Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Router with OpenVPN?

  • 10-11-2017 4:21pm
    #1
    Registered Users, Registered Users 2 Posts: 16,069 ✭✭✭✭


    I have eir Fibre at home with F2000 router.
    I have few PCs plugged in (through external gigabit switch) as well as Synology NAS, Linksys VOIP gateway, TV, and few phones and tablets through Wifi.

    I have a TV tuner which needs to be connected to internet in certain country (not Ireland) and I have OpenVPN server in that country (set up on Raspberry Pi).
    At home here though currently for purpose of OpenVPN client I use old Pentium3 PC with Slackware Linux and 2 network cards. One network card connects PC to my local network, while other is separate network under NAT to which my TV tuner is plugged in, and all traffic from that network is directed through OpenVPN client.
    It works, but is not ideal, as this PC needs to be turned on everytime TV tuner needs to have access to the internet, and then someone needs to remember to switch it off when not needed.

    I was thinking then, of buying new router, which would work as main router being bridged to eircom's F2000 modem, and have an option of setting up OpenVPN connection and making this accessible to one of ethernet devices - so I could plug in TV tuner directly.

    I was adviced by someone to get this one (Mikrotik-RB951G-2HND):
    https://www.amazon.com/Mikrotik-RB951G-2HND-5-Port-Gigabit-Wireless/dp/B00EQWUZM6

    Will this router fulfil my requirements?
    I'm pretty sure it should have an option to set up OpenVPN connection and make it accessible for one of ethernet devices.
    Beside that it seems to tick most boxes, except from lack of 802.11AC wifi, but I could probably live without that for another while.

    Anyone could recommend something better?


Comments

  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    There's a box that will do this. Feck, what is it called. Its been mentioned on one of 636 Security Now podcasts....


    There's a Pi like solution anyways:
    http://www.banana-pi.com/eacp_view.asp?id=64

    Or this will probably do it too (confirm yourself)
    https://www.amazon.com/Ubiquiti-EdgeMax-EdgeRouter-ERLite-3-Ethernet/dp/B00CPRVF5K


  • Closed Accounts Posts: 4,456 ✭✭✭The high horse brigade


    This is the dual band 802.11ac Mikrotik
    https://www.ip-sa.com.pl/mikrotik/RB962UiGS-5HacT2HnT


  • Registered Users, Registered Users 2 Posts: 14,048 ✭✭✭✭Johnboy1951


    ED E wrote: »
    There's a box that will do this. Feck, what is it called. Its been mentioned on one of 636 Security Now podcasts....

    minnowboard?

    There's a Pi like solution anyways:
    http://www.banana-pi.com/eacp_view.asp?id=64

    Or this will probably do it too (confirm yourself)
    https://www.amazon.com/Ubiquiti-EdgeMax-EdgeRouter-ERLite-3-Ethernet/dp/B00CPRVF5K


  • Registered Users, Registered Users 2 Posts: 29 theBOFH


    ED E wrote: »
    There's a box that will do this. Feck, what is it called. Its been mentioned on one of 636 Security Now podcasts....

    Think it was the “tinyhardwarefirewall”


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    theBOFH wrote: »
    Think it was the “tinyhardwarefirewall”

    Might have been it.


  • Advertisement
  • Posts: 0 [Deleted User]


    I have something similar, though use mikrotiks as IPSec clients and then mark the packets and route them to certain devices on my network.

    I have never used Openvpn on the mikrotik, though when researching I believe you will need to ensure that the OpenVPN server is set to 'proto tcp' and must not need tls-auth. Neither udp nor tls are supported.

    You could choose an IPSec Site to Site, Raspberry PI 3 to Mikrotik, then fully route to whichever LAN IP's by marking the packets.

    And install Pulseway on the PI, free for 5 devices and setup a probe to ping the inside of the tunnel, so whenever it goes down or exceeds the threshold, you will get a notification.

    The following resource can be used for setting up the IPSec component on the PI
    https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/
    and the following on the mikrotik side
    https://support.hidemyass.com/hc/en-us/articles/204558497-Mikrotik-Client-Setup

    J


  • Registered Users, Registered Users 2 Posts: 16,069 ✭✭✭✭CiniO


    NoDrama wrote: »
    I have something similar, though use mikrotiks as IPSec clients and then mark the packets and route them to certain devices on my network.

    I have never used Openvpn on the mikrotik, though when researching I believe you will need to ensure that the OpenVPN server is set to 'proto tcp' and must not need tls-auth. Neither udp nor tls are supported.

    You could choose an IPSec Site to Site, Raspberry PI 3 to Mikrotik, then fully route to whichever LAN IP's by marking the packets.

    And install Pulseway on the PI, free for 5 devices and setup a probe to ping the inside of the tunnel, so whenever it goes down or exceeds the threshold, you will get a notification.

    The following resource can be used for setting up the IPSec component on the PI
    https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/
    and the following on the mikrotik side
    https://support.hidemyass.com/hc/en-us/articles/204558497-Mikrotik-Client-Setup

    J

    Thanks NoDrama.
    That was very helpful.
    I actually only got that Mikrotik recently.
    You were right that OpenVPN through UDP is not supported on Mikrotik nor tls.
    I tried Openvpn through TCP, but unfortunately due to bandwidth on my raspberry pi side being limited, this solution was too slow for video streaming. (tcp seem much slower than UDP in practice).

    Currently I quickly set up PPTP tunnel between Mikrotik and Raspberry Pi (Pi being server and Mikrotik being client) and it works very well.
    I used your idea of marking packets and routing them to my TV tuner - great.

    I'll research idea of setting up IPSEC instead of PPTP, but need some more time to look into that, as it doesn't seem as easy.

    Generally that Mikrotik seems like a very powerful device for the price (cost me 60 quid). I'm actually astonished by amount of options it has.

    Will be playing with that way more now.

    Thanks.


Advertisement