[SOLVED] Friend is overseas for a year, can I operate a vpn for him?

[cameronjpu]

I am very technically capable but this is not something I’ve ever tried to do before. I have plenty of computers lying around, and old routers if that would help. I have gigabit upload and download speed so my band with is essentially unlimited. Is there any easy way to set up a system where my friend can set up a router in his house in Montenegro and have all of his Internet traffic routed through my connection, allowing him to use American streaming services etc.? Any ideas are appreciated.

 

[bill001g]

Yes it is trivial actually. A router with the VPN server ability is pretty much all you need. You could place a device behind your router to act as the vpn but it becomes more involved because of stuff like port forwarding etc.

The only real technical restriction is going to be the CPU capacity. VPN takes a lot of cpu so it is unlikely you will be able to pass much more than 30mbps of vpn traffic. This is more than enough for most common uses.

For a consumer router to get faster than say 300mbps or so they use a feature that allows traffic to bypass the cpu chip and have the NAT function done by hardware. This is how you get even extremely inexpensive routers that can do 1gbit internet speeds. What I don't know is if you use the VPN server ability does this force you to disable this function. I don't know how you even determine this, few routers even mention this hardware offload feature and using very simple functions like parental controls requires you do disable it so the cpu can see the traffic.

If you get stuck for performance I would consider replacing your router with a dual nic pc and running one of the many firewall/router linux based packages. These can pass huge amounts of traffic. You would still need to use your router as AP because wifi is messy to get working well on a pc using just wifi nic cards.

There are many guides and even video on youtube showing how to set this type of stuff up.

The non technical thing is you must really be able to trust this person. Any bad stuff they do could get you in trouble or your internet canceled. Note things like netflix are a little more complex than just the vpn. You also have the issue of payment for services and the companies requiring a payment address in the proper country.

 

[cameronjpu]

Thanks! So, I have a synology server that i bought (218 play) for internal data storage, it appears to have a VPN server built in. Is this an easy way to do it? I've just now set up OpenVPN on it, so i feel like my end is pretty good. The question is how he finds me (some DDNS service? I use quickconnect already so maybe that's good enough) and how he configures his router to do it. What do you think? Will that work as well or better than the router setup you describe above?

 

[bill001g]

I guess I forgot that part. You need a public IP assigned to your router. If the IP address is private then you might as well stop now because it is not possible

You can use DDNS or something similar. In general the IP address does not change very often with most ISP.

I don't know about using a NAS box for a VPN server. Like a router the CPU are tiny compared to general purpose cpu. You find the VPN rates the vendor says it will support using Openvpn which tends to be more cpu intensive than IPSEC. Openvpn is much easier to get working than IPSEC.

You also have to look carefully. Does the NAS actually function as a true vpn server where it allows traffic to access other lan devices and also go back to the internet. It might just allow vpn access to the files on the NAS.

In any case if the box your run the vpn is behind the router (ie the device that gets the public ip address) you are going to have to setup port forwarding rules to make it work.

The remote router must have a VPN client ability that also support openvpn. Many do but you much check for sure, cheaper routers tend to not have the vpn client ability. How exactly you set it up will to a point depend on how you configure your server. You must set thinks like encryption methods and a few other variables the same on both sides. This tends to be why you see the large vpn providers give sample client configurations for more popular routers that match their settings. They are very similar but not the same between providers.

 

[SamirD]

The biggest problem with trying to do something like this is the Internet access in between--to get any decent rates, you need a nice clear and fast route between the two locations.

One of the best ways to do this is to simply nail up an ipsec vpn tunnel between the two routes. Then you can use routing rules to have his traffic pass through to the US as needed. This is essentially the same thing posted above, except you're using enterprise level gear as IPsec vpn tunnels aren't supported on consumer stuff due to the amount of encryption/decryption happening for each packet in real-time. But the advantage of this is that it's truly the same as dropping a lan cable in between your network and his--everything will work between them like they're local--even printers, scanners, etc.

And if routing all the traffic becomes too cumbersome due to the lack of bandwidth, you can just set up a computer that he can remote into and then only screen updates are essentially being sent across the line--much easier. But may not be the best quality. Still, it will completely get around the problems of things like Netflix since Netflix will literally be running in the US and it's only the screen updates that are going abroad.

 

[cameronjpu]

Thanks - really the main goal is for his streaming video devices to be in the USA, not the computer stuff. But we do plan on putting it on the whole network so everything would be local in the USA. Consumer grade stuff is all we will use though, for sure. I wonder if it's really worth the trouble when he could spend $100 on HMA and do it that way though, assuming that allows installing on the router. They say they support OpenVPN though.

 

[bill001g]

I am not sure about HMA. Others like nord or pia have small files I think are called OVPN. Many of the router clients allow to just load this file directly and it does all the configuration except for id/password stuff.

The problem with any form of vpn is if companies like netflix decide to actively block it. They from time to time will get the lists of vpn IP blocks and prevent you from using their service. Some vpn service seem to be affected much more than others which is strange.

The huge problem I have lately with vpn is cloudflare and their idiot captcha stuff. Tons of companies use cloudflare and cloudflare seems to think all users on vpn are bots.

Using your own private vpn solve much of that problem but it is less anonymous.

Both tplink and asus are almost trivial to setup your own vpn. Last time I looked there were youtube videos that showed step by step how to do it. I would use merlin firmware if you go asus it tends to be a bit easier to setup.

 

[SamirD]

But we do plan on putting it on the whole network so everything would be local in the USA. Consumer grade stuff is all we will use though, for sure.

Good luck with that. Consumer stuff won't be able to do this consistently as it was never designed for it.