Adding VPN and more Hard Ports to my Home Network

The network is the forum.

Moderators: Steel, notfred

Adding VPN and more Hard Ports to my Home Network

Postposted on Sat Dec 07, 2013 3:42 pm

I've got a couple of good side-projects for me to work on in December. I would like to increase the number of physical ethernet ports available in my home office and I would like to get a secure VPN for home use.

My Netgear R6300 router has 4 ports, fully in use by two laptops, a desktop, and a NAS. I would like to get a switch to increase that number by at least 6-8 more so that I could add another NAS, a network-based mixing board (Euphonix MC Mix/MC Artist), a couple more laptops, and a Skype phone. Price is flexible; speed must be fast, to support backups of large hard drive partitions as well as ISO transfers between computers and/or the NASs.

I've also decided that I would like to lock down my DSL connection. This is mostly as an educational exercise, but also to do my part as a good citizen of faithful resistance to "the man". I wish to make it as difficult as possible for anybody in government to track my comings and goings.

The twist here is that I already use a VPN on my home network for my job which allows me to work from home a couple days per week. Are there any possible solutions that would allow me to use more than one VPN concurrently on my network? I don't want to have to disconnect my home VPN just to log onto work, and vice-versa.

For the home network, I have AT&T DSL running through a fairly typical Netgear DSL modem and a Netgear R6300 router. I have 6 mbps service, but frequently get 7 on the down side. Sometime in the next 12-18 months, I plan to change to cable for faster service; but right now that's not a major priority.

I need a good starting point for either/both issues. Thanks in advance!
BIF
Gerbil Jedi
Gold subscriber
 
 
Posts: 1600
Joined: Tue May 25, 2004 7:41 pm

Re: Adding VPN and more Hard Ports to my Home Network

Postposted on Sat Dec 07, 2013 4:44 pm

For the switch, watch Newegg specials for a sale on Rosewill/D-Link/Netgear 8-port gigabit switches.

I'm rather confused what you want the 2nd VPN for though, as you haven't mentioned any other network (besides the work one) that you want to connect to. VPNs don't "lock down" your connection; they just give you a secure way of bridging two (or more) remote LANs together over the Internet. Both ends need to cooperate in setting up the VPN, so it doesn't help with security while just web surfing, or anything like that.

If you're trying to obfuscate the origin and/or contents of your web traffic, you want something like an anonymous web proxy service or a Tor client, not a VPN. Unless you've actually got something to hide, or want to use a proxy to secure your web traffic when surfing via open public WiFi hotspots, it is probably not worth the trouble.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37834
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Adding VPN and more Hard Ports to my Home Network

Postposted on Sun Dec 08, 2013 1:50 pm

I would say look no further than the Netgear GS108 (promo code and MIR now too!).

JBI, I do believe he was referring to VPN-ing and redirecting all traffic via a proxy. Troubles of setting up and diagnostics aside, the cheap VPNs have caps or speed concerns that may not make it practical. Besides, is the OP on any social networks or uses any web-based email? If yes then "the man" is already looking. They just do it on the other end and there is nothing you can really do. Heck, if they really want to monitor you they would have put something in your home already. :x
Image
The Model M is not for the faint of heart. You either like them or hate them.

Gerbils unite! Fold for UnitedGerbilNation, team 2630.
Flying Fox
Gerbil God
 
Posts: 24491
Joined: Mon May 24, 2004 2:19 am

Re: Adding VPN and more Hard Ports to my Home Network

Postposted on Sun Dec 08, 2013 2:11 pm

Flying Fox wrote:JBI, I do believe he was referring to VPN-ing and redirecting all traffic via a proxy.

Ahh, OK. But unless you go the Tor route, the proxy is still traceable back to you. Without additional steps to anonymize the traffic all the proxy really buys you is some extra security/privacy when using public WiFi hotspots (by eliminating the possibility of your unencrypted traffic being snooped by someone else nearby).
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37834
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Adding VPN and more Hard Ports to my Home Network

Postposted on Sun Dec 08, 2013 8:29 pm

Hi guys; thank you for the switch suggestions.

As for the VPN question. Maybe my understanding is woefully lacking, but I'll try to give form to my thoughts here.

Obviously, when you make a purchase on Amazon, you can't expect to remain anonymous to Amazon. You have to identify yourself to Amazon. When you pay your electric bill via your bank's billpay app/webpage, you have to identify yourself to multiple entities; your bank, the electric company, and any other number of intermediaries. To post here on Tech Report, we have to provide some personal information about ourselves to the admins. The social nature of the news article comment sections and these forums are such that if we interact with anybody at all, we're giving more personal information about ourselves, and of course anybody can read what we write.

