I was wondering if anyone tried the configuration above and how it worked out. I’m curious about bandwidth throttling and also how a dVPN would compare to a regular VPN.
I do not believe this is possible. The Deeper Connect Device sits transparently between your modem and router and provides its functionality by passing its rules though to the router itself. Your router continues to perform its NAT traversal and DNS lookups to provide an internet connection to those devices connected to the router. I never did determine from Deeper’s own documents the network layer or protocol involved, but the Deeper Connect services are not advertised and your router knows nothing about it.
I’m not sure what you are asking about exactly, but I use a router to host a VPN server behind a Deeper device. I can connect to that VPN server from my phone or laptop when I am traveling and access devices on my home network. It also blocks most ads and trackers etc. and encrypts all traffic between my device and home router. The DPN does the same outbound, so I’m tunneling to my home router and then the DPN is tunneling out when in full route mode.
The hosting router sits behind the deeper device and my router/modem combo box from my ISP. So the Deeper device sits between the routers. The VPN server supports Wireguard and/or OpenVPN. WG is faster, as one would expect.
Connecting to another VPN (with your router as the client) through the DPN (full route) would be redundant. There are a few threads about that on this sub. You should really use either or, but not both. There isn’t much benefit to trying to cascade a normal VPN with the DPN. It would needlessly slow things down without any net benefit. I’d bet you can do it, though you should not. As far as VPNs are concerned, the DPN is better. You really don’t have to worry about logs or prying eyes of server owners. But u/ruggieroav is right about how these devices work. I read somewhere that the DPN uses OpenVPN as the protocol for the sake of privacy, but I can’t be sure because I don’t remember where I read that! It wasn’t the DeeperGPT help chat bot though. It may have been something I learned from the DPN app, which had some general details when it was up and running.
Hey there, /u/KalSereousz. Thanks for posting in /r/DeeperNetwork! If you’re asking a question about something, odds are it’s most likely been answered already here!
So in order to maintain order in the subreddit, please be sure to follow these simple rules.
-
Please change your flair to match what you’re posting about.
-
No unwarranted hate towards Deeper or the people just trying to help.
-
No trying to trick or scam people like the trashy people who think that’s okay.
-
Everything else on the sidebar.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
That’s an interesting analysis. I didn’t realise that the device is transparent. I thought that Deeper Connect would have an IP address, perform similar functionality to the router’s firewall and behave like a VPN server too. If that was the case, then it seems logical that you could extract a config file or the necessary data for VPN client use on the router.
Sorry for reviving the old thread, but on searching all over the net, your comment is where I found the exact setup I am looking for:
I use a router to host a VPN server behind a Deeper device. I can connect to that VPN server from my phone or laptop when I am traveling and access devices on my home network
Could you please help me with how exactly you went about that? (I am not really that great with all networking concepts though I can handle some. So, I might ask some dumb questions here. So, please bear with me)
My current config is: ISP modem/router → An ASUS router → Deeper mini-> The OpenVPN server I am setting up.
Is this similar to your setup?
I am struggling to figure out how to set up my VPN so that it can be accessed while travelling.
(Even in concept, I am not sure how the external requests will figure their way to my server if they are sent to the ip addresses from Deeper (I am assuming it’s shared IPs). Is there some kind of additional translation happening?
Or should the requests be sent to my ISP provided IP? In that case, am I not bypassing DPN?)
Currently, I have no-ip running on the server with it pointing to my DPN provided public ip. (Deeper mini seems to be getting a private ip as per the dashboard)
Basically what I wanted to do was use the DPN as a VPN Server. But as you’ve described, it doesn’t have that capability and you even have your own VPN Server. So I guess the DPN is essentially just a firewall? That seems to be how you’re using it at least.
I do not even believe there is a way yet to export your “rules” configuration for import to a new device or the same unit after a factory reset. I do know the documents and marketing material stress that this is not a VPN; honestly I didn’t know just how different. It inspects traffic, performs DNS filtering and even http(s) content filtering but this is all done prior to the traffic hitting your router or gateway where you’d typically configure OpenVPN or Wireguard, etc. It’s almost like your ISP is filtering, but you’re in control.
