cheaper and secure way to bridge/connect two separate LAN networks over Internet?

[FernandoAdrian1]

Hello I'm new at this, and I get confused with all the information I read. I want to merge (LANs) my computer (At Work) and my Father's computers (2 PCs at his house) (These are in different internet connection) I want to use these like those are in the same LAN to share some folders and access through RDP to support, and If I'm at Home can access to Work PC too.

I'm searching for the cheaper and secure way.

I found some post in the forum and the web but In some articles they say that we need to buy some devices and others that is not secure create a Windows VPN and I need something like for dummies.

At home I have a Router TP-Link TL-WR1043ND V1 that supports VPN - PPTP Passthrough / L2TP Passthrough / IPSec Passthrough. to merge the LANs I need two Router that supports VPN (At Home and Work)? Is secure forward ports from the router?

I read that I need a service like DynDNS? At work we have a Static IP maybe I can configure a VPN in my work computer (these is for personal uses not to work).

At these post they comment create a site two site VPN but I don't found some documentation to do this 🙁

Or it is better to get a VPN service? What service you recommend? I look at PureVPN and they support to connect 2 computers and they says it is secure.

Please guide me a bit if there ir some instructions, software or services. what is better?

Thanks

 

[NerdIT]

A site-to-site VPN is the best solution for this. There are a few things to consider:

Both routers have to have the same tunneling capabilities -the easiest way to ensure this is to use identical brand, version- devices on each end.

Also, you (usually) need to have a static IP WAN address. This is the IP address that the Internet see's your home network as. Most ISPs assign a range of dynamically changing addresses -and they may charge you for a static IP.

This is because the VPN tunnel is expecting to see the same IP address on each end.

You can obviously get around this with certain software and hardware upgrades/changes. If your routers supports it, DD-WRT or Tomato firmware solutions -which are both free- (the OS of the router -so to speak) offer much more options then typical SOHO routers and I believe one or both have support for dynamic or DHCP WAN PPTP connections.

 

[jsmithepa]

Why not ask the IT guys @work? They may have a firewall blocking what u want to do.

 

[FernandoAdrian1]

A site-to-site VPN is the best solution for this. There are a few things to consider:

Both routers have to have the same tunneling capabilities -the easiest way to ensure this is to use identical brand, version) devices on each end.

Also, you (usually) need to have a static IP WAN address. This is the IP address that the Internet see's your home network as. Most ISPs assign a range of dynamically changing addresses -and they may charge you for a static IP.

This is because the VPN tunnel is expecting to see the same IP address on each end.

You can obviously get around this with certain software and hardware upgrades/changes. If your routers supports it, DD-WRT or Tomato firmware solutions -which are both free- (the OS of the router -so to speak) offer much more options then typical SOHO routers and I believe one or both have support for dynamic or DHCP WAN PPTP connections.

Thanks for answer me, I think for my little knowledge of the topic this will be a bit complicate. I can't get permission to install a similar router at work 🙁 I'm looking for a device (to install only at home), configuration or service to install at home and my computer at work.
At work I only able to open ports if is required and install anything in my computer. I can't install nothing in the servers.

 

[FernandoAdrian1]

Why not ask the IT guys @work? They may have a firewall blocking what u want to do.

Hello At work I only able to open ports in the firewall/router if is required and install anything in my computer. I can't install nothing in the servers.

 

[Alabalcho]

I think the easiest way, without any additional hardware, would be to install something like Hamachi on each participating computer. You'll spend $30, and that's it.

 

[NerdIT]

I think the easiest way, without any additional hardware, would be to install something like Hamachi on each participating computer. You'll spend $30, and that's it.

I would 100% agree if both sites were privately owned, one of the ends is at his workplace, and there would be some hoops to jump through to do that...probably/hopefully!!..If said workplace has solid Acceptable Use Policy and Security/Network Policies in place -often times it is not allowed to just bring a home router/WAP and "just plug it in" to the network- especially without permission, and depending on the security needs of that companies data; maybe not allowed at all. No matter what your intent is.

Although if its allowed; Then a third-party service like Alabalcho suggested such as Hamachi, or SignMeIn would be the easiest solution.

If free sounds better (granted there is definitely more initial configuration needed) then the open source/free solution OpenVPN would accomplish the same. You can pay for service from them as well that will automate more of the setup/configuration/options.
https://openvpn.net/index.php/download/community-downloads.html

Hope this helps!

 

[NerdIT]

Why not ask the IT guys @work? They may have a firewall blocking what u want to do.

Hello At work I only able to open ports in the firewall/router if is required and install anything in my computer. I can't install nothing in the servers.

If that is the case, then ask permission to use a third-party paid for service that just requires client software installed on your host machine, and where you want to VPN to (Home) to make sure you are not breaking any rules.! (and obviously opening correct ports in firewall).

 

[FernandoAdrian1]

I think the easiest way, without any additional hardware, would be to install something like Hamachi on each participating computer. You'll spend $30, and that's it.

Thank you I had not heard about hamachi, I going to search information about it 😀 and try it

 

[FernandoAdrian1]

Why not ask the IT guys @work? They may have a firewall blocking what u want to do.

Hello At work I only able to open ports in the firewall/router if is required and install anything in my computer. I can't install nothing in the servers.

