1
I am a developer and have a small web server located at my home. I would like to allow a couple of my colleagues to a) access websites hosted on this server and b) RDP to this server. My home network runs predominantly on the Microsoft stack. I would like to set up a VPN to expose my home network to these colleagues. Can you tell me a) the best way of doing this and b) how to secure this to keep others out?
Thanks in advance!
user27654
Posted 2010-08-04T18:12:30.387
Reputation: 58
1
Take a look at Hamachi It's a free hosted VPN service. You install the client app on all the machines you want to connect, and it takes care of setting up the VPN for you. You need to do very little configuration.
David A.
Posted 2010-08-04T18:12:30.387
Reputation: 407
1
Well I see two options:
Get two routers with VPN support or two routers which can be flashed with fancy third party firmware or two servers. Set them up on edges of the networks (your and work) and simply connect them over VPN. Specific instructions depend on what you are going to use so I won't go into details.
Another option is to place a router/server on your side of network and have users use some sort of utility to connect to it. VPN routers usually have programs blessed by manufacturers although there are free third party programs like Shrew Soft client. You'd set-up the device on your side and have users connect. Also this way you can have users from different locations.
Keep in mind that you will need to use different subnets for work and home network and set correct routing tables between them. Also I'd like to go with two high-end routers using DD-WRT, but that's just because I've had bad experience with routers which have out-of-the-box VPN.
As for security, you have option of standard passwords, RADIUS servers or so called SSL routers. Passwords work by having a passphrase (some call it preshared secret). You set the phrase on router and give it to clients or other router. Client inputs the passphrase into the utility and when he connects to your router, your router will make the password which will be used by you utility. You'll have lots of options with this like perfect forward secrecy (if someone cracks one password, he can't guess next) or how long will a password be in use (generating new password puts load on router, but shorter times mean less chance for crackers to get into your network). Another option is to have your router connect to RADIUS server, but I don't know how this works. The third option uses SSL certificates. User connects to your router and is presented a web-site. He uses it to access your network. This way users don't need a client utility.
If you use a server instead of router, you'll need to study operating system's configuration. I know that windows server and GNU/Linux systems have VPN which can be easily installed. If you are going to need a lot of features, a cheap PC with two network cards and router-oriented GNU/Linux distribution will probably be better than a real router and maybe cheaper.
AndrejaKo
Posted 2010-08-04T18:12:30.387
Reputation: 16 459