Ironically, the only IP address utilized is the one provided for the device’s admin panel, either 11.22.33.44, (which appears to be a non-routable, re-usable, private LAN address owned by the US Dept. of Defense () or 34.34.34.34, which is also private and non-routable, owned by Google. There is nothing to suggest, however, that this device has the “blessing” of the DOD or Google.
It isn’t hard if you setup if have good routers to work with. For one, you need the no-ip or dynamic DNS running on a device “upstream” of the Deeper device for the sake of simplicity. You should configure that on the ASUS router from your example.
If you try to setup your dynamic DNS on something “behind” your Deeper device (within the protected network) then it will capture a different public IP address when you’re in full route mode, which means you will not be able to reach your VPN server when you’re away from home. That would be because it isn’t actually located at that IP address the Deeper device is surfing through, since the DPN can mask your real IP. You need your actual public IP address, not the one the DPN surfs the web from in full route mode, to be associated with your Dynamic DNS.
The main thing is that you will need to setup port forwards on each router leading up to where your server is hosted, including on the router from your ISP. Otherwise, your routers’ firewalls will all block the VPN connections initiated from the outside (even if you’ve done the VPN configuration files setup properly). This is normal behavior for routers. I’d still use Wireguard for the VPN server if I were you, because the forwarded ports won’t even show as open ports to network scanners, botnets, and hackers. It also is faster. When you port forward to an OpenVPN server, it shows as open. It is a TCP connection, but you can do it over UDP. Since I use Wireguard, I don’t bother with OpenVPN in UDP mode. There isn’t anything wrong with the OpenVPN protocol per se, but you can read up on the web and decide. I’m sure you’ll figure it out.
Not exactly. You may want to read up a bit on how this stuff works, but I do still use the DPN. There is a product called Firewalla that does what I’m using my router to do, and the Deeper Network device does not interfere. So when I’m not at home, I can turn on the VPN function on my device because there are free client apps for Wireguard and OpenVPN which are supported by my router. It is a VPN into my home network. When I do that, I’m connected to the internet as if I’m at home. If my Deeper Connect device on my home network is set to full route mode, then it is still running the DPN functionality and encrypting my traffic in and out through another node ( which is someone else’s Deeper Network device). So I’m still using the DPN in that use case, but it is like a “double” VPN. There may be slower traffic, but it is ok. I’m basically tunneling home via my router’s VPN server and the DPN is still working just like it does when I’m at home (by tunneling back out for internet access).
I don’t even know what to make of that information. Could Google and the US Dept of Defence be monitoring connections to their address?
You’ve made it seem like the device is more like a firewall than a VPN. But I thought it was in the dVPN space and similar to what sentinel and others are doing.
Thanks. The part I was missing was that the requests should be routed to the router before the dpn and that the ddns should point at that.
The trouble though is that then all those requests are out in the open with my real IP as the destination, right? I get that may be that’s unavoidable when you are hosting a server.
It would have been nice if dpn could add a layer where on each shared IP there could be static ports that are forwarded to dpn devices., Every dpn device mapped to a static port on the shared IP. That way, the server IP wouldn’t have to be exposed. Or does something like that already exist? With dpn or otherwise. (Not sure if that would cause some level of loss of anonymity though)
I definitely need to do my homework. It seems like you have quite a complicated setup. Never heard of Firewalla. If you could remotely access your home network via the DPN that would be a useful function. But I got the impression that remote access was provided by your other equipment and had nothing to do with the DPN?
I know I’ve given you a lot more than you requested; as for the ip addresses, I repeat they are not connected to any actual DOD or Google property, and they are not on the public internet. It’s the same as using 192.168.1.1 to access your home router.
As for the device functionality, yes it works very much like a firewall first and foremost, with the VPN-like functions accomplished through the DPN routing modes. However it does not provide client/server configurations that can be imported to another router.
You have to consider what is practical and cost effective. If you want to host any servers on your network, then you have to be able to reach them when you want to access whatever they provide to you. It is as simple as that. Ideally, you’d like to be able to do that securely and from anywhere with internet access. The DPN doesn’t really have anything to do that part, and you really don’t need it to. It won’t interfere with port forwards or your inbound traffic to your servers. It almost sounds like you’d like the DPN to have a default port forwarded for each connection if I’m reading that right. To me, that would be a nightmare security hole ready to be exploited. That is definitely not what you want. You need to manage your own port forwards, and that is very easy to do (unless you have CGNAT and the ISP owns that part). Ports have to be forwarded TO somewhere after all, so you would still have to forward a default port in your own router or it would just get blocked by the firewall anyway. It would add nothing but problems.
