.

It offers several options...

IPsec VPN

SSL VPN

Open VPN

WireGuard VPN

So, my questions are, what are the pros and cons of each type and which should I choose?

If it makes a difference, I expect to access using Wi-fi in cafes or hotels some of which require a password to access and some of which don't (also wi-fi hotspot from my phone.)

Thanks

Ian

 

14 REPLIES 14
Protech
Aspiring Pro
Posts: 195
Thanks: 73
Fixes: 5
Registered: ‎26-09-2017

Re: Which VPN?

Suggest you have a look at this VPN protocol comparison
https://nordvpn.com/blog/protocols/
Ignore the nordvpn bias towards its own products and its a valid evaluation.
What's best for you depends on your use case.
HTH
You can check out but you can never leave ( easily)
catshill1
Rising Star
Posts: 73
Thanks: 20
Fixes: 1
Registered: ‎03-08-2007

Re: Which VPN?

I can recommend Wireguard. I’ve been running it for a number of years and it’s fast and very stable. As my router isn’t vpn capable, I run it on a Raspberry Pi.

zpeterk
Grafter
Posts: 446
Thanks: 9
Registered: ‎14-04-2007

Re: Which VPN?

I have a TP Link er7206 and use OpenVPN it works fine

IMM
Rising Star
Posts: 54
Thanks: 12
Registered: ‎11-12-2023

Re: Which VPN?

Thank you all for posting your thoughts and suggestions. It looks as though I've got some more reading to do!

From the limited amount I've done so far, I was tending towards OpenVPN or WireGuard. Though I'm beginning to think that I may need more than one system on the server to accommodate different clients (ie windows laptop and Android.)

@zpeterk do you use the TP-Link Omada VPN client or something else?

Thanks

Ian

Dan_the_Van
Aspiring Hero
Posts: 2,962
Thanks: 1,424
Fixes: 88
Registered: ‎25-06-2007

Re: Which VPN?

For OpenVPN and Wireguard there are downloadable apps for most systems, including Windows, Android and apple devices.
I have a single instance of Wireguard running on raspberry pi system
IMM
Rising Star
Posts: 54
Thanks: 12
Registered: ‎11-12-2023

Re: Which VPN?

@Dan_the_Van Thanks for that.

I've tried setting up wireguard on the TP-Link ER605 and using the TP-Link Omada VPN client on my windows laptop - without much success.

I think I've got the "server" set up OK on the ER605 (but possibly not)

On the laptop I think I've got the "server" details correct my plusnet Wan IP and the port they recommend. However I'm slightly confused as to what I should be putting in the IP address/subnet - I've assumed an unused IP in my home network.

Then back to the ER605 to add the peer and am unsure what the Allowed Address should be (I've used 0.0.0.0/0)

When I try to connect, the laptop (via a mobile hotspot) says it is connected but I can not access any of my network or external websites. At that point my home network loses connectivity to the internet.

So, I'm obviously doing something wrong but not sure what.

I'm starting to wonder whether I'm pushing the boundary of my knowledge too far and would be better off just accepting that when away I'm away!

Ian

zpeterk
Grafter
Posts: 446
Thanks: 9
Registered: ‎14-04-2007

Re: Which VPN?

@IMM  I use the TP Link OpenVPN server. For the IP address range I put 192.168.0.0/24

catshill1
Rising Star
Posts: 73
Thanks: 20
Fixes: 1
Registered: ‎03-08-2007

Re: Which VPN?

I'm starting to wonder whether I'm pushing the boundary of my knowledge too far and would be better off just accepting that when away I'm away!

Settting up and configuring a vpn server certainly takes some effort but by using a step by step guide and the odd video I was able to get it working and once set up I forget in. Having a static ip makes life a lot easier as you don’t need to use a ddns service. My previous isp did not offer static IPs so I used a script that read the cPanel setting on my website and that keeps my external ip address updated for wireguard.

Dan_the_Van
Aspiring Hero
Posts: 2,962
Thanks: 1,424
Fixes: 88
Registered: ‎25-06-2007

Re: Which VPN?

@IMM 

There are a couple of help pages on the TP-Link support site Wireguard VPN  and OpenVPN 

When testing any VPN server I would suggest not testing on your local LAN but from the internet, I use a mobile data hotspot which will connect via your public IP Address

HTH.

 

IMM
Rising Star
Posts: 54
Thanks: 12
Registered: ‎11-12-2023

Re: Which VPN?

@Dan_the_Van I did look on the TP-Link site - but didn't find that guide which is much more straight forward than the ones I did find. Thank you.

So, I can now connect as follows Laptop > Mobile phone hotspot > mobile data > ER605 Wan port using wireguard.

I can then browse the internet as if from my Plusnet WAN IP address. "what's my IP" reports my Plusnet Wan IP.

This looks good and is one of the objectives of trying to set up a VPN.