I get all this, and I don't expect to be completely anonymous because I know it's not possible.

But even so, I would like to better secure myself, given these limitations. I want to make it more difficult. As I said, this is a learning exercise, so I want to learn what I can while doing this.

One thing I thought of is this: All points leading to me go through my ISP, so is there anything I can do to secure/anonymize myself between me and my local ISP? I had thought that a VPN would help in that way, which is why I began by asking about that. Yes, I think I want web browsing anonymity. Let's start with AT&T. Can I do this? Can I go farther?
BIF
Gerbil Jedi
Gold subscriber
 
 
Posts: 1600
Joined: Tue May 25, 2004 7:41 pm

Re: Adding VPN and more Hard Ports to my Home Network

Postposted on Mon Dec 09, 2013 4:19 am

Unless you take extreme measures (e.g. Tor), you're never going to be able to completely hide what you're doing (and there are even some questions about how secure Tor is). The remainder of this discussion is focused on traditional web proxies; if you're serious about setting up Tor, GIYF.

With a proxy (whether or not you use a VPN to access it), all you're doing is moving the exit point for all of your traffic to the proxy's Internet connection. If you have good reason to believe that the operator of the proxy and the ISP the proxy is using are more trustworthy than your own ISP, this may gain you some security/privacy. Otherwise, it's a wash.

I use a proxy (accessed via secure encrypted SSH tunnel) when I'm on the road. But this is to protect myself from random people sniffing my HTTP traffic on hotel and public WiFi networks, nothing more than that. The traffic still enters the public Internet from an IP that is easily traceable to me -- either my home DSL connection, or (more recently) a proxy I set up on a VPS I have at Linode. I figure the VPS is somewhat less secure than my home server (since I don't own/control the VPS host), but the improved bandwidth versus my crappy home DSL connection is worth it.

HTTPS traffic (as used by banks and e-commerce sites) is already reasonably secure. The only thing you really gain by proxying HTTPS is moving the point where it hits the public Internet from your local connection to the proxy. It's still encrypted end-to-end (though may have an additional layer of encryption between you and the proxy, depending on how your proxy is set up). For HTTP traffic, it's gonna be out there "on the wire" unencrypted at some point regardless; all the proxy does for you is secure the local link, which can be useful when you have reason to not trust it (see previous paragraph).

Something else to consider: Routinely using proxies and/or other tools to obfuscate the origin of your network traffic may have the opposite of the intended effect. Your ISP can still tell you're using these tools, even if they can't peer into the contents of what you're sending/receiving. You potentially make yourself *more* of a target for snooping, since Big Brother may interpret this as an attempt to hide something!
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37834
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Adding VPN and more Hard Ports to my Home Network

Postposted on Mon Dec 09, 2013 11:56 am

BIF wrote:One thing I thought of is this: All points leading to me go through my ISP, so is there anything I can do to secure/anonymize myself between me and my local ISP? I had thought that a VPN would help in that way, which is why I began by asking about that. Yes, I think I want web browsing anonymity. Let's start with AT&T. Can I do this? Can I go farther?


Short answer: No. Long answer: what JBI said, plus more. Look at it this way. Though it may not be physically, logically your connection to your ISP is dedicated to you. Any traffic over that link is identifiable as you. The target address and port of that traffic is known. It must be in order for the network to route the traffic. You can't hide that. Something like Tor will obfuscate it by routing traffic through all sorts of middle men. Https will encrypt the data being transferred, but the end points are still known. For example, I can tell that you went to the google search page, but not what you searched for. Even with https, you can leak important data. The initial url in the https request will be sent in the clear and it arguments are passed in that url, they are readable even though the remainder of the session encrypted.

If you don't want your ISP to be able to see your traffic, then you need to have a VPN server somewhere out in the cloud that you can connect to from your home network and route all your traffic over. This obviously costs money, and whoever is terminating your VPN connection can still snoop all the packets coming out as they leave the machine. You've simply changed to entity that provides the first hop out of your network from your ISP to you VPN host.

With Tor, you cannot use it for anonymous and non-anonymous browsing. In other words, you can't even sign in to a sight that has identifying information on you. As soon as you do, the anonimity that Tor provides falls away, at least for an organization with enough resources to watch traffic coming out of a large number of Tor exit nodes.

--SS
SecretSquirrel
Gerbil Jedi
Gold subscriber
 
 
Posts: 1719
Joined: Tue Jan 01, 2002 7:00 pm
Location: The Colony, TX (Dallas suburb)


Return to Networking

Who is online

Users browsing this forum: No registered users and 4 guests