Question VPN Client and server

[Richard Appleton]

I am not a router guru and hoping someone can advise: I would like to set up a router at home which can provide any/all of the functions listed below, but I’m not sure if all of these are theoretically or practically possible to simultaneously achieve from one router:

1) Allow access to my home network via a VPN server L2TP type service (which is provided by the router).

2) Ideally, but not strictly required, allow port translation / forwarding for incoming HTTP/UDP services. For example translate/forward incoming http port 4567 to local host 192.168.1.6 on port 80.

3) Provide a VPN client service - which in turn logs onto internet server such as NordVPN (openvpn), ExpressVPN (L2TP/IPSec) such that all local devices must pass through the client service on outgoing connections.

So, in summary I would need incoming VPN service for access to my shared files etc. from internet side; incoming port translated access to specific hosts in my network, thus bypassing VPN server service running on router, and finally all outgoing traffic to be routed via VPN client on router to third party VPN service such as NordVPN, EpressVPN etc.

Please could someone advise if the above is possible, and if so which current router(s) would do the job?

 

[failboat]

pfsense has very good vpn setup. 100Mbs+ AES on openvpn requires a decent cpu single core passmark. if your internet is less than 30Mbs then there might be less expensive options. PIA creates tutorials on how to connect and setup pfsense for vpn client and advanced nat. not sure if nord has the same.

site-to-site shared key vpn is easy to setup for connecting in. the docs are pretty good and easy to follow. the other ones require self signed certs. a few more steps for that. pfsense has a client export utility for openvpn.

 

[Richard Appleton]

pfsense has very good vpn setup. 100Mbs+ AES on openvpn requires a decent cpu single core passmark. if your internet is less than 30Mbs then there might be less expensive options. PIA creates tutorials on how to connect and setup pfsense for vpn client and advanced nat. not sure if nord has the same.

site-to-site shared key vpn is easy to setup for connecting in. the docs are pretty good and easy to follow. the other ones require self signed certs. a few more steps for that. pfsense has a client export utility for openvpn.

pfsense has very good vpn setup. 100Mbs+ AES on openvpn requires a decent cpu single core passmark. if your internet is less than 30Mbs then there might be less expensive options. PIA creates tutorials on how to connect and setup pfsense for vpn client and advanced nat. not sure if nord has the same.

site-to-site shared key vpn is easy to setup for connecting in. the docs are pretty good and easy to follow. the other ones require self signed certs. a few more steps for that. pfsense has a client export utility for openvpn.

Thanks, I'll take a look at this range. Would pfsense directly replace my existing router or would it ned to be installed in conjunction with existing router?

 

[failboat]

Thanks, I'll take a look at this range. Would pfsense directly replace my existing router or would it ned to be installed in conjunction with existing router?

It would replace it. You would want pfsense to be the router on your lan. you could nest routers above it if you really needed to. I wouldn't do it if there isn't a good reason to.

If you go the pfsense option you will want wireless access points for wifi or turn your current one into an AP. pfsense does vlans very well so if you want vlans I'd recommend a unifi switch and unifi access points.

since pfsense doesn't really tax your cores, due to AES being offloaded, you can use the machine to run various services for your home if you're interested in that.