[plug] Working from home - VPN routers

Nicholas Lloyd - HESWA nic at heswa.com.au
Sat Mar 28 22:40:57 AWST 2020 

Is the NBN modem in pass-through?  If not, then it probably is a double NAT issue.  If you can put the modem into pass-through mode, then it should hopefully solve it.

If for some reason you can't do pass-through and must deal with with double NAT, then Nebula could be an option. It was released open source from Slack. It's an overlay network where peers establish connections via "lighthouses", so it can punch through double NAT. It's certificate based, like OpenVPN and Wireguard.

Nebula is pretty cool, but it's a bit more involved to setup than something like Wireguard.


Nic


On 28 March 2020 8:59:24 pm AWST, William Kenworthy <billk at iinet.net.au> wrote:
>Wireguard is getting lots of good press about being secure but easy to 
>use - I cant use it as I need ssl in some scenarios so I have not tried
>it.
>
>Openvpn is still good, but I would use certificates and follow the 
>hardening guide for it.  Openvpn with psk and multiple users doesn't 
>work (its only 1 to 1, but still secure) - needs to be certificates for
>
>that.
>
>Quickvpn looks like it might need multiple ports enabled which might be
>
>the cause of your errors (in some IPSEC implementations, one is used
>for 
>auth).
>
>BillK
>
>
>On 28/3/20 6:58 pm, Kevin Shackleton wrote:
>> Hi All,
>>
>> We are, like many businesses, working from home as much as possible -
>
>> I have not been in-office for the last fortnight.
>>
>> Up to this time we have not bothered with an office router that "does
>
>> a VPN".  Now a need has arisen and the business owner bought a D-Link
>
>> DIR-895L/R, connected to our NBN modem. This device offers
>"QuickVPN", 
>> using a pre-shared key.  As a router it's working fine (though it 
>> lacks SIP, we will add on a Cisco ATA)
>>
>> So far we have not been able to make the VPN gateway work, from 
>> Windows or Linux clients.  We're getting authentication failures, 
>> though we have tried all sorts of combinations of protocols.
>>
>> I'm interested in ideas and words of experience on the subject:
>>  - any chance the modem is affecting the VPN?
>>  - comments on the selected device (is anyone using "QuickVPN"?) and 
>> recommended alternative devices
>>  - comments on re-flashing the device to DD-WRT which D-Links says is
>
>> supported.  My main concern with a re-flashing is that the wi-fi may 
>> lose some of its capabilities - not really a big worry.
>>  - thoughts about if a VPN using a PSK is really adequate these days,
>
>> or if we should not re-flash and start using openVPN with large 
>> certificates
>>
>> Regards,
>> Kevin.
>>
>>
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://lists.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.org.au
>> PLUG Membership: http://www.plug.org.au/membership
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20200328/ecaff3de/attachment.html>

More information about the plug mailing list