Ubiquiti Edgerouter X VPN Setup
-
@Dashrender Maybe I should just use ProXPN.....
MERRY CHRISTMAS!
-
@anonymous said:
Many clients would connect to 1 ERX. Client to Site.
Although, this sentence still confuses me.
many of your clients will connect to 1 ERX, - huh?
Client to site? again, huh?
@anonymous said in Ubiquiti Edgerouter X VPN Setup:
The goal here is security, to stop from one from man in the middle attacks, etc.
Where do MitM attacks come into this?
And the OP mentioned no split tunneling - again, what are you trying to solve?
-
Basically, I don't want some "hacker" at a coffee shop to be able to intercept my traffic and use it to gain access to my accounts.
-
I want all data encrpted all the way back to my network, and then to the internet.
-
OK. Great.
JB asked:
Do you mean you want to use the ERX as a VPN server for various clients?
And you said "yes"
This is where I became confused.
It sounds like you want your own traffic to enter the internet from your home/office (wherever your ERX is).
That desire has nothing to do with your clients.
So now that we are on the same page (I hope), I'm sure the OpenVPN instructions on ubiquiti's webset should solve the problem for you.
-
@Dashrender said:
I'm sure the OpenVPN instructions on ubiquiti's webset should solve the problem for you.Can you find any? Everything I find is for site to site.
-
huh - yeah quick searches definitely lean toward the site-to-site type setups.
but this link looks like a starting point.
-
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
-
@scottalanmiller said:
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
I think he meant the public and private networks.
-
@scottalanmiller said:
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
LOL you have a lot of catching up to do in the thread.
-
@DustinB3403 said:
@scottalanmiller said:
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
I think he meant the public and private networks.
No - what I was talking about... Let's say the OP has 10 clients and they all want to use the OP's ERX as their VPN to the internet. in a normal situation, all those logged into the VPN would traditionally be able to see each other, and interact - I would assume that the OP would not want this...
But it turns out that's not what the OP wanted at all. The OP wanted a way for his own traffic to get to the internet only from his home/office when he was away from the home/office.
-
@Dashrender said:
@DustinB3403 said:
@scottalanmiller said:
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
I think he meant the public and private networks.
No - what I was talking about... Let's say the OP has 10 clients and they all want to use the OP's ERX as their VPN to the internet. in a normal situation, all those logged into the VPN would traditionally be able to see each other, and interact - I would assume that the OP would not want this...
But it turns out that's not what the OP wanted at all. The OP wanted a way for his own traffic to get to the internet only from his home/office when he was away from the home/office.
Why would someone want to use a VPN to the Internet? Do you mean to do a proxy so that they appear geolocated with him?
-
@Dashrender said:
But it turns out that's not what the OP wanted at all. The OP wanted a way for his own traffic to get to the internet only from his home/office when he was away from the home/office.
That's what I had assumed, normal client to site VPN. The standard use case for OpenVPN.
-
@scottalanmiller said:
@Dashrender said:
@DustinB3403 said:
@scottalanmiller said:
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
I think he meant the public and private networks.
No - what I was talking about... Let's say the OP has 10 clients and they all want to use the OP's ERX as their VPN to the internet. in a normal situation, all those logged into the VPN would traditionally be able to see each other, and interact - I would assume that the OP would not want this...
But it turns out that's not what the OP wanted at all. The OP wanted a way for his own traffic to get to the internet only from his home/office when he was away from the home/office.
Why would someone want to use a VPN to the Internet? Do you mean to do a proxy so that they appear geolocated with him?
Well, not for that reason, but yes so that all traffic is securely leaving where ever he happens to be and entering the internet from a known trusted point.
-
@scottalanmiller said:
@Dashrender said:
But it turns out that's not what the OP wanted at all. The OP wanted a way for his own traffic to get to the internet only from his home/office when he was away from the home/office.
That's what I had assumed, normal client to site VPN. The standard use case for OpenVPN.
My confusion came when JB asked about clients - and the OP said yes. But there is nothing about his clients being involved here at all. It's all just the OPs traffic. Period.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@DustinB3403 said:
@scottalanmiller said:
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
I think he meant the public and private networks.
No - what I was talking about... Let's say the OP has 10 clients and they all want to use the OP's ERX as their VPN to the internet. in a normal situation, all those logged into the VPN would traditionally be able to see each other, and interact - I would assume that the OP would not want this...
But it turns out that's not what the OP wanted at all. The OP wanted a way for his own traffic to get to the internet only from his home/office when he was away from the home/office.
Why would someone want to use a VPN to the Internet? Do you mean to do a proxy so that they appear geolocated with him?
Well, not for that reason, but yes so that all traffic is securely leaving where ever he happens to be and entering the internet from a known trusted point.
Hmmmm... odd. What's the value in that? Once it is on the Internet it's at the same level of risk. If it isn't safe from the unknown point, it isn't safe this way.
See the other discussion on the dangers of the illusion of security
-
Hmmmmm.....
Temporary I could do something like this:
https://www.privatetunnel.com/home/pricing/
Still want to get this going
-
@scottalanmiller However people in the same coffee shop can't access it.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@DustinB3403 said:
@scottalanmiller said:
@Dashrender said:
How do you keep them from seeing each other?
THey are supposed to see each other, that's what a VPN is for.
I think he meant the public and private networks.
No - what I was talking about... Let's say the OP has 10 clients and they all want to use the OP's ERX as their VPN to the internet. in a normal situation, all those logged into the VPN would traditionally be able to see each other, and interact - I would assume that the OP would not want this...
But it turns out that's not what the OP wanted at all. The OP wanted a way for his own traffic to get to the internet only from his home/office when he was away from the home/office.
Why would someone want to use a VPN to the Internet? Do you mean to do a proxy so that they appear geolocated with him?
Well, not for that reason, but yes so that all traffic is securely leaving where ever he happens to be and entering the internet from a known trusted point.
Hmmmm... odd. What's the value in that? Once it is on the Internet it's at the same level of risk. If it isn't safe from the unknown point, it isn't safe this way.
See the other discussion on the dangers of the illusion of security
Well that's not entirely true.
For example, this story from last year https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.dvxkeipfn
This is an example of a hacker joining a local coffee shop network, then creating a MitM attach and then watching all of the non encrypted data flow through.
If the OP uses a VPN to leave the coffee shop before getting on the internet, he doesn't have to worry about the local coffee shop hacker. Just the rest of the hackers who don't have local network level access.
-
@anonymous said:
@scottalanmiller However people in the same coffee shop can't access it.
Is that a concern? I've never understood that one. People in the same coffee shop you protect against but not people elsewhere? What's the specific threat in the coffee shop versus the threat from everywhere else?