I’m primarily trying to setup remote LAN access for Remote Desktop access to one Windows 10 PC. A nice to have would be to also access share files and the proposed NAS on the network as well. I’ve been looking around and there seem to be a few options to create your own VPN, like OpenVPN(?) and our network router also has this capability. But, where I’m not sure it will work is our network “architecture”.
The router is configured as a DHCP relay and is plugged into a bigger “public” LAN/network. I call it “public” because it is in a shared workspace and therefore there are multiple users from various businesses connected to this network, either through LAN or using the WiFi (which is password-protected)
Some of the VPN guides I’ve seen specify you need a WAN IP and/or ports forwarded. But I imagine that since our router (DHCP relay) is effectively connected to another router (guessing DHCP server) this won’t work?
At the moment, I’m thinking of using something like Hamachi (assuming a VPN setup won’t work?) Otherwise are there any other options possible? Do we need to setup a VPN using a VPS? Or any other software? I also saw SoftEtherVPN, but not sure if this would work either?
You will struggle to get a vpn set up in those circumstances.
Correct you need a public IP
Your other problem will be that everything is been double natted.
I know on some of these office setups (in the uk at least) you can pay to have your own VLAN with a dedicated public IP.
By the way, by router i do hope you mean firewall. The network you are connected to might not be the internet but it’s still not managed by you and is therefore untrusted.
In terms of solutions to your problem. These companies like ‘Go to my PC’ or teamviewer should still work as they have software on your pc which initiates an outbound connection to the service providers servers.
The way I would approach this would be to have an OpenVPN server somewhere external to the location you’re wanting to get into. Ideally in a trusted data center but absent that, on a VPS provided by a reputable company like Digital Ocean or AWS. Then, I would configure my router at the target site to connect to the external OpenVPN server. Finally, I too would connect to the external OpenVPN server from anywhere in the world and voila, I’m now able to securely access the network inside the target site assuming firewall rules and the OpenVPN server have all been set up correctly. This method of remote connection is going to be way easier to implement than trying to host a VPN from behind your landlord’s router.
And if you don’t feel like doing all that, another alternative would be TeamViewer. It’s inexpensive for commercial use (and free for personal use) plus it includes all the features you asked for. Remote desktop, remote file transfer, and I think they even offer a turn-key VPN solution similar to what I described above although I’ve never used it so I can’t vouch for it.
I’ve been looking at VPSs for something else. But wouldn’t a VPS prove to be costly? Since you would need to pay for traffic through it right? I think AWS calls its “Network Egress”?
Like I mentioned above, think Teamviewer is going to be the most suitable solution. I’ve used Teamviewer for Personal stuff, but never knew about their VPN solution. That sounds interesting!
EDIT: Just had a quick look at Teamviewer. Their most basic commercial plan starts at AUD47.90 a month! works out to about AUD600 /yr and I dont think even that would cut it for us!
This might be a bit of a stretch for you to accomplish technically if you are unfamiliar with some of the ways VPNs work, but this would work if you can set it up:
Install a hypervisor (vmware or hyper-v or virtual box or whatever) on your machine at work.
Install a linux VM on your hypervisor.
Install a linux VM on your computer at home.
Configure TCP port 22 to redirect from your home IP address to your linux VM at home.
while at work, connect using SSH from your work computer VM to your home computer VM, specifying that you want a tunnel connection and to create/deploy virtual tunnel network adapters.
Add a routing statement on your work computer to reach your home network via the linux VM at work.
add a routing statement on your home computer or home router to reach your work network via the linux VM at home.
Basically what will happen is that your work linux VM will establish an outbound SSH connection to your home linux VM. This means you won’t need any configuration on the firewall at the office since it’s just another outbound TCP connection as far as it’s concerned.
Then, once the SSH session is formed, you can have your two linux boxes redirect some TCP or UDP traffic through tunnel interfaces through the SSH session, bi-directionally.
Another way to set this up would be to have a linux VM at your home, then use Putty.exe on your work computer to do port-redirection.
VPSes can vary wildly depending on a lot of factors but even the most basic should be able to do what you need as long as we’re not talking about moving a crapload of traffic. For example, looking on DigitalOcean’s [pricing page] (Budget-Friendly Cloud Server Pricing | DigitalOcean), I see their most basic setup only costs $5 USD per month. They even provide a nice walkthrough on how to set up an OpenVPN server on an Ubuntu VM: How To Set Up an OpenVPN Server on Ubuntu 18.04 | DigitalOcean
I’m sure there has to be something comparable down there in Australia. Good luck!
Yeah. That does sound like a bit of a stretch for me. I think putting together a simple home network, port forwarding and setting up my VPN service on my router is the most I know. Not really sure how I’ll do the routing.
Out of interest, doing something like what you mentioned above and if I do it wrong, I understand the network just won’t work, but is there a chance I can make the network unsecured? More vulnerable to hacks/ not properly securing/encrypting the data?
Are software options like Hamachi/ Teamviewer VPN secure? So long as you control who connects to the network?
Thanks for that! I had a look at the price and it actually doesn’t look too bad. Since we’d probably be using the VPN mainly for remote access, the bandwidth included might be fine.
EDIT: Are software options like Hamachi/ Teamviewer VPN secure? So long as you control who connects to the network?
I use TeamViewer frequently simply because it’s a convenient cross-platform way to do desktop sharing with people outside my org. The file sharing aspect of it only gets used once in a blue moon. I’m a bit paranoid about security so I only ever run TeamViewer on a freshly spun up VM that only has access to the specific things I need to share, like for example an SSH terminal into a GPON shelf while troubleshooting with Adtran TAC. Once the session is done the VM gets nuked. I’m sure the service is perfectly safe but I sleep better at night knowing I’ve reduced my attack surface.