1
Here's my issue. Previously I had my Gargoyle-based router operating as a VPN server so I could connect to home whilst away. This proved very handy.
Due to changes in local snoopery I have changed to operating the router as a VPN client utilising an external VPN provider. This enables all network connected devices including phones and tablets to benefit from the link and makes it very difficult, if not impossible, for browsing or downloading of emails etc to sneak around the VPN link as can happen when using some PC-based software.
However, I'd really like to be able to connect back to my home network. Is it possible to have a dual setup whereby all outbound traffic traverses the VPN but still be able to connect to the home network? I'm guessing TeamViewer would make this possible but is there any setup that would allow certificated SSH connection etc as I had before?
Edit: I have accepted the answer below on the basis that it provides a number of methods for achieving the solution. So far I am utilitising the outbound VPN to Private Internet Access via the router as an OpenVPN client with a firewall pass-through for SSH. I may switch this out at some point for the NAS box running OpenVPN as an endpoint.
The only issue I have is that I now require two devices to be "up", the router and the NAS whereas I would prefer just the router. However, as the NAS is what I am normally trying to get to it is not a major issue.
That sounds a bit like the old setup I had whereby my NAS running OpenVPN provided the ability to connect to the LAN from the WAN. That was replaced by the router performing the same task. I'm not sure I understand how your proposal deals with my desire to route outbound internet traffic through a VPN provider like PIA whilst also being able to connect back to the LAN when out and about. – Mark – 2015-09-02T23:55:01.533
It does not deal with PIA (don't know who they are) - it deals only with having a VPN where the clients connected to the VPN can speak to each other - hence the suggestion of running your own VPN server on a LEB with a static IP address. You can then VPN from anywhere, and connect to the VPN interface of your home box by routing the traffic through the LEB. – davidgo – 2015-09-03T01:56:15.540
Ok. Thanks, but I already had this with the router setup as VPN server. I switched to using it as a VPN client to connect to Private Internet Access (PIA) in order to prevent metadata collection (for privacy) but this means I now cannot "phone home". I'm trying to find a way of doing both. – Mark – 2015-09-03T22:23:21.120
You don't seem to understand what I am suggesting - which is to set your router up as a VPN CLIENT and get a computer on the Internet with a static IP address and configure it as a server - removing your connection to PIA. I've not used Gargoyle but Google tells me its a variant of open-wrt - In which case you will want to investigate source routing based on port (probably port 22 as default for ssh). Look at http://wiki.openwrt.org/doc/networking/routing.
– davidgo – 2015-09-04T01:24:32.440Also look at http://security.stackexchange.com/questions/84757/understanding-openwrt-luci-firewall-routing-with-vpn which could be your solution - specifically look at Answer 1, paragraph 2, which seems to be exactly what you want to do without policy routing - assuming you are using LuCI [ a gui for OpenWRT ]
– davidgo – 2015-09-04T01:26:17.603Thanks. The second one looks like it may offer what I need. It would seem I can keep my OpenVPN connection to PIA and open up either a port for SSH or utilise my NAS as an OpenVPN server to allow for incoming connections from WAN to LAN. I was hoping there was some way of setting up the router to handle outgoing VPN to PIA and incoming VPN to LAN but the routing trick should do. Just need to make sure it's not leaking. – Mark – 2015-09-04T12:09:27.710