As an analogy, if you order something expensive or important from your favorite online retailer you can’t give them a fake address in the name of security and expect to receive your item. They need to be able to reach you at a publicly available address. You have to decide if that is a comprise to your own security. The retailer just needs to know where to deliver your package. The DDNS helps identify where your server really is without you having to remember your public IP address. Most ISPs don’t even give you one that is static anyway, so you need the service if you host anything on your home network. I don’t personally see DDNS as a security threat by itself.
Alternatively, you’d need to setup some sort of static point outside of your network to proxy through. Think of it like a P.O. box of sorts from the analogy. But you are trusting that Proxy or gateway node to forward all your traffic securely and a static IP would definitely cost you something. Is that adding additional security or is it introducing a 3rd party to your home server solution? Is it worth using yet another different IP address that you have to pay for? You have to decide that. Some people go that route. There is r/selfhosted where some people discuss that sort of thing. Remember, nothing you do online is 100% anonymous. You can help make sure your network is secure by not having hackable devices exposed to the open internet and that the software you run has been patched and updated to address vulnerabilities, especially on whatever is hosting your servers.
The only reason I have a complicated setup is because of Comcast! You couldn’t just get their modem if wanted a remote set top box and their modem/router combo box just doesn’t have enough configurable options for my needs. Anyway, you are correct. The DPN isn’t what I’m using for remote access. Although, you CAN actually use it for remote access to your local network via RustDesk. I don’t use that, but it sounds like it could be more inline with what you are asking about. In that case, you wouldn’t need to change anything with the router. The DPN device actaually runs a RustDesk server that you can connect to remotely from any device that can run a RustDesk client. You can check that out at Deeper Network’s link below. It is not for VPN service, but it is for RustDesk services(remote access).
https://shop.deeper.network/blogs/tutorials/how-to-use-rustdesk-with-the-deeper-connect
First off, Thank you for taking this much time.
Sorry that I was not clear enough in my last message. I didn’t mean that I wanted port-forwarding to my various IPs/ports.
What I meant is that:
Since the public IP that dpn allots is a shared one (I know some Vpns do dedicated IPs. In that case this won’t be needed). If there was a way for each dpn device to reserve one (or more) port on that shared IP, we could get an incoming connection using that shared public IP and reserved port.
Once it hits my router, I will have my own port-forwards as needed.
In my mind, what I mentioned is a round about way of achieving what dedicated IPs on a VPN provides. Advantage is that I would be able to reconfigure the port I use (on dpn admin) multiple times (and the ports will get reused by others) and may be figure out a way to auto update the ports as well in the DNS srv records.
Not sure if something like this is achievable or already available anywhere.
I don’t know if this might have similar issues that you pointed out. Just wanted to clarify my question.
Here’s a sneak peek of /r/selfhosted using the top posts of the year!
#1: /r/SelfHosted will be going dark on June 12th to protest the Reddit API changes that will kill 3rd party apps.
#2: My dashboard, now with descriptions | 389 comments
#3: Reddit temporarily ban subreddit and user advertising rival self-hosted platform (Lemmy)
^^I’m ^^a ^^bot, ^^beep ^^boop ^^| ^^Downvote ^^to ^^remove ^^| ^[1](https://www.reddit.com/message/compose/?to=sneakpeekbot) ^^| ^[2](https://np.reddit.com/r/sneakpeekbot/) ^^| ^[3](https://np.reddit.com/r/sneakpeekbot/comments/o8wk1r/blacklist_ix/) ^^| ^[4](GitHub - ghnr/sneakpeekbot: sneakpeekbot from reddit)
Getting ready to set up mine my network goes like this modem>Deeper connect>isp router> level 3 managed switch> omada VPN Router>server I guess I would do mine like yours and create a tunnel via my VPN Router I only use my deeper connect device mainly as a firewall and ad blocker I don’t use the VPN function found this post while looking into setting up VPN on my laptop I know deeper network has an app for phones now was trying to see if I could use something similar for my laptop while I am at work.