bottleneck
Choose style:

Author Topic: VPN on a specific network  (Read 25483 times)

0 Members and 1 Guest are viewing this topic.

Offline adx

  • Backer
  • *
  • Posts: 22
  • Thanks: 0
  • Registered : 15/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
VPN on a specific network
« on: August 15, 2013, 03:14:06 pm »
I'm no expert on VPN or networking, so I hope my question/request makes sense.

I was wondering if the Almond+ can support a feature where a VPN connection
can be established (and shared) on a specific network (e.g. 2.4Ghz network) while
keeping the other network (e.g. 5Ghz) on a "normal" connection.

I currently use a DDWRT router and whenever I use VPN, I experience a great reduction
in speed. This is ok for my own purposes, but since I share the internet connection
with others, they also take a performance hit (on their "normal" internet use)
until I disabled VPN.

So if Almond+ can somehow "isolate" the VPN connection on one network (2.4ghz),
then the other users in my network can just connect on the non-VPN network (5ghz)
and enjoy the "full" internet speed.

Offline pete

  • Moderator
  • *
  • Posts: 316
  • Thanks: 2
  • Registered : 22/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: VPN on a specific network
« Reply #1 on: August 15, 2013, 03:21:54 pm »
Yup

One of the other issues relating to IPSec VPN and sometimes SSL VPN is the throughput and size of the pipe.   Its kind of an "all you can eat" type of connection.

This is where sometimes an SSL VPN is chosen over an IPSec VPN methodology.

IE: you can set QOS rules as it leaves the source but cannot see inside of the pipe to dynamically change it while active.

Another issue that crops up is split tunneling; say you want to print from the VPN tunnel network to a local printer not on the same subnet and not in the VPN tunnel.  Strict adherence dings the flexibilty; the chicken and the egg thing; a sort of circumvention of what the purpose of the VPN is for.

Please correct me if I am misunderstanding
« Last Edit: August 15, 2013, 03:27:16 pm by pete »
[img width= height= alt=" width="250" height="52" class="bbc_img resized]http://forum.securifi.com/Themes/Firox_multicolor_by_SMFSimple/images/logo.png[/img]
Pete
Lockport, IL  USA

Offline Patrick Wilson

  • Cashew
  • ****
  • Posts: 220
  • Thanks: 0
  • Registered : 21/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: VPN on a specific network
« Reply #2 on: August 15, 2013, 03:49:36 pm »
I'm no expert on VPN or networking, so I hope my question/request makes sense.

I was wondering if the Almond+ can support a feature where a VPN connection
can be established (and shared) on a specific network (e.g. 2.4Ghz network) while
keeping the other network (e.g. 5Ghz) on a "normal" connection.

I currently use a DDWRT router and whenever I use VPN, I experience a great reduction
in speed. This is ok for my own purposes, but since I share the internet connection
with others, they also take a performance hit (on their "normal" internet use)
until I disabled VPN.

So if Almond+ can somehow "isolate" the VPN connection on one network (2.4ghz),
then the other users in my network can just connect on the non-VPN network (5ghz)
and enjoy the "full" internet speed.

I'm afraid I'm completely lost by your message.  I've only ever used VPN's to connect from my Router to remote VPN Servers on the Internet,  (ie bridging networks via VPN),  or for remote access from my Laptop to my network via VPN. 

I don't quite understand using VPN technology over a Wi-Fi connection internally within a network.  Perhaps I'm missing something.
Patrick Wilson
Victoria, BC Canada

Offline adx

  • Backer
  • *
  • Posts: 22
  • Thanks: 0
  • Registered : 15/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: VPN on a specific network
« Reply #3 on: August 15, 2013, 04:15:10 pm »
Hi Pete,

Sorry, I'm not sure if I fully understand your explanation.
But if my guess is right, you're saying the all I need to setup is the QOS rules
to achieve what I'm asking for. I'll need to read up on this subject more.

I mainly use the VPN connection at home to access content not available in my country.
I do this via my DDWRT enabled router.
So my needs/use case is pretty simple. If I need to access geo-restricted content,
I turn connect via VPN, and if not I use the "normal" connection. But this would
require me to manually change the WAN connection setup back and forth between the two configurations.

So I was wondering if the 2.4Ghz network can have a "separate" WAN connection setting
from the 5Ghz network. With this setup, I can just setup the 2.4Ghz network as "VPN internet" for geo-restricted
content and then the 5Ghz as "normal internet" for full-speed connection.
I'm not sure if this makes sense, so forgive my ignorance if my statements sound ridiculous.

