So, I am wanting to set up a VPN router for my home lab, so I can setup remote connections without having to open up any ports on the ISP router.
The ISP router is not mine, so it’s not mine to open up any ports. Will opening up ports on my VPN router compromise the ISP gateway, or even open up any of it’s ports? Also, is my plan sound, and will it work (Before I waste money). I’ve already put forward some research, but the answer is not necessarily clear. If this will work, I’ll be buying a TP-Link ER605 V2.
you cant avoid opening ports in your ISP router, bridging it, or enabling the DMZ. the way you should be looking at it is, opening ports in your ISP router is OK because you have your new VPN router as your edge device in your network.
If you had no ISP router and were able to go straight from your router to modem, there would be no firewall and everything would be straight opened.
So essentially, port forwarding on the ISP gateway is safer because of the VPN router?
The way you make it sound, does the VPN router change the entire home network’s IP, or does it just change what is connected to it?
let me try to put it another way.
imagine you have a door (this is your ISP router) and on the door there is a lock that is maybe not up to par (your ISP’s firewall) so you decide that you are going to put another door (new router) behind this door in the entrance hallway of your home so that you have more control over the lock (new router firewall)
You either have to leave the ISP door wide open, or give people the key otherwise they cant even get to your new door. You would have to forward the ports related to the VPN server from your ISP router to your new router, but you wouldnt have to do any more port forwarding after that.
does that make sense?
The way you make it sound, does the VPN router change the entire home network’s IP, or does it just change what is connected to it?
you seem to be conflating two things here, or else i am not understanding. you aren’t changing your IP at all.
You could get a VPS (Virtual Private Server), get a new IP on your VPS, and use a VPN to tunnel all your home traffic through the VPS Gateway, which should then “change your home networks IP” but that isnt what you have described here so far. Is this what you mean?
That makes a lot more sense. So this means that I definitely have to activate port forwarding. If that’s the case, what will the VPN change for me? Does that mean everything on the ISP router will be routed to the VPN router too?
What I meant was kind of weird, sorry. XD The truth is, I’m still a college student, so I live with my parents. I’m working on this project but I realize I can’t get any connection to my server outside my home. I spoke to my dad about the issue and his rule is that he does not want anything in the house to be affected, and any modifications I make need to be completely to my device.
He also said that he does not want the port forwarding to affect any of his devices as well. So I was trying to find some sort of work around.
here is a question before i reply,
what devices are you using to connect to your home server? like laptops, tablets, etc?
I’m using my phone (for Samba), my laptop, and other laptops from different areas will be connecting to it for various reasons as well. I use powerline adapters to deliver that Ethernet connection since the gateway is in a different room.
OK great. so I am going to answer your question in two ways.
1a. You would need to set up port forwarding for the type of VPN server you run on the aforementioned TP Link ER605. So If you use L2TP it may be different than OpenVPN. you would forward ports from the ISP router, to the TP Link router, just for those ports needed for the VPN. Once that is done, you can VPN in without issue.
1b. While opening these ports is unlikely to conflict with anything your parents have set up, if you run into issues with connectivity, you may not be able to solve it due to limitations in consumer grade equipment. A way around this is to set your TP Link router in the DMZ of your ISP router. This may interfere with something on your parents network. MAY. not likely though, but possible.
2a. Consider using a solution such as Tailscale or Twingate in place of a traditional VPN. this will not require port forwards, nor you to purchase any equipment. you would want to install the Tailscale app on every device you wish to connect back to your home server.
I’m definitely more willing to use an application before buying the equipment, since it’s not really my network. Now, just a quick question, do you believe my powerline adapters would interfere with any of the applications? I know it made an on-device-VPN impossible when I tried Proton.
I dont see powerline adapters as having any issues unless it’s due to the stability of the connection.
Well let me go ahead and say, THANK YOU. I honestly thought I was going to have to wrap up this journey. You are a lifesaver. I mean, what is the point of spending many watts of power for a server that can’t even really support me from outside my house. Thank you!!!