Ubiquiti Edgerouter X VPN Setup
-
@art_of_shred said:
@Dashrender said:
How do you keep them from seeing each other?
Keep what from seeing what?
Maybe I'm confused.
@JaredBusch said:
This is not a clear question.
Do you mean you want to use the ERX as a VPN server for various clients?
I read this to mean that vairous clients would connect to a single ERX. If the idea is that each client with will have their own ERX, then nevermind.
-
@Dashrender Are you doing drugs?
Many clients would connect to 1 ERX. Client to Site.In my case, my iPhone, iPad, MacBook Pro, and Lenovo T440p.
Also, all my wife's devices.
The goal here is security, to stop from one from man in the middle attacks, etc.
-
@Dashrender said:
@art_of_shred said:
@Dashrender said:
How do you keep them from seeing each other?
Keep what from seeing what?
Maybe I'm confused.
@JaredBusch said:
This is not a clear question.
Do you mean you want to use the ERX as a VPN server for various clients?
I read this to mean that vairous clients would connect to a single ERX. If the idea is that each client with will have their own ERX, then nevermind.
VPN client
-
@JaredBusch I was thinking about OpenVPN... How hard is that to setup?
-
@anonymous said:
@Dashrender Are you doing drugs?
Many clients would connect to 1 ERX. Client to Site.Maybe, I only got 3 hours of sleep last night.
I read you post like YOU were going to be offering some sort of VPN concentration service like Pro XPN for your clients.
But clearly that's not the situation, so - whiney voice NEVERMIND
-
@Dashrender Maybe I should just use ProXPN.....
MERRY CHRISTMAS!
-
@anonymous said:
Many clients would connect to 1 ERX. Client to Site.
Although, this sentence still confuses me.
many of your clients will connect to 1 ERX, - huh?
Client to site? again, huh?
@anonymous said in Ubiquiti Edgerouter X VPN Setup:
The goal here is security, to stop from one from man in the middle attacks, etc.
Where do MitM attacks come into this?
And the OP mentioned no split tunneling - again, what are you trying to solve?
-
Basically, I don't want some "hacker" at a coffee shop to be able to intercept my traffic and use it to gain access to my accounts.
-
I want all data encrpted all the way back to my network, and then to the internet.
-
OK. Great.
JB asked:
Do you mean you want to use the ERX as a VPN server for various clients?
And you said "yes"
This is where I became confused.
It sounds like you want your own traffic to enter the internet from your home/office (wherever your ERX is).
That desire has nothing to do with your clients.
So now that we are on the same page (I hope), I'm sure the OpenVPN instructions on ubiquiti's webset should solve the problem for you.
-
@Dashrender said:
I'm sure the OpenVPN instructions on ubiquiti's webset should solve the problem for you.Can you find any? Everything I find is for site to site.
-
huh - yeah quick searches definitely lean toward the site-to-site type setups.
but this link looks like a starting point.
-
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
-
@scottalanmiller said:
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
I think he meant the public and private networks.
-
@scottalanmiller said:
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
LOL you have a lot of catching up to do in the thread.
-
@DustinB3403 said:
@scottalanmiller said:
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
I think he meant the public and private networks.
No - what I was talking about... Let's say the OP has 10 clients and they all want to use the OP's ERX as their VPN to the internet. in a normal situation, all those logged into the VPN would traditionally be able to see each other, and interact - I would assume that the OP would not want this...
But it turns out that's not what the OP wanted at all. The OP wanted a way for his own traffic to get to the internet only from his home/office when he was away from the home/office.
-
@Dashrender said:
@DustinB3403 said:
@scottalanmiller said:
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
I think he meant the public and private networks.
No - what I was talking about... Let's say the OP has 10 clients and they all want to use the OP's ERX as their VPN to the internet. in a normal situation, all those logged into the VPN would traditionally be able to see each other, and interact - I would assume that the OP would not want this...
But it turns out that's not what the OP wanted at all. The OP wanted a way for his own traffic to get to the internet only from his home/office when he was away from the home/office.
Why would someone want to use a VPN to the Internet? Do you mean to do a proxy so that they appear geolocated with him?
-
@Dashrender said:
But it turns out that's not what the OP wanted at all. The OP wanted a way for his own traffic to get to the internet only from his home/office when he was away from the home/office.
That's what I had assumed, normal client to site VPN. The standard use case for OpenVPN.
-
@scottalanmiller said:
@Dashrender said:
@DustinB3403 said:
@scottalanmiller said:
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
I think he meant the public and private networks.
No - what I was talking about... Let's say the OP has 10 clients and they all want to use the OP's ERX as their VPN to the internet. in a normal situation, all those logged into the VPN would traditionally be able to see each other, and interact - I would assume that the OP would not want this...
But it turns out that's not what the OP wanted at all. The OP wanted a way for his own traffic to get to the internet only from his home/office when he was away from the home/office.
Why would someone want to use a VPN to the Internet? Do you mean to do a proxy so that they appear geolocated with him?
Well, not for that reason, but yes so that all traffic is securely leaving where ever he happens to be and entering the internet from a known trusted point.
-
@scottalanmiller said:
@Dashrender said:
But it turns out that's not what the OP wanted at all. The OP wanted a way for his own traffic to get to the internet only from his home/office when he was away from the home/office.
That's what I had assumed, normal client to site VPN. The standard use case for OpenVPN.
My confusion came when JB asked about clients - and the OP said yes. But there is nothing about his clients being involved here at all. It's all just the OPs traffic. Period.