 

I can also ping the ER605 from the laptop using the LAN IP address and get replies. I can also log into the router which is only possible from the LAN - not the WAN.

What I don't seem to be able to do is connect to my file server on my Lan. (or indeed ping any of the other hosts on the LAN.)

I suspect that I may need to change some other settings, either on the ER605 or maybe the windows hosts, I'd appreciate any thoughts or suggestions. (I did look at the TP-Link What to do if you cannot access the remote network through Client-to-LAN/Site VPN tunnel but it only seems to apply to PPTP VPN or L2TP VPN.)

Thanks

Ian

Dan_the_Van
Aspiring Hero
Posts: 2,962
Thanks: 1,424
Fixes: 88
Registered: ‎25-06-2007

Re: Which VPN?

@IMM 

Some progress.

Using my VPN server which is a device on my LAN, I am able to ping all devices and provided I use the network share IP Address I can view folders and files.

what IP addresses did you set the wireguard to use, Interface and Peer?

 

IMM
Rising Star
Posts: 54
Thanks: 12
Registered: ‎11-12-2023

Re: Which VPN?

@Dan_the_Van "what IP addresses did you set the wireguard to use, Interface and Peer?"

For not very good historical reasons (it seemed like a good idea at the time!) My home network is 192.168.200.X with a subnet of 255.255.255.0.

The router has an address of 192.168.200.10 I then have a few fixed IPs and a DHCP range.

On the router the interface is 192.168.200.15

The peer Allowed address is 10.0.0.0/24

 

On the Laptop (Omada VPN client)

The peer is 212.155.XXX.XXX (my Plusnet WAN) with a port of 51820

The interface is 10.0.0.1/24

"Enable full VPN traffic" is set to on ( which I think is the same as setting the allowed address to 0.0.0.0/0)

(though both the Router and Omada VPN use slightly different terminology, which is somewhat confusing)

 

Using these settings I get the abilities I described above. I tried changing the router "peer allowed address" to within my home network 192.168.200.0/24 and the Laptop interface to 192.168.200.19 to see if that made any difference but then I could not even ping the router lan address.

I've now changed back to the 10.0.0.1 address.

I tried turning off the Firewall on a target PC on my LAN and I could then ping it but not access it. (Firewall now turned back on)

Thanks for spending your time on this.

Ian

PS If it would help, I could try to do some screen shots of the setup.

Dan_the_Van
Aspiring Hero
Posts: 2,962
Thanks: 1,424
Fixes: 88
Registered: ‎25-06-2007

Re: Which VPN?

@IMM 

Have you tried using WireGuard client to see if you get the same issues? Download from here https://www.wireguard.com/install/ 

A config would look something like this

 

[Interface]
PrivateKey = my privatkey=
Address = 10.89.154.5/24
DNS = 10.89.154.1

[Peer]
PublicKey = my publickey=
PresharedKey = my presharedkey=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 80.229.xxx.xxx:51820

 

For the Wireguard server it creates a config which can be exported/imported to the client app

Some redacted images of your server and client setup might be helpful

IMM
Rising Star
Posts: 54
Thanks: 12
Registered: ‎11-12-2023

Re: Which VPN?

@Dan_the_Van Once again, thanks for your help.

I think I've come to the following conclusions (which may or may not be correct!)

For WireGuard to work, each end of the tunnel needs to be in a separate subnet.

By default, windows will not respond to ping / tracert requests that are not initiated from the same subnet. Similarly, when windows computers are on different subnets, the computer discovery / file sharing does not work.

When I was employed, I had a laptop with a VPN installed. When at home, I could connect to my home Broadband, start the VPN and once established the Laptop would work exactly as it did when I was in the office and connected to the LAN with an ethernet cable (other than being a bit slower due to my broadband.) So, this was the standard I was hoping for.

Using WireGuard, (with a different subnet at each end), the situation is now as follows:

The connection is successfully established.

I can ping the LAN side of the router (and log in if I wish.)

Other windows hosts on the LAN do not respond.

If I open windows explorer my mapped drive on my home server is unreachable.

If I open a web browser and type in file:\\servername\share it is unreachable.

If I open a web browser and type in file:192.168.200.35/share it displays the directory listing and I can explore the subdirectories.

If I try to map the share using IPaddress/share it does not work.

However If I use the option to "Connect to a website that you can use to store your documents and pictures" and set that up using the IP address of my home server, that is successful and I can see the drive in windows explorer in the usual way.

 

Whilst not the "gold standard" VPN I had whilst employed, I think I have now achieved my objectives.

I can browse the web from my laptop or phone whilst apparently still being at home.

I can access the files on my home server, use, modify, and save them. (though I have a slight concern that some linked files may not work as I am not using the same mapped drive letter or servername for them but I will cross that bridge when I get to it.)

Ian