Forum acquaintance offered to configure my network through VPN?
 

delete

You see the red flags. Good. I'll spare you that lecture.

It boils down to this: Can you trust the guy, and can you monitor him? It's believable that a guy would offer to help, but he may have a nasty idea, and you probably won't find out.
I would clarify what he needs access to - what dirs in particular. Then use something like a few partitions on a usb key, or sdcard

sda1 = /etc
sda2 = /var
sda3 = /opt, with your network software in /opt.

and a live cd as your system. The slackware dvd is good for booting off, with a pretty complete kernel. If you can get that up, behaving, and backed up, you can check and diff to see the differences later. And change all the passwords for real ones. Your isp will change password also.

I realize that this isn't what you would have hoped for and I do not know the reason for you not doing so but I should point out that if you would have chosen to just buy a wireless network card this all would not have been necessary. There. Said it. I also realize this problem has been driving you crazy for some time now and that "getting it over with" resulted in decisions that, while understandable, do not enhance security like not using wireless encryption and using a laptop running windows 7 as test machine.

Basically you have two questions: I.) how to deal with access and II.) how to determine trust.

With respect to access you should ask him beforehand what he needs access to. Also ask for a description of what he needs to do and have him confirm every change with you. I doubt it's possible for him to run the configuration utility remotely connecting directly to the Routerboard so he would need access to your Laptop. Isolating traffic by putting the Laptop in a DMZ should keep the machine from accessing other LAN clients but not much more. You could log traffic but that wouldn't prevent anything. Thinking out loud, what could he need access to?
- An account on your laptop. It makes sense to create a separate account for him that you can both log in to and share the session. If you didn't subvert windows UAC then any action requiring Administrator access would be flagged and you ask him if it's really necessary and decide then. Change the Administrator password anyway. Ask him to not transfer anything from and into the machine. Run antivirus anyway.
- Access to the Routerboard configuration utility. Make a backup of the settings. If he needs admin access then set the password to something different beforehand and change it after he's gone.
- Main router. If he needs access to your Netgear then there isn't much you can do. Make a backup of the configuration. If it has the option to create "view only" accounts do so (guess not). Change the admin password. Configure your main router to forward only TeamViewer ports (TCP 80, 443 and 5938 AFAIK: check the TeamViewer documentation) to your laptop. Alternatively you could use VNC over SSH instead which would require a direct connection from his system to your router.


With respect to trust we also have an account here with the same handle. Emailing him here could confirm if it's the same user. Ask for his IP address. Email headers could show his IP address or provider if he doesn't use common web-based ones like Gmail, Yahoo, etc, etc. You could ask him if he's done this before. If he has maybe some of his "clients" would be willing to endorse him. You could also opt to offer him a reward, provided he gives his bank account details and not some on-line payment system.
In the end it boils down to these two simple questions: does he appear trustworthy to you and does the benefits outweigh the risks? It's your decision.

delete