LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-02-2016, 10:17 PM   #1
upnort
Senior Member
 
Registered: Oct 2014
Distribution: Slackware
Posts: 1,893

Rep: Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161
Where to install VPN


What are the pros or cons about where to install VPN in a home network?

Seems there are two basic locations: 1) the router or 2) a server with port forwarding enabled in the router. Lots of online articles using either approach. Just wondering which is preferred by knowledgable network professionals.

Thanks.
 
Old 04-03-2016, 08:31 AM   #2
wpeckham
LQ Guru
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDO, tinycore, Q4OS,Manjaro
Posts: 5,615

Rep: Reputation: 2695Reputation: 2695Reputation: 2695Reputation: 2695Reputation: 2695Reputation: 2695Reputation: 2695Reputation: 2695Reputation: 2695Reputation: 2695Reputation: 2695
as always, it depends

The best answer I ever had was an ASTARO SECURITY GATEWAY (now owned by SOPHOS). Not only the best firewall and router I ever owned, but the best VPN endpoint. That, however, is serious overkill (and over $$$) for a home network.

As always, it depends upon what you are connecting as clients, and to what do you connect. If you have a road-warrior VPN to a Corporate site, better to use the PC client for many reasons.
If your router is limited in ability (settings), not a full featured security device, or hardware challenged in terms of load (cpu/memory) then you are better with an internal VPN server endpoint. If your router can handle it, that is the better option.
If you are attempting to route everything through a privacy VPN, there is a slight advantage to using the internal VPN endpoint, in that it and the router will present slightly different signatures and thus be more difficult to identify in combination than a single device.

With no knowledge of the hardware at hand, purpose, usage model, or load information we are having to do a LOT of guessing and generalization on this end.
I hope that is enough to help.
 
Old 04-03-2016, 07:13 PM   #3
upnort
Senior Member
 
Registered: Oct 2014
Distribution: Slackware
Posts: 1,893

Original Poster
Rep: Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161Reputation: 1161
Quote:
With no knowledge of the hardware at hand, purpose, usage model, or load information we are having to do a LOT of guessing and generalization on this end.
Well, I did share in my original post this is for a home network -- implying nominal network traffic.

I am the only person in the house who will be using a VPN. There are no rug rats, gamers, or movie addicts sucking bandwidth here.

While the current router supports VPN, as does a new router not yet installed, I have been thinking about installing the VPN in a VM on the LAN server. Bind the VM to a second physical NIC. The LAN is configured with two switches, the first of which segregates the VOIP ATA from the router and LAN. I was thinking about connecting that VM and second NIC to that first switch, bypassing the router. The VM would use a second virtual NIC to bridge the LAN subnet. I don't know which distro I might use, but something with a web browser interface in case someone other than me needs to help fix things from the inside.

For the short term though I just wanted some professional feedback on the original two options. Seems the number of articles online are about split between using the router and using a dedicated VPN server. I am guessing then there is no meaningful difference for a home network.

That said, router vendors are known for not updating their firmware, which leans in favor of using a dedicated VPN server rather than the router. In my case the current router is running DD-WRT and the new router is an Asus and DD-WRT is available for that too. Not that DD-WRT is known for being fully updated either, which is why the VM idea is intriguing. Say with pfsense or something similar.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How to install pptp VPN on ubuntu 9.10? nypd365 Linux - Networking 1 04-12-2011 08:28 AM
Help Me Install VPN Servers ayie Linux - Networking 2 09-19-2005 02:19 AM
have no clue how to get this vpn client to install acemaxx Linux - Newbie 3 01-31-2005 10:28 PM
Trying to install VPN client from cisco Oxyacetylene Linux - Networking 9 08-05-2004 04:58 PM
Can't install mppe (VPN) kelper Linux - Networking 1 11-07-2003 06:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration