Can you help me in setting up my network and VPN please?

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
Post Reply
adetogni
Getting the hang of things
Posts: 75
Joined: Tue Oct 03, 2017 10:37 pm

Can you help me in setting up my network and VPN please?

Post by adetogni »

Hey

This is what I have at the moment in my network
- a TS-451 (that is going to be reset soon)
- a router/ap provided by the company (Fastweb Italy) that CANNOT replace since it's a fiber one. On this one the wifi is disabled
- an Ubiquiti AP-PRO access point that I use as DHCP server and centrally-located AP (since the original router is very far from the center of the house)

Currently therefore I have the TS on a static IP (192.168.1.201) while the AP does provide the dynamic IP to all the other devices in the house.

I would like to setup a VPN to be able to connect from remote. So far I've been using QVPN but I've read your advices and you don't recommend it, so I want to restart.
I've viewed this video https://www.youtube.com/watch?v=rtUl7BfCNMY and looks interesting, unfortunately I have several questions
1) Currently the PI goes >100€. Are there cheaper alternatives?
2) I SHOULD have an old Belkin router/AP->can I install DD-WRT and use that in place of the PI?
3) On the computer that I use daily and I use for traveling unfortunately I am NOT an admin (company policies...). However I do have a VPN client (Check Point EndPoint Security). Will I be able to use that as a vpn client? (I checked and seems I *can* create new profiles) or I need to actually install wireguard?
3a) In case 3) fails, can I install wireguard on the mobile phone, connect with it and create an hotspot (I *guess* so, but I will have to connect to the VPN using mobile and not Wifi, since I can't connect wifi and share)

Disclaimer: I'm an IT who always find issues with networking ahahah

Thanks!
User avatar
dolbyman
Guru
Posts: 35005
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Can you help me in setting up my network and VPN please?

Post by dolbyman »

1) A used or new ASUS router that supports Merlin FW would also be a good alternative (use it in a double NAT) or check for raspi clones that are compatible with the mentioned repos
2) Model number would be needed to google it (if you do not want to google it yourself)
3) Never used that software, but that probably is only for the VPN that your company uses. But you would have to check with your IT team or Vendor.
3a) If you have to jump through that many hoops, maybe just get some additional cloud storage at onedrive/dropbox/etc ? (you can do sync from/to the QNAP)
adetogni
Getting the hang of things
Posts: 75
Joined: Tue Oct 03, 2017 10:37 pm

Re: Can you help me in setting up my network and VPN please?

Post by adetogni »

1) how can I check raspi clones? Any keyword to search? "raspberry clone" is ok?
2) found it, is is a belkin f7d4302 v1, belkin play. According to the ddwrt website, looks compatible. Would it suit my need?
3) yeah I guess so. I might ask IT if they allow me to install a different VPN software. Otherwise I have a backup solution (I'll bring my mini pc with me instead of the laptop...)
3a) well, it's expensive, given that I do not connect home often and, when I need, I want one of the movies of my 2.3TB collection... Synching them online will be very expensive
adetogni
Getting the hang of things
Posts: 75
Joined: Tue Oct 03, 2017 10:37 pm

Re: Can you help me in setting up my network and VPN please?

Post by adetogni »

Can I use a NanoPi instead of a Rasp?
User avatar
OneCD
Guru
Posts: 12037
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Can you help me in setting up my network and VPN please?

Post by OneCD »

Possibly. Although, low-power devices will struggle with the cryptographic calculations required for VPN. The result will be slow transfer speeds.

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
adetogni
Getting the hang of things
Posts: 75
Joined: Tue Oct 03, 2017 10:37 pm

Re: Can you help me in setting up my network and VPN please?

Post by adetogni »

Not sure, I'm not expert Of these boards, but looks like the NanoPi ha more processor power than the Rasp?
User avatar
dolbyman
Guru
Posts: 35005
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Can you help me in setting up my network and VPN please?

Post by dolbyman »

just a quick google

NanoPi RS2 OpenSSL performance

Code: Select all

root@nanopi-r2s:~# openssl speed aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 8962695 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 64 size blocks: 2534616 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 256 size blocks: 652684 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 164408 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 20592 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 16384 size blocks: 10291 aes-128 cbc's in 3.00s
OpenSSL 1.1.1  11 Sep 2018
built on: Tue Nov 12 16:58:35 2019 UTCns:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr) 
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-J6qvxk/openssl-1.1.1=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128 cbc      47801.04k    54071.81k    55695.70k    56117.93k    56229.89k    56202.58k
My Asus AX86U (self tested)

Code: Select all

admin@RT-AX86U-2220:/tmp/home/root# openssl speed aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 10713696 aes-128 cbc's in 2.97s
Doing aes-128 cbc for 3s on 64 size blocks: 3340700 aes-128 cbc's in 2.98s
Doing aes-128 cbc for 3s on 256 size blocks: 900623 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 1024 size blocks: 227997 aes-128 cbc's in 2.98s
Doing aes-128 cbc for 3s on 8192 size blocks: 28409 aes-128 cbc's in 2.96s
Doing aes-128 cbc for 3s on 16384 size blocks: 14283 aes-128 cbc's in 2.98s
OpenSSL 1.1.1s  1 Nov 2022
built on: Sat Dec  3 18:26:21 2022 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr)
compiler: /opt/toolchains/crosstools-arm-gcc-5.5-linux-4.1-glibc-2.26-binutils-2.28.1/usr/bin/arm-buildroot-linux-gnueabi-gcc -fPIC -pthread -Wa,--noexecstack -DBCM4908 -DBCMWPA2 -DBCMQOS -DD11AC_IOTYPES -DPHYMON -DPROXYARP -DTRAFFIC_MGMT -DTRAFFIC_MGMT_RSSI_POLICY -DMFP -D__CONFIG_MFP__ -DHND_ROUTER -DBCA_HNDROUTER -DMCPD_PROXY -DCMS_LOG3 -DLINUX -Os -march=armv7-a -fomit-frame-pointer -mno-thumb-interwork -mabi=aapcs-linux -marm -ffixed-r8 -msoft-float -D__ARM_ARCH_7A__ -Wno-date-time -Wall -Darm -g -fPIC -DMDM_SHARED_MEM -DCMS_MEM_DEBUG -DSUPPORT_ETHWAN -DSUPPORT_TMCTL -DDMP_X_BROADCOM_COM_L2TPAC_1 -DSUPPORT_GRE_TUNNEL -DSUPPORT_IPSEC -DDMP_X_BROADCOM_COM_IPSEC_1 -DSUPPORT_TR64C -DDMP_X_BROADCOM_COM_TR64_1 -DSUPPORT_IPV6 -DDMP_X_BROADCOM_COM_DEV2_IPV6_1 -DDMP_DEVICE2_DSLITE_1 -DDMP_DEVICE2_DSLITE_2 -DDMP_DEVICE2_IPV6RD_1 -DDMP_DEVICE2_IPV6INTERFACE_1 -DDMP_DEVICE2_IPV6ROUTING_1 -DDMP_DEVICE2_DHCPV6CLIENT_1 -DDMP_DEVICE2_DHCPV6CLIENTSERVERIDENTITY_1 -DDMP_DEVICE2_DHCPV6SERVER_1 -DDMP_DEVICE2_DHCPV6SERVERADV_1 -DDMP_DEVICE2_DHCPV6SERVERCLIENTINFO_1 -DDMP_DEVICE2_NEIGHBORDISCOVERY_1 -DDMP_DEVICE2_ROUTERADVERTISEMENT_1 -DSUPPORT_TR69C -DSUPPORT_CPU_MEMORY_WEB_PAGE -DSUPPORT_JQPLOT -DSUPPORT_WEB_SOCKETS -DSUPPORT_HTTPD -DSUPPORT_CLI_CMD -DCLI_CMD_EDIT -DSUPPORT_CONSOLED -DSUPPORT_TELNETD -DSUPPORT_SSHD -DSUPPORT_TOD -DDMP_X_BROADCOM_COM_ACCESSTIMERESTRICTION_1 -DSUPPORT_URLFILTER -DSUPPORT_POLICYROUTING -DSUPPORT_UPNP -DDMP_X_BROADCOM_COM_UPNP_1 -DDMP_X_BROADCOM_COM_DLNA_1 -DSUPPORT_FCCTL -DSUPPORT_SNTP -DDMP_X_BROADCOM_COM_ETHERNETOAM_1 -DSUPPORT_ETHSWCTL -DSUPPORT_PWRMNGT -DDMP_X_BROADCOM_COM_PWRMNGT_1 -DSUPPORT_HOSTMIPS_PWRSAVE -DSUPPORT_ETH_PWRSAVE -DSUPPORT_ENERGY_EFFICIENT_ETHERNET -DSUPPORT_ETH_DEEP_GREEN_MODE -DSUPPORT_STORAGESERVICE -DDMP_STORAGESERVICE_1 -DSUPPORT_NTFS_3G -DSUPPORT_SAMBA -DSUPPORT_PPTP -DSUPPORT_NF_MANGLE -DSUPPORT_INTF_GROUPING -DSUPPORT_VLANCTL -DSUPPORT_QOS -DSUPPORT_RATE_LIMIT -DSUPPORT_DEBUG_TOOLS -DSUPPORT_CERT -DDMP_X_BROADCOM_COM_DIGITALCERTIFICATES_1 -DCOMPRESSED_CONFIG_FILE -DCMS_CONFIG_COMPAT -DCHIP_4908 -DCONFIG_BCM94908 -DCONFIG_BCM_MAX_GEM_PORTS=1 -DSUPPORT_INCREMENTAL_FLASHING -DBRCM_WLAN -DWIRELESS -L/opt/toolchains/crosstools-arm-gcc-5.5-linux-4.1-glibc-2.26-binutils-2.28.1/usr/lib -Wno-date-time -DSUPPORT_RDPA -DRTAX86U -O2 -D__CONFIG_DHDAP__ -D__CONFIG_BCM_CEVENT__ -DBCM_CEVENT -DBCM_CEVENTD -DCONFIG_HOSTAPD -D__CONFIG_LBR_AGGR__ -DBCM_BSD -DBCM_EVENTD -DEXT_ACS -DBCM_DCS -D__CONFIG_EMF__ -D__CONFIG_VISUALIZATION__ -DCONFIG_VISUALIZATION_ENABLED -D__CONFIG_WPS__ -DJFFS_NVRAM -fstack-protector-all -march=armv8-a -fomit-frame-pointer -mabi=aapcs-linux -marm -ffixed-r8 -msoft-float -O2 -ffunction-sections -fdata-sections -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -DOPENSSL_API_COMPAT=0x10000000L -DL_ENDIAN -D__ARM_ARCH_8A__
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128 cbc      57716.88k    71746.58k    77110.20k    78345.28k    78623.83k    78527.74k

