Question on running VPN server in router


#1

A Surf SOHO can function as either a PPTP VPN server or an L2TP with IPsec VPN server. I understand that running a VPN server on my home router offers a secure connection back to home when I am traveling. But if all my LAN devices are powered off, does this buy me anything? Specifically, does connecting to a VPN server in my router offer secure/encrypted web browsing when traveling, in and of itself?
Thank you.


#2

Hi Michael,
There is a benefit to connecting securely to your home router using VPN and then routing your internet traffic out over your home connection - but it isn’t always practical.

The benefit comes when you are working remotely on an untrusted network such as public wifi in a cafe, since sending your internet access traffic out over the vpn connection via your home network device makes interception of your browsing activity locally in the cafe much, much harder.

Its not always practical though depending on your home connection bandwidth. If it was a DSL connection for example, with 20Mbs down and 5Mbps Up, since your requested internet traffic would be pulled down via your Surf SOHO WAN, encrypted and then pushed back up the same WAN to your remote device over the VPN tunnel, your VPN connection bandwidth would be restricted by the amount of upload bandwidth at your home. However if you have enough bi directional bandwidth there you would be fine.

The key thing to keep an eye on when connecting a software VPN like this is that the client is configured to use the default gateway on the remote network (ie the Surf SOHO in this case). I always browse to http://whatismyipaddress.com/ once my VPN is connected to make sure my internet traffic is actually going out over my VPN and that the public IP is familiar.

Martin


#3

Thank you Martin.
I understand that my remote bandwidth is limited by the outbound bandwidth of my home connection.
And, if I am working remotely, I consider *every *network to be untrusted. :slight_smile:
But, my understanding is that remote VPN access to a LAN is normally done to access *stuff *on the LAN which is not my use case.

My question really is: how does traffic that I send thru a VPN tunnel to a VPN server running on a Surf SOHO at home, end up routed onto the Internet at large?
Is there a configuration option for this on either the client or server end? Or, does it happen automatically?


#4

When you create a typical software VPN connection in windows, windows assumes that if you have chosen to connect to that remote VPN server that you want all of your traffic to go to it, so it changes your default gateway to be the default gateway of the remote network you’re accessing via VPN (the Surf SOHO in your case).

As such, when connected to the VPN all of your internet traffic will go out across the VPN and break out to the internet on your Surf SOHO. To disable this feature you can edit the advanced settings on your VPN client configuration and uncheck the ‘Use default gateway on remote network’ checkbox. With it disabled, all of your internet traffic will be sent via your local gateway as normal. The only traffic that will pass over the VPN is that traffic destined to the same subnet that is configured on the LAN of your remote Surf SOHO (since you have a local VPN interface that has an IP in that range).


#5

Thanks Martin, that makes perfect sense.