easiest VPN softwares and/or instruction for nooblets

ggnfs000 · October 03, 2017, 12:29:52 AM

Long time since I visited last here, so I am asking to see if anyone can suggest easy to use simple way to setup home VPN server? I am still researching.
I think I spent few times on few pages with instructions on MSFT's web page, however it got too complicated for my home low-end server running sole Windows Server 12. If I vaguely remember, also, one aspect of my home wireless router did not meet the need, (Something related to static IP facing public internet??)

Well, the primary reason is that I am looking for a way to transfer files easily in and out between my home server and laptop wherever I go by setting up virtual secure connection wherever they are internet. By doing that, I am hoping to be dependent on online cloud storage like dropbox, google drive, one drive and the like.

Thanks.,

ggnfs000 · October 03, 2017, 12:59:00 AM

when I try re-do using Microsoft WS 2012 instruction, I immediately hit a roadblock
technet instruction says -> add roles -> network policye and acccess services -> next -> next and expect to see routing and remote access services but the fucking actual windows 2012 does not show that PIece of crap.
It only lists 3 other items, network policy server, health registration and one other crap.

This is why I fucking hate windows, waste of time and effort wasted several hours of my precious life's moment. I need to look elsewhere.

ggnfs000 · October 03, 2017, 01:07:35 AM

So I got 210-260 CCNA Security with seemingly good instruction on Cisco ASA SSH VPN setup.
Thought may be I can get older ASA like this one over ebay:
http://www.ebay.com/itm/Cisco-ASA5505-BUN-K9-Firewall-Security-Appliance-50-Users-ASA5505-50-BUN-K9-/252837337683?hash=item3ade479a53:g:K84AAOSwB-1Y1APh

Since I am completely blind here, I wonder if this combo work. Old ASA box with newer CCNA security guide.

wintermute000 · October 03, 2017, 02:50:07 AM

Quote from: ggnfs000 on October 03, 2017, 01:07:35 AM
So I got 210-260 CCNA Security with seemingly good instruction on Cisco ASA SSH VPN setup.
Thought may be I can get older ASA like this one over ebay:
http://www.ebay.com/itm/Cisco-ASA5505-BUN-K9-Firewall-Security-Appliance-50-Users-ASA5505-50-BUN-K9-/252837337683?hash=item3ade479a53:g:K84AAOSwB-1Y1APh

Since I am completely blind here, I wonder if this combo work. Old ASA box with newer CCNA security guide.

Option one buy a real firewall
Option two Cisco 800 series and configure sslvpn
Option three prosumer router with an open VPN derivative and GUI

ggnfs000 · October 03, 2017, 05:52:13 PM

OK, I looked at ASA 55xx series doc-s, am I correct that it functions as both small switch, router as well as add'l security modules? Basically replace the home router with this one.
Port 0 is public net, rest is internal network. https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5505/5505-poster.html

dlots · October 04, 2017, 08:44:50 AM

5505 acts as a small switch, none of the others do.

The port 0 thing is incorrect unless you configure it that way

You have to REALLY know the ASA gear to set thing up correctly for what you want, I would advise against the ASA line.

I don't really do home gear so my XP with this is quite limited, but if I were you I would look at IPcop's VPN. IPcop is a fairly well known name, and I think free. I did a quick search on youtube and found a few videos on how to set it up.

deanwebb · October 04, 2017, 08:46:46 AM

Quote from: ggnfs000 on October 03, 2017, 05:52:13 PM
OK, I looked at ASA 55xx series doc-s, am I correct that it functions as both small switch, router as well as add'l security modules? Basically replace the home router with this one.
Port 0 is public net, rest is internal network. https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5505/5505-poster.html

Maybe. I can't do that because my ISP connection is way faster than what my 5505 can handle. 5505 tops out at 100-150Mbps. My line is now 1Gbps. I like my speed, even if that makes me more of a developer in that attitude.

Also, you have GOT to keep that thing up to date. If something breaks through the ISP router, you have some legal recourse to accuse them of not following due diligence. If it's your own gear, too bad so sad if you suffer a breach.

DanC · October 04, 2017, 04:35:47 PM

Quote from: dlots on October 04, 2017, 08:44:50 AM
5505 acts as a small switch, none of the others do.

5506 does this now, it didn't when first released but they introduced it in 9.7 IIRC.

Have a look at pfSense, I've only used the VM briefly but it seemed pretty solid and it gets a lot of good feedback. Looks like you can run it on hardware too:

https://www.pfsense.org/products/

ggnfs000 · October 05, 2017, 02:22:07 PM

Quote from: deanwebb on October 04, 2017, 08:46:46 AM
Quote from: ggnfs000 on October 03, 2017, 05:52:13 PM
OK, I looked at ASA 55xx series doc-s, am I correct that it functions as both small switch, router as well as add'l security modules? Basically replace the home router with this one.
Port 0 is public net, rest is internal network. https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/5505/5505-poster.html

Maybe. I can't do that because my ISP connection is way faster than what my 5505 can handle. 5505 tops out at 100-150Mbps. My line is now 1Gbps. I like my speed, even if that makes me more of a developer in that attitude.

Also, you have GOT to keep that thing up to date. If something breaks through the ISP router, you have some legal recourse to accuse them of not following due diligence. If it's your own gear, too bad so sad if you suffer a breach.

That is only through VPN? I think I dont expect to transfer large data mostly be using to download upload and open smaller files, browsing through directories etc., Hoping it is manageable.

deanwebb · October 05, 2017, 03:06:39 PM

That's the speed through the firewall itself, for any and all traffic.

ggnfs000 · October 06, 2017, 12:11:16 AM

OK, i guess i will see how slow it gets, i think my internet is pretty slow gotta look at my plan.
Hell the packet tracer had one (and only one) 5500 device available, going to see how much i can practice on that.

wintermute000 · October 06, 2017, 12:27:07 AM

the 5500 is not what I would suggest for 'easiest'... you can't even ping through one until you know the magic thing you have to do LOL (CCNA security question #1....)

icecream-guy · October 06, 2017, 06:50:44 AM

Quote from: wintermute000 on October 06, 2017, 12:27:07 AM
the 5500 is not what I would suggest for 'easiest'... you can't even ping through one until you know the magic thing you have to do LOL (CCNA security question #1....)

wha?

Q1 A. Put it in the round file?

deanwebb · October 06, 2017, 09:17:08 AM

Quote from: wintermute000 on October 06, 2017, 12:27:07 AM
the 5500 is not what I would suggest for 'easiest'... you can't even ping through one until you know the magic thing you have to do LOL (CCNA security question #1....)

Ping through the 5505? Oh jeez...

SimonV · October 06, 2017, 01:18:59 PM

You can get an unlimited edition of Pulse Secure virtual appliance for lab use, max 3 concurrent users I thought. Much more granular than any firewall-based VPN solution imho.
Haven't set it up myself though, I use the Juniper SRX Dynamic VPN with the Pulse Secure client, wasn't too bad to set up.
You could get a trial version of the vSRX and use that...