Suggestions for setting up remote VPN access into my home network
- Thread starter drssg
- Start date
- Views: 8309
k0ua
Epic Contributor
I have used Teamviewer for years. for remote access to other peoples computers to help them with problems. It can be set up with a password for unattended access I have been using Chrome remote for in house access to my own machines. No fuss, no muss and no VPN needed.
I read about these products a little bit. It was very high level, and I didn’t see anything regarding the actual security involved.
Do they use any multi-factor authentication to control which specific devices can try to connect? Is there anything beyond a password to prevent a random person from connecting to my PC?
LittleBill21
Elite Member
please make it clear you need a computer running 24/7 to use any of the RDP/Teamviewer options.
and no they don't use anything more then a password.
dnw64
Veteran Member
With Chrome RD you have to first enable the specific device to be accessed remotely through the Chrome RD app on the actual device.
To access your computer remotely you have to be signed into your Google account* to see the list of devices that are available. The first time you access the remote computer from a new device you have to enter a Password. Lastly, assuming you have security on the remote computer, you have to enter the local login credentials.
*I have my Google account set up with a strong password and 2FA.
To access your computer remotely you have to be signed into your Google account* to see the list of devices that are available. The first time you access the remote computer from a new device you have to enter a Password. Lastly, assuming you have security on the remote computer, you have to enter the local login credentials.
*I have my Google account set up with a strong password and 2FA.
dnw64
Veteran Member
As I mentioned, with Chrome you first need to be logged into the Google account associated with the remote computer. Google offers (and I strongly recommend) 2FA. So you need two sets of login names/passwords as well as access to the 2FA method.
I don't believe it would be possible to someone to randomly "find" your computer and access it with just a password using Chrome RD.
ericm979
Super Member
I'm surprised your ISP allows incoming connections to the VPN. Most want their customers to be consumers only, not producers. Often you need to buy an added package that gets you a static IP address and they set their routers to allow incoming connections to it. If they're allowing it now they may not once they notice it or remodel their network. I'd also be surprised that an ISP is using public routable addresses for their customers.... every ISP and corporate network I have seen in the last 15 years uses unrouteable IP addrs internally.
Attackers (or rather their bots) regularly scan ISP's network spaces for open ports used by common remote access software. Then the bots try password after password until they get in. I've done forensics on a number of successful attacks done this way. A password that you can remember isn't good enough. A short random password isn't either.
As far as the VPN making you a target by an intelligence agency, that's true. The NSA records all encrypted traffic. Much of it they can't decrypt now, but they may be able to in the future. Of course the OP's use is different and if your threat model includes the NSA you have a whole different level of security to worry about than Chinese bots.
Attackers (or rather their bots) regularly scan ISP's network spaces for open ports used by common remote access software. Then the bots try password after password until they get in. I've done forensics on a number of successful attacks done this way. A password that you can remember isn't good enough. A short random password isn't either.
As far as the VPN making you a target by an intelligence agency, that's true. The NSA records all encrypted traffic. Much of it they can't decrypt now, but they may be able to in the future. Of course the OP's use is different and if your threat model includes the NSA you have a whole different level of security to worry about than Chinese bots.
I have never had a router that is owned by the ISP. I occasionally check my router log, and I always see externally generated traffic that is doing port scans. That’s part of the reason I prefer not to do any port forwarding. If the router has no idea what to do with the traffic, then I figure it probably can’t hurt me.
My next step is to reset the router back to factory defaults and reapply the latest firmware. I’ve been a little lazy about dedicating time for that.
k0ua
Epic Contributor
They need to know a multi digit "username" and a password.
Firewall! I turned off the firewall on the laptop I was using with the VPN client and it worked. I was not optimistic, since I wasn't connecting into this laptop, but there you go. Thank you very much for that idea. I wouldn't have thought to try that. (My background was in programming, and I'm not a big networking guy.)
On my iPhone, I deleted all the OpenVPN profiles and downloaded the profile again from the router, and now that worked too. :confused2: When I messed with it before, I was adding a new profile and leaving the original in place. Maybe I got myself confused somehow in that process?
The general internet connectivity has been stable for about a week. If it starts acting up again, I may still end up starting over from factory defaults or replacing the router.
As for Teamviewer or Chrome Remote Desktop, I could potentially go that route if the VPN still gives me hassles. The drawback is that I can only use that to connect to the laptop that is always on at home. From there, I could get to the network cameras, but it would be rather cumbersome when using the iPhone, which is the more common scenario for me.
I greatly appreciate everyone's feedback, and as usual, this place is an amazing source of information for just about any topic imaginable! :thumbsup:
DerbyRunner
Silver Member
Which is great except you have exposed yourself to Google. One of the most prying and invasive companies on the planet.
cqaigy2
Super Member
May not be much of a difference if your proxy encrypts the traffic between you. Most VPN services encrypt the traffic between you and their proxy server. A good proxy server will remove all information as it relates to the system that is at the end point, i.e, your pc. Often used to surmount legal issues at your locale.
lexfurther
New member
- Joined
- Feb 22, 2023
- Messages
- 5
- Tractor
- john deere 1025r
Is Nord VPN any good?
LittleBill21
Elite Member
i find it hilarious that somehow the isp's can't be trusted, yet a for profit vpn company can be.....
Oaktree
Super Member
Theoretically, a VPN provider is selling privacy, so if they sell your info it kind of goes against the whole premise of having it in the first place. Read all the fine print.
Of course, with a "free" VPN you get what you pay for.
LittleBill21
Elite Member
yea you might want to see the number so reports of vpn providers freely handing out the logs, the minute a warrant is handed to them.
Here are some similar links:
