VPN Between Friends and Family

 

after publishing my updated home network tour video many of you asked me to show more about my firewall setup and all of these VPN connections so let’s talk about it [Music] [Music] so let’s start with covering my firewall and Supermicro server that it runs on I got a lot of questions about this the hardware i chose is a Super Micro 501 8 D F and 80 ultimately this is nothing more than an Intel Xeon rack server however Super Micro specifically designed it to be used as a firewall or router appliance hence the 1u small form-factor with the front facing network ports the fans are also designed to be reversible to change the direction of air flow this gives you numerous mounting options in my case I’ve populated the firewalls motherboard with 32 gigabytes of RAM and a 500 gigabyte nvme drive the appliance also features ipmi management meaning I can connect to the keyboard mouse or video remotely over Ethernet even when the box is powered off or even if it crashes now being that at the end of the day this is simply a server you can write anything on here that you want I chose to run pfSense it’s the world’s most popular open-source firewall far surpassing its rivals with this level of popularity it means a rock solid reliable codebase incredible community support and lots of third-party packages and integrations that being said there are plenty of other good choices including open Sense and untangle to name a couple so it might not surprise you then that most of my friends and family also run pfsense for their firewall so let’s talk about a VPN between friends and family I have many VPNs up and running some for remote devices some for site-to-site connections I’m only going to discuss two of them today in detail for brevity and because I thought they were the most interesting mild a-sun my brother and I all live here in North Texas I live in the northern part of a city named Keller my brother lives in a small town named Kennedale and my son lives in West Fort Worth my brother is 23 miles away as the bird flies or about 37 kilometres while my son is 14 miles or 23 kilometers away so let’s stop right there some of you are already saying 23 miles away you should just use your BIC wa t heir fibers at that distance you’ll get 1.5 gigabits between you well we actually considered doing just this and that would have been awesome unfortunately it was just not meant to be if you look at the airFiber planning map you can see we are linked obstructed at both locations due to terrain between our houses so no air fibers for us in fact the only solution that would fix this would be for us both to install towers at our houses and install the air fibers atop them however these towers would have to be 246 feet tall that’s 75 meters I don’t think our neighbors or the city would be too happy if we were to do this so VPN it is then luckily I am in an area where I have symmetrical gigabit service from frontier communications my son’s neighborhood has AT&T fiber but he is only willing to spend enough to get symmetrical 300 megabits service and poor David where he lives he can only get spectrum internet at about 90 Meg down and 10 Meg up as mentioned previously I have the super micro server as my pfSense box and my son and David both have my favorite Amazon no-name boxes for PF sense these boxes are fanless while still being quite powerful with that all in place we simply connect with the devices using Open VPN which is the most popular open-source VPN software on the planet and it is built into PF sense out of the box ok so that’s how we’re configured but what in the world do we do with all these tunnels well you’ll remember from my recent home network tour that I have two Synology nas boxes and two super micro 1u servers in my lab all of this compute and storage can be accessed over the VPN that means my son and David both have access to all of my Synology file shares and any virtual servers I’m running now Plex sharing of course works over the open Internet but in our case Plex appears to all of our devices as a local service and therefore tunnels over the VPN this makes Plex traffic 100% invisible to our ISPs they can’t shape it throttle it or block it okay so you’ll also remember from my tour video that I run observe iam for system and network monitoring in addition to monitoring all of my own devices this box pulls SNMP across the VPN tunnels for all of my son and David’s devices tracking uptime firewall status bandwidth usage storage usage wireless just points in much more well except for David’s non-enterprise dumb switches I also run a central syslog server remote devices send their log files here for storage for 90 days this is super handy for times when things go bump in the night not only can we look back in the logs to see what happened we can also correlate logs across devices to see when one device causes something to go wrong on another for example if a camera keeps rebooting it might be due to the switch running out of power over ethernet capacity of course it should also be noted that this VPN also works in the opposite direction allowing me to access David’s file shares as well now some of you who know networking are probably wondering about security with this setup you might be wondering what happens when David gets some virus or 8-bit malware on his network won’t that just propagate to me well no we’re not a bunch of boneheads these open VPN connections have full firewall policies running on them and we only allow very specific traffic to cross them this means that only port 445 is open to mine as for example ok so let’s talk about some other things that connect to my VPN I have a remote access VPN in place so that all of my laptops and phones can connect in fact I never access public Wi-Fi without my VPN turned on I also have a VPN to my V PC at Amazon Web Services this is of course where we host the geek pub comm and the 8-bit guy com remember those observe iam and syslog servers those also monitor the health of our web servers so we immediately know if a server is down or if there is something wrong with it well that about wraps up this video for those of you who are interested in some more of the technical details of how all this works I do have a lot of tutorials on geek pub comm so be sure to check those out also some of you have been asking me how r2d2 is doing well he is doing fantastic and don’t worry he will be in some future videos be sure to leave a comment below and let me know what you’d like to see in the next video thanks for watching

 

You May Also Like