If this is indeed not possible, then at least I hope the Almond+ can provide a one-touch button
that would allow me to switch between pre-configured WAN connection settings.
« Last Edit: August 15, 2013, 04:17:52 pm by adx »

Offline pete

  • Moderator
  • *
  • Posts: 316
  • Thanks: 2
  • Registered : 22/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: VPN on a specific network
« Reply #4 on: August 15, 2013, 04:15:42 pm »
Weird we were typing at the same time.   ;D

I'm best guessing adx; if a VPN tunnel would be utilized in a wireless pipe it might provide some better uptime / throughput based on the assumption that when the VPN tunnel is up regular it dings the performance of the rest of the non VPN users.

You can't though dynamically change the pipe or look inside of it once the tunnel is established.  You can provision the size of the pipe before it is up though.

An example would be to go to a public wireless internet hot spot and dividing up the network such that dedicated VPN network would be autonomous from the non VPN network. 

Personally I don't think its going to help maintain a better connection because of the radio propagation stuff.  This is my guess though.

I see that many folks do a VPN across geographic zones mostly related to local content of stuff (whether that is radio or video broadcasts).  I do that sometimes. 

You could though just do a split VPN tunnel such that the same client can access the data locally and via the VPN tunnel.  Taking it to wireless you it would be a bit of pita and would be work with separate networks or interfaces.   You can QOS wireless but you can't QOS it if its in a VPN tunnel because you don't know what is inside of the tunnel to QOS. 

IE:
I am in the US and I want to hear and watch BBC's IPlayer local radio / video stuff.  I cannot from Chicago.  My options are to create a point to point tunnel from here to the UK.  Then take this tunnel to one radio interface on the wireless dedicated it to the 2.4Ghz radio while still proving regular internet on the 5Ghz radio with the assumption that the VPN tunnel will always take precedence over the non VPN tunnel eh?  Not sure if this the correct understanding?  I do multiple WAN interfaces on my firewall and moving toward load balancing the internet connections.  You can this with separate WAN interfaces.
« Last Edit: August 15, 2013, 04:33:13 pm by pete »
[img width= height= alt=" width="250" height="52" class="bbc_img resized]http://forum.securifi.com/Themes/Firox_multicolor_by_SMFSimple/images/logo.png[/img]
Pete
Lockport, IL  USA

Offline adx

  • Backer
  • *
  • Posts: 22
  • Thanks: 0
  • Registered : 15/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: VPN on a specific network
« Reply #5 on: August 15, 2013, 04:30:40 pm »
Client side setting is possible but not the best solution in my current setup. My VPN host limits
connection to two clients at a time.

If the router itself is the VPN client, then I can have more than two clients/devices access
VPN (geo-restricted content).

Offline adx

  • Backer
  • *
  • Posts: 22
  • Thanks: 0
  • Registered : 15/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: VPN on a specific network
« Reply #6 on: August 15, 2013, 04:34:03 pm »
Hi Pete,

Yes, seems accurate enough. Not sure about what you meant by VPN tunnel taking precendence
over non-VPN tunnel.

IE:
I am in the US and I want to hear and watch BBC's IPlayer local radio / video stuff.  I cannot from Chicago.  My options are to create a point to point tunnel from here to the UK.  Then take this tunnel to one radio interface on the wireless dedicated it to the 2.4Ghz radio while still proving regular internet on the 5Ghz radio with the assumption that the VPN tunnel will always take precedence over the non VPN tunnel eh?  Not sure if this the correct understanding?


Offline pete

  • Moderator
  • *
  • Posts: 316
  • Thanks: 2
  • Registered : 22/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: VPN on a specific network
« Reply #7 on: August 15, 2013, 04:38:54 pm »
Quote
If the router itself is the VPN client, then I can have more than two clients/devices access
VPN (geo-restricted content).

Yes; because you cannot see what is in the VPN tunnel.  You can also NAT the one connection to many connections such that its only one MAC and IP address from the outside to the inside of the network. You might also be able to request multiple addresses either statically or dynamically assigned from your ISP's DHCP server.

