OpenWrt Forum Archive

Topic: Why would someone need a VPN for an OpenWrt router?

The content of this topic has been archived on 6 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
miner_tom
17 Aug 2016, 04:22

Hi,

I have been thinking of reasons why one would need to load OpenVpn on an Openwrt router.

I did find the following on a site describing what you can do with OpenWrt:

Use the SSH Server for SSH Tunneling: OpenWrt includes an SSH server so you can access its terminal. If you expose the SSH server to the Internet (be sure to secure it with key-based authentication instead of a weak password), you can access it remotely and use SSH tunneling to forward your traffic over the encrypted connection. This allows you to securely access websites from public Wi-Fi and access websites that can only be accessed in your home country while travelling abroad.
Set Up a VPN: SSH tunneling works similarly to a VPN in many ways, but you could also set up a proper VPN on your OpenWrt router.]

Does the above represent a configuration where one can access the router (connected to a modem from your isp) securely from the internet in another country (where there may be restrictions on which sites one can enter). In other words you may be in a place where you can't access certain sites directly. Then one can access internet sites local to your country by using that same modem (and your isp) through OpenWrt. That sounds like what I am reading but I would like some clarification if I am wrong.

Thank You
Tom


Thank You
Tom

Post #2
milankocvara
17 Aug 2016, 07:32
miner_tom wrote:

Hi,

I have been thinking of reasons why one would need to load OpenVpn on an Openwrt router.

I did find the following on a site describing what you can do with OpenWrt:

Use the SSH Server for SSH Tunneling: OpenWrt includes an SSH server so you can access its terminal. If you expose the SSH server to the Internet (be sure to secure it with key-based authentication instead of a weak password), you can access it remotely and use SSH tunneling to forward your traffic over the encrypted connection. This allows you to securely access websites from public Wi-Fi and access websites that can only be accessed in your home country while travelling abroad.
Set Up a VPN: SSH tunneling works similarly to a VPN in many ways, but you could also set up a proper VPN on your OpenWrt router.]

Does the above represent a configuration where one can access the router (connected to a modem from your isp) securely from the internet in another country (where there may be restrictions on which sites one can enter). In other words you may be in a place where you can't access certain sites directly. Then one can access internet sites local to your country by using that same modem (and your isp) through OpenWrt. That sounds like what I am reading but I would like some clarification if I am wrong.

Thank You
Tom


Thank You
Tom

Maybe you find answers Here

(Last edited by milankocvara on 17 Aug 2016, 07:32)

Post #3
Max Hopper
17 Aug 2016, 12:05

Yes with the very large codicil being the modem supports port forwarding.

Post #4
miner_tom
17 Aug 2016, 15:03

Max Hopper,

Thank you for the  reply. Doing some research I see that in order to initiate contact with a server/computer that is behind a firewall, a port must be opened up in the router firewall to allow such a connection.

My question is, how does Skype not have to do this. I read the following:

"When you install Skype, a port above 1024 is chosen at random as the port for incoming connections."

My understanding is that a port must be opened in the modem firewall. Is this correct? I have used Skype from my tablet computer without having to explicitly open up a port inside it.

Clearly, I am confused as to when port forwarding is required.

Thank You
Tom

Post #5
Max Hopper
17 Aug 2016, 15:31

Truly irrelevant to OpenWrt (but ingenious) - LMGTFY

Post #6
booBot
17 Aug 2016, 15:46

Port forwarding will help you to look for "outsiders" as if you were surfing "from home". (Actually, your ISP will see two connections: one encrypted - the SSH one - coming from somewhere out there, the other one - a usual HTTP connection from your home to some website elsewhere. A website will see just one connection - the HTTP coming from your home IP-address)
For this scenario SSH port forwarding is enough.

If you also need to access resources on your own home network - like shared printers, disk storages, etc - you will need the VPN for that. Preferably - the OpenVPN.
Your ISP - just like in the explanation above - will see an encrypted connection coming from somewhere out there - the OpenVPN connection to your home IP-address. If you will check your e-mails, surf or torrent - all will be visible to ISP as well. Your transfers to/from your disks or printers will be secured properly.
If you travel with a small laptop - you could use OpenVPN to secure the Remote Desktop connection so that if you have your desktop on at home - you could use it as if you were there yourself. If you loose your laptop - all your files and documents remain safe - provided you have a strong password for your OpenVPN login and if you keep the private key of your SSL certificate (used for OpenVPN authentication) on a removable storage (only attaching it to your laptop when OpenVPN is required).

I'll be glad to answer your further questions.
smile

(Last edited by booBot on 17 Aug 2016, 15:48)

Post #7
miner_tom
17 Aug 2016, 16:02

Thank You booBot,

I realize that this last question is OT and I apologize.

How does Skype get through on a modem that does not have port forwarding enabled? I was looking at my verizon MiFi modem, which I use for Skype, and only DNS and TFTP have a default port forwarded.

Thank You
Tom


Thank You
Tom

Post #8
Max Hopper
17 Aug 2016, 16:12

TL;DR

The discussion might have continued from here.