Go Back   Hardware Canucks > SOFTWARE > Networking

    
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old January 10, 2018, 07:32 AM
Top Prospect
 
Join Date: Nov 2010
Location: Toronto
Posts: 228

My System Specs

Default Best way to protect my remote connections.

I have a few devices on my network that I like to be able to remotely connect to while im out. These consists of remote desktop to a couple of my pcs. SSH access, accessing my home assistant UI and maybe be able to access my freenas box.

What would be the best method to securely browse these devices? A reverse proxy or vpn maybe? Im currently behind an edgerouter x. Used to have pfsense but my mobo on that box did not have an auto on after power failure so it got annoying.

Thanks.
Reply With Quote
  #2 (permalink)  
Old January 10, 2018, 12:21 PM
The Great Gazoo's Avatar
Top Prospect
 
Join Date: Dec 2014
Location: BC Lower Mainland
Posts: 108

My System Specs

Default

You are probably better off searching or asking this on the Ubiquiti forums. But I am curious as well....I'm on the Unifi network structure though as I added cameras and their switches.
Reply With Quote
  #3 (permalink)  
Old January 10, 2018, 12:38 PM
Entz's Avatar
Rookie
 
Join Date: Jul 2011
Posts: 26

My System Specs

Default

I would setup OpenVPN on the edgerouter. That is the easiest way imo, then its normal network access to your devices. At least that is what I do at my place (I use Mikrotik though).

https://help.ubnt.com/hc/en-us/artic...OpenVPN-Server
Reply With Quote
  #4 (permalink)  
Old January 10, 2018, 03:36 PM
Rookie
 
Join Date: Nov 2009
Posts: 45
Default

2nd vote for a VPN. Reduce your attack surface by only having a single entry point (VPN). Once you are VPN'd in, you can treat your PC as if you were on the local network.

VPNs have the additional benefit of typically encrypting your traffic, so if you're on a public wifi like at timmy ho's or starf*cks, the traffic between you and your personal network will all look like gibberish to anyone else on the same public wifi.

Overall, it's a great recommendation for security in general, and I set one up for my wife when she was sent on business trip to toronto to connect her surface and access network shares.
__________________
NCIX.com forum moderator
Reply With Quote
  #5 (permalink)  
Old January 10, 2018, 04:38 PM
JD's Avatar
JD JD is offline
Moderator
F@H
 
Join Date: Jul 2007
Location: Toronto, ON
Posts: 8,075

My System Specs

Default

I would recommend implementing this IP blocklist update script: https://github.com/WaterByWind/edgeos-bl-mgmt

You could also enable some of the extra FireHOL lists as well to further block things. Should stop a good chunk of malicious attack attempts at your exposed ports.
Reply With Quote
  #6 (permalink)  
Old January 16, 2018, 04:45 PM
Top Prospect
 
Join Date: Nov 2010
Location: Toronto
Posts: 228

My System Specs

Default

Regarding using a vpn speed wise? If I were to host openvpn on my edgerouter, Will I see a speed drop while at home? I only care about using a vpn for "me" to access my network. When im at home, I dont really have a need for one.
Reply With Quote
  #7 (permalink)  
Old January 16, 2018, 05:29 PM
JD's Avatar
JD JD is offline
Moderator
F@H
 
Join Date: Jul 2007
Location: Toronto, ON
Posts: 8,075

My System Specs

Default

Quote:
Originally Posted by biggyk View Post
Regarding using a vpn speed wise? If I were to host openvpn on my edgerouter, Will I see a speed drop while at home? I only care about using a vpn for "me" to access my network. When im at home, I dont really have a need for one.
My EdgeRouter 8 Pro tops out at roughly 20Mbps on OpenVPN. I'm not sure what the performance is like on the ER-X though since it's a different CPU. I suspect it's lower , so it depends if the speed is enough for you or not.

You're likely better off running the OpenVPN server on your NAS or one of your PCs.
Reply With Quote
  #8 (permalink)  
Old January 16, 2018, 05:37 PM
Top Prospect
 
Join Date: Nov 2010
Location: Toronto
Posts: 228

My System Specs

Default

Quote:
Originally Posted by JD View Post
My EdgeRouter 8 Pro tops out at roughly 20Mbps on OpenVPN. I'm not sure what the performance is like on the ER-X though since it's a different CPU. I suspect it's lower , so it depends if the speed is enough for you or not.

You're likely better off running the OpenVPN server on your NAS or one of your PCs.
okay so what your saying is that even if im home on my local network, with the vpn running il still see a speed performance drop?
Reply With Quote
  #9 (permalink)  
Old January 16, 2018, 05:43 PM
Mr. Friendly's Avatar
Hall Of Fame
 
Join Date: Nov 2007
Location: British Columbia
Posts: 1,048

My System Specs

Default

why not just TeamViewer in on a PC that controls the equipment?
Reply With Quote
  #10 (permalink)  
Old January 16, 2018, 06:00 PM
JD's Avatar
JD JD is offline
Moderator
F@H
 
Join Date: Jul 2007
Location: Toronto, ON
Posts: 8,075

My System Specs

Default

Quote:
Originally Posted by biggyk View Post
okay so what your saying is that even if im home on my local network, with the vpn running il still see a speed performance drop?
If you are home and somebody is connecting into your network via OpenVPN, probably notice some impact since it'll be consuming CPU cycles on the router. If you are just at home and nobody is using the VPN, then no, I don't think you'll see any impacts.

And it depends where you plan to access this from. Is it from your computer at work? If so, a lot of companies block all VPN protocols. If you just want to access it from your phone, then TeamViewer or Chrome's Remote Desktop are likely better options since they're optimized for WAN/LTE/3G usage.
Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to protect your sensitive data NCIX style JJThomp Storage 4 September 16, 2012 01:23 PM
Password protect a subdirectory bonanza2000 O/S's, Drivers & General Software 4 December 31, 2011 01:26 AM
Protect your valuables Kilauea Off Topic 0 October 28, 2009 04:02 PM
what do i use to protect against condensation kyle_L Water Cooling 3 September 5, 2009 11:32 AM
Protect Your Laptop From Border Searches Hardware Canucks Press Releases & Tech News 0 May 2, 2008 12:50 PM