Quote
VPN tunnel taking precendence

Once established the VPN tunnel stays up. (relatively speaking).  The checks and balances of VPN keep it up.  Counter to this though is radio propagation (wireless).  Say you are sitting with your tablet with a VPN tunnel connection to the internet and next to you is a peer with a non VPN connection to the internet.  You are next to your home Microwave oven and turn it on to heat up some food.  More than likely the RF noise will be detrimental to the wireless connection and your VPN tunnel and your peers not VPN wireless connection will drop.  This is different though that a wired VPN connection taking up all of the pipe staying up and connected.
« Last Edit: August 15, 2013, 04:45:06 pm by pete »
[img width= height= alt=" width="250" height="52" class="bbc_img resized]http://forum.securifi.com/Themes/Firox_multicolor_by_SMFSimple/images/logo.png[/img]
Pete
Lockport, IL  USA

Offline adx

  • Backer
  • *
  • Posts: 22
  • Thanks: 0
  • Registered : 15/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: VPN on a specific network
« Reply #8 on: August 15, 2013, 07:41:03 pm »
Pete, thank you for all the explanation. i just need to digest it and read up some more.

right now i'm just not savvy enough to tinker with advanced networking settings.

I guess I made things confusing because of my statements about getting "full speed"
connection when actually my real problem really is the hassle of changing WAN
connection settings when switching in and out of a VPN connection.

For now, it seems, my wish would be that one-touch solution to switching
between WAN connection settings. I think this is the simplest and easiest
solution to my problem. I hope Almond+ can provide this.

Thanks again!


Offline adx

  • Backer
  • *
  • Posts: 22
  • Thanks: 0
  • Registered : 15/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: VPN on a specific network
« Reply #9 on: August 15, 2013, 07:43:51 pm »
by the way, just to be clear. I currently do not have an Almond router. I'm still waiting for my Almond+ to be released.
So my question/problem is based largely on my current setup of a linksys router with DDWRT.

LGNilsson

  • Guest
Re: VPN on a specific network
« Reply #10 on: August 15, 2013, 10:52:07 pm »
The Almond+ will be able to run its own VPN server and technically I guess it should be possible to route one of the wireless networks via the VPN, but it's not something we've tested and it'd be something you'd have to play with using OpenWRT. You might want to consider asking this question over on the OpenWRT forums, as I have a feeling that they can offer you a lot more insight on how to do this, if it's possible.

As far as VPN performance is concerned, the Almond+ has a comparatively fast processor to most other routers out there today, especially the ones based on MIPS technology and you should see a significant performance increase when running VPN on the Almond+ compared to MIPS based routers.

Offline pete

  • Moderator
  • *
  • Posts: 316
  • Thanks: 2
  • Registered : 22/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: VPN on a specific network
« Reply #11 on: August 16, 2013, 05:22:47 am »
Yup;this will give you many possibilities with the Almond +

Here I do a point to point VPN IPSec between two dd-wrt boxes (inside networks behind other firewalls) and utilize per application/box ssh tunneling for other stuff on the outside networks.
« Last Edit: August 16, 2013, 06:59:01 am by pete »
[img width= height= alt=" width="250" height="52" class="bbc_img resized]http://forum.securifi.com/Themes/Firox_multicolor_by_SMFSimple/images/logo.png[/img]
Pete
Lockport, IL  USA

Offline etijburg

  • Backer
  • *
  • Posts: 12
  • Thanks: 0
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: VPN on a specific network
« Reply #12 on: August 18, 2013, 01:18:25 pm »
Here is the config that I am planning.

Multiple SSID/Network

    Guest
        Captive Portal with sponsership from authorized user and WPA2 authentication

     Work
          Secure SSID with VPN to corp network as well as access to lan resources like printer. WPA2 authentication to Wireless using Google Apps or OATH creds

     Home
          Secure SSID with VPN using StrongVPN to security from ISP snooping using DNSCrypt to connecto to OpenDNS for DNS security and Filtering per user,  WPA2 Security using Google Apps/OATH authentication to network

      Entertainment
             Separate Secure SSID using WPS2-PSK for devices like XBox, WII, PlayStation, AppleTV, GoogleTV, Tivo/DVR.

     Home Automation/Device Network
              This would be for devices like WiFi enabled home automation devices, wireless printers, cameras

USB Storage for Video/Audo Streaming, Security Cameras, File Storage, and Device Backup.

USB Printer Support

Ability to have VPN support for different SSID/Networks.
   Work Traffic goes to work,  Home and Work Internet Traffic goes to StrongVPN, Entertainment and Guest Traffic would go directly to the internet, and Device Traffic would go through Strong VPN.  All the while you have a single Hub for Home Automation the communicates with the cloud for web and smartphone access to the router/home automation.

I am not fully sure how to make it all work yet but I have already started the planning.

« Last Edit: August 18, 2013, 10:28:54 pm by Lars »
Erik

 

Page created in 0.054 seconds with 20 queries.

bottleneck