If that is the case, then ask permission to use a third-party paid for service that just requires client software installed on your host machine, and where you want to VPN to (Home) to make sure you are not breaking any rules.! (and obviously opening correct ports in firewall).

Thanks for reply, I'm going to try hamachi and SignMeIn, Maybe I try to configure OpenVPN to learn about it first, if I can't I'm going to use the easiest option that you suggested.

thank you all for assist me 😀

 

[NerdIT]

Why not ask the IT guys @work? They may have a firewall blocking what u want to do.

Hello At work I only able to open ports in the firewall/router if is required and install anything in my computer. I can't install nothing in the servers.

If that is the case, then ask permission to use a third-party paid for service that just requires client software installed on your host machine, and where you want to VPN to (Home) to make sure you are not breaking any rules.! (and obviously opening correct ports in firewall).

Thanks for reply, I'm going to try hamachi and SignMeIn, Maybe I try to configure OpenVPN to learn about it first, if I can't I'm going to use the easiest option that you suggested.

thank you all for assist me 😀

No problem - It's what we do! Let us know how it goes!

 

[FernandoAdrian1]

Why not ask the IT guys @work? They may have a firewall blocking what u want to do.

Hello At work I only able to open ports in the firewall/router if is required and install anything in my computer. I can't install nothing in the servers.

If that is the case, then ask permission to use a third-party paid for service that just requires client software installed on your host machine, and where you want to VPN to (Home) to make sure you are not breaking any rules.! (and obviously opening correct ports in firewall).

Thanks for reply, I'm going to try hamachi and SignMeIn, Maybe I try to configure OpenVPN to learn about it first, if I can't I'm going to use the easiest option that you suggested.

thank you all for assist me 😀

No problem - It's what we do! Let us know how it goes!

Hi NerdIT I search in google "SignMeIn" but I don't get any result of service like Hamachi, it shows me a SignMeIn Topaz SigPlus, SignMeIn MWEB connectivit, can I have how to search for it?

 

[Ifixstuff]

As Nerd has stated. A site to site VPN is the easiest way to accomplish this (and more secure).

 

[NerdIT]

Why not ask the IT guys @work? They may have a firewall blocking what u want to do.

Hello At work I only able to open ports in the firewall/router if is required and install anything in my computer. I can't install nothing in the servers.

If that is the case, then ask permission to use a third-party paid for service that just requires client software installed on your host machine, and where you want to VPN to (Home) to make sure you are not breaking any rules.! (and obviously opening correct ports in firewall).

Thanks for reply, I'm going to try hamachi and SignMeIn, Maybe I try to configure OpenVPN to learn about it first, if I can't I'm going to use the easiest option that you suggested.

thank you all for assist me 😀

No problem - It's what we do! Let us know how it goes!

Hi NerdIT I search in google "SignMeIn" but I don't get any result of service like Hamachi, it shows me a SignMeIn Topaz SigPlus, SignMeIn MWEB connectivit, can I have how to search for it?

Sorry for late response, Hamachi bought out SigMeIn so they are the same thing now. Great service in my experience.

 

[McHenryB]

Your IT department (if they are any good) won't allow you to do this. You are potentially creating a short-circuit from the outside world to your company's LAN, bypassing any security they may have. Not a good idea. You must only connect your home computers using a method approved by the IT guys; do anything else and you may be looking for a new job this time next week.

 

[NerdIT]

Your IT department (if they are any good) won't allow you to do this. You are potentially creating a short-circuit from the outside world to your company's LAN, bypassing any security they may have. Not a good idea. You must only connect your home computers using a method approved by the IT guys; do anything else and you may be looking for a new job this time next week.

Agreed. Unless the company has a very specific, thorough security system in place with some sort of active monitoring/IDPS and well-defined policies for allowing employees to setup VPNs - allowing this poses serious security vulnerabilities.

This is all very dependent on the company. You may see this in bigger companies that can afford the costs for expensive UTM devices and serious VPN/Firewall appliances. Although even then, typically they would only allow "one way" communication from defined machines at your [fathers] house. These home machines should/would be verified and documented, and MAC address restrictions and/or other authentication measures would be put in place to ensure that it is really you, and that you are using your allowed machine.

Allowing you to VPN tunnel from work to your home machines is less likely to be allowed as it creates a measure of threat from within the company. Example; Lets say a co-worker learned about your (hypothetical) VPN from the office to a remote site (home). Assuming a solid Acceptable Use Policy, and network security policies and devices are in place -sending sensitive data out of the corporate intranet should be forbidden and detectable by security system/IDPS or UTM (Unified Threat Management, complex "all in one" devices that act as firewall/router/intrusion and virus protection). If the co-worker -for whatever reason- wanted to transmit sensitive data offsite he could (not implying that you personally would be susceptible to this) exploit your trust and use your VPN to transmit this data -and the company could potentially not notice. ! No good!!

Point being -all this stuff is extremely expensive to setup and manage, and unless you have approved work-related stuff to do it is highly unlikely that they will allow this at all.

Small to medium size companies you typically wont see these devices at all - as implementing them is either both unnecessary or way too expensive. Flip side to this coin -smaller companies are easier to manage (smaller infrastructure, etc.) So if you company is only comprised of a handful of people they may have no problem with this.

So, It all boils down to the size of your company, how sensitive/type of data is present, and security policies.