Difference between revisions of "VPN"
(→Expirimental setup) |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 43: | Line 43: | ||
=='''Expirimental setup'''== | =='''Expirimental setup'''== | ||
− | There is, albeit | + | There is in the wiki, albeit an [[OpenVPN-Setup | <span style="color:SteelBlue"> experimental setup/config</span>]]. This is because we don't endorse the use of an STB to install OpenVPN |
Latest revision as of 15:42, 15 December 2021
Contents
Intro
VPNs are very useful to safely access your LAN(home network), whether you’re traveling the world or any other reason to access your data or anything at your home network. A home VPN gives you an encrypted tunnel to use when on public Wi-Fi, and it even allows you to access country-specific services outside the country — so you could use Netflix when you’re traveling. It would also give you access to your home network and any file shares or other servers from anywhere, the use of OpenVPN can be recommended.
OpenVPN
Created in 2002, OpenVPN is an open source tool used to build site-to-site VPNs with the SSL/TLS protocol or with pre-share keys. It has the role to securely tunnel the data through a single TCP/UDP port over an unsecured network such as Internet and thus establish VPNs. Click on the icon of OpenVPN below to learn more, there are lot's of good tutorials around.
Settopbox
Although you can install OpenVPN on your Enigma2 box it is not to be recommended. You should use a router for that (WiFi router or NAS) or a custom router firmware which are basically new operating systems you can flash onto your router, replacing the router’s standard operating system with something new. DD-WRT is a popular one, and OpenWrt will also work well. So use something that's being updated regularly and has a large community, as safety is much higher when you have the latest security updates.
Client/server architecture
OpenVPN is based on a client/server architecture. It must be installed on both VPN sides, one is designated as server the other one as client.
Tunneling
The basic concept is that OpenVPN creates a TCP or UDP tunnel and then encrypts the data inside the tunnel. OpenVPN's default port number is UDP 1194, based on an official port number assignment by IANA. You can use any other TCP or UDP port since the 2.0 release, a unique port can be used for several tunnels on the OpenVPN server the choice has nothing to do with safety.
Tunnel mode
You can choose between an IP (TUN driver) and an Ethernet (TAP driver) tunnel. IP tunneling is also referred as routing mode, and Ethernet tunneling as bridging mode. Prefer the IP tunnel mode (default setting) unless you need to pass Ethernet traffic such as NetBIOS inside the tunnel.
DynDNS
You want to set up a dynamic DNS on your router. This will give you an easy address you can access your VPN at, even if your home Internet connection’s IP address changes. Be sure to configure your VPN server securely. You’ll want strong security so no one else can connect to your VPN. Even a strong password might not be ideal — an OpenVPN server with a key file you need to connect would be strong authentication.
Autobackup
Maybe it is best to add the config to AutoBackup, so add
/etc/openvpn
to AutoBackup.
Expirimental setup
There is in the wiki, albeit an experimental setup/config. This is because we don't endorse the use of an STB to install OpenVPN