So it seems pretty capable
adetogni
Getting the hang of things
Posts: 75
Joined: Tue Oct 03, 2017 10:37 pm

Re: Can you help me in setting up my network and VPN please?

Post by adetogni »

thanks @dolbyman

...I've tried to read the DD-WRT installation page...it's FAIRLY complicated. Pages and pages of documentations, exceptions and warnings....
User avatar
OneCD
Guru
Posts: 12037
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Can you help me in setting up my network and VPN please?

Post by OneCD »

dolbyman wrote: Wed Dec 07, 2022 4:09 am So it seems pretty capable
Agreed, but I wouldn't have thunk it. Cheers! :D

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Can you help me in setting up my network and VPN please?

Post by Moogle Stiltzkin »

adetogni wrote: Wed Dec 07, 2022 4:36 am thanks @dolbyman

...I've tried to read the DD-WRT installation page...it's FAIRLY complicated. Pages and pages of documentations, exceptions and warnings....
i find it best to rely on youtube guide when possible. some walk you through step by step. but sometimes you still need to read the documentations on the steps as well..


DD-WRT - Open Source Router Firmware to take your home router to the next level of capability!
https://www.youtube.com/watch?v=ooJPLBDW8qw


i've flashed tomato and rt-merlin before. dd-wrt should be roughly the same, but always follow the exact instructions :D


i made a quick summary for what you need to do *these are just my recommendations. you can opt for ddwrt flashed on asus if you want, that's also a viable solution :D
step1: pick a router/firewall to use
(A) hardware

personally though i'm more in favor of these types of router/firewall boxes (Yanling, Topton, Qotom, Protectli ..... )to load them with either pfsense or opnsense

https://www.youtube.com/watch?v=h7U4fCj_Pos
https://www.youtube.com/watch?v=xExmvIHEQao
https://www.youtube.com/watch?v=tZK1l9bXDgs


(B) software

Opnsense vs Pfsense :D
https://www.youtube.com/watch?v=Of0Zp8h258g


step2: follow the vpn setup guide. there a few different methods, here are some i listed below.

Tutorial: pfsense Wireguard For Remote Access
https://www.youtube.com/watch?v=8jQ5UE_7xds


How to Setup The Tailscale VPN and Routing on pfsense *This is probably easier to setup and manage for you
https://www.youtube.com/watch?v=P-q-8R67OPY


PiVPN + WireGuard Complete Setup - Build Your Own VPN Server! *for this you need to buy a raspberry pi 4 model B ideally
https://www.youtube.com/watch?v=Q4zlrc0F4NU

NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
spile
Been there, done that
Posts: 637
Joined: Tue May 24, 2016 12:13 am

Re: Can you help me in setting up my network and VPN please?

Post by spile »

The Raspberry Pi is a reliable option and Wireguard works perfectly on it. I realise prices have gone up but they do come up for sale used. It’s what I would recommend if you don’t want to change your router.
adetogni
Getting the hang of things
Posts: 75
Joined: Tue Oct 03, 2017 10:37 pm

Re: Can you help me in setting up my network and VPN please?

Post by adetogni »

spile wrote: Wed Dec 07, 2022 3:42 pm The Raspberry Pi is a reliable option and Wireguard works perfectly on it. I realise prices have gone up but they do come up for sale used. It’s what I would recommend if you don’t want to change your router.
Thanks, I tried to search it used, no luck. I am evaluating a pizero which is much cheaper. I also have a 3dprinter so I can build a nice case for it
BUT I have this unused router at home (it's not the main router, it's an additional one that I don't use anymore) so if i can install DD-WRT it will come for free.
adetogni
Getting the hang of things
Posts: 75
Joined: Tue Oct 03, 2017 10:37 pm

Re: Can you help me in setting up my network and VPN please?

Post by adetogni »

So if I configure this modem/router with DD-WRT (it's a modem/router, so it has a yellow "modem" eth port and 4 normal eth ports...it should be fine, as long as I don't use the modem ones), the topology should be

Fiber modem -> Switch ->

And from the switch everything connects there, including this router that will act as VPN

The NAS normally has a static ip 192.168.1.201, I *suppose* that I have to set the router to have a static IP (let's say 192.168.1.107) and, on the modem, open a route for the VPN ports directly to this ip.

Is this correct?
adetogni
Getting the hang of things
Posts: 75
Joined: Tue Oct 03, 2017 10:37 pm

Re: Can you help me in setting up my network and VPN please?

Post by adetogni »

meanwhile, I've successfully installed dd-wrt on this belkin!
adetogni
Getting the hang of things
Posts: 75
Joined: Tue Oct 03, 2017 10:37 pm

Re: Can you help me in setting up my network and VPN please?

Post by adetogni »

... According to the ddwrt forums pals, seems that this belkin router could work but it's underpowered to run VPN, so I guess I would have slow transmission speed
Post Reply

Return to “Miscellaneous”