Help setting up home VPN server

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
LeoBloom
Posts: 1
Joined: Mon Jan 15, 2018 2:48 am

Help setting up home VPN server

Post by LeoBloom » Mon Jan 15, 2018 2:50 am

My goal is to set up a VPN on my home network, so that I can remote into it from outside e.g., in a cafe. I am a newbie when it comes to VPN

I need to be able to access my shared folders as well as the network drive that is attached to the ISP provided router. I cannot flash custom firmware on the ISP provided router, so I installed softether server on my Windows 10 PC. I have some questions about security as well as how to get some functionality to work

What I have already done:

• Installed SoftEther server and configured a user login to accept connections only via L2TP/IPSec
• PSK is random characters (8 digits long)
• User password is random characters (over 15 digits long)
• Can connect using native VPN clients on both Windows and Apple computers (but only if I set the router to DMZ to the computer with VPN server installed)
• Cannot map network drives on VPN server computer nor can find Storage connected directly to the router (which otherwise can be mapped on the home network)
• Enabled SecureNAT (is this the reason I cannot connect to network shares?)

I have a suspicion my problems are the results of port-forwarding from both the router firewall and windows firewall

Would like your opinions on the set up

• I don’t like to DMZ to a computer (was just using this to test). Should I forward the default ports (and which ones would these be)? Should I forward the TCP (443, 992, etc…) or UDP (500, 4500)? Is there any security advantage to connect via a different port and then forward to the correct port within the router e.g., (45896 to 500)
• Is there a security advantage to using another form of authentication apart from password
• How can I get my client computer to see network shares on the server PC?

qupfer
Posts: 194
Joined: Wed Jul 10, 2013 2:07 pm

Re: Help setting up home VPN server

Post by qupfer » Mon Jan 15, 2018 8:23 am

[quote=LeoBloom post_id=67297 time=1515984656 user_id=18377]
• I don’t like to DMZ to a computer (was just using this to test). Should I forward the default ports (and which ones would these be)? Should I forward the TCP (443, 992, etc…) or UDP (500, 4500)? Is there any security advantage to connect via a different port and then forward to the correct port within the router e.g., (45896 to 500)
[/quote]
For L2TP/IPsec UDP 500 and 4500. And you probably can't change the Port for IPsec. If you use additionally protocols (OpenVPN SoftEthers own HTTPS VPN) you may add TCP443, because some simple port based filrewalls will think its HTTPS and allow it.

[quote=LeoBloom post_id=67297 time=1515984656 user_id=18377]
• Is there a security advantage to using another form of authentication apart from password
[/quote]
In theory yes, based mostly you use "higher entropies" with other authentication methods (like certificates, smartcards...).
[quote=LeoBloom post_id=67297 time=1515984656 user_id=18377]
• How can I get my client computer to see network shares on the server PC?
[/quote]
Don't enable (Secure)NAT. Just use the physical bridging mode.

Post Reply