Koozali.org: home of the SME Server

VPN Recommendations and CoronaVirus

Offline gbentley

  • ****
  • 482
  • +0/-0
  • Forum Lurker
    • Earth
VPN Recommendations and CoronaVirus
« on: March 20, 2020, 09:01:13 PM »
Because of CoronaVirus I am being asked to enable access to file servers for home users. The router is a Draytek 2760 which allows only for SSL 'Dial In' using the Draytek SmartVPN client software. Whilst the connections are stable the transfer speeds are horrendous.

I remember some years back I was forwarding PPTP to SME and getting a local connection that way. I realise that PPTP is now frowned on but was wondering if there are any other options using SME?

Thanks and 'Stay Safe'
"If you don't know what you want, you end up with a lot you don't."

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: VPN Recommendations and CoronaVirus
« Reply #1 on: March 20, 2020, 09:50:32 PM »
Urrgghhh. Yucky.

PPTP - PLEASE don't use it. Just don't.

Speed - hmm... WHY? It shouldn't be that bad - we worked for years over Draytek connections over ipsec tunnels on piss poor slow ADSL?

Is it definitely the router, or something else? Check carefully first. MTU & all that jazz.

If you want a 'on SME' solution for dial in I would probably suggest either my L2TPD /Ipsec as it is 'fairly' straight forward and doesn't need certificates or additional apps/clients but may need some tweaks and it is only ipsec v1, or OpenVPN routed.

OpenVPN needs certs (just built a new PHPKI for that), but with a bit of help and a working config it is pretty easy - I set up a iphone with openvpn + Bria for voip to a non tech user over instant messaging in 20 minutes yesterday....

I would like to use ipsec v2 but M$ and Google are waaaaaay behind on their security and ciphers and M$ Win and Android fail on their "built in" clients with the latest versions of libreswan :-(

For techy discussion read this thread and note Pauls coments ;-)

https://lists.libreswan.org/pipermail/swan/2020/003437.html

Upshot - ask for a Rocket Chat login and talk to me about it :-) I'll be happy to help as much as I can (I am no guru though !)

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: VPN Recommendations and CoronaVirus
« Reply #2 on: March 21, 2020, 12:13:27 AM »
Softether is another option, not a contrib but easy to setup on server, works fine with windows 7,8,10 without needing additional apps etc, wiki here - https://wiki.contribs.org/SoftEther_VPN
--
qui scribit bis legit

Offline sages

  • *
  • 182
  • +0/-0
    • http://www.sages.com.au
Re: VPN Recommendations and CoronaVirus
« Reply #3 on: March 21, 2020, 03:12:20 AM »
I don't know if your router supports OpenWRT (or if you want to go down the path of changing the firmware in the router). If it does I have been using wireguard for my vpn access. Pretty simple to set up with clients for windows and linux. Very fast and low processing requirements.
You could run/trial it using a separate OpenWRt compatable device and just forward the required UDP port to the 'vpn device' via the draytek device and the appropriate routing/gateways.
https://openwrt.org/docs/guide-user/services/vpn/wireguard/start
https://www.wireguard.com/

[OK, had a quick look and the draytek router isn't supported but OpenWRT. Using another cheap device or a pc/vm as a vpn server coule be an option. I don't think the kernel version running on SME is supported by wireguard]
...

Offline gbentley

  • ****
  • 482
  • +0/-0
  • Forum Lurker
    • Earth
Re: VPN Recommendations and CoronaVirus
« Reply #4 on: March 21, 2020, 10:31:25 AM »
Thanks for the replies and offers of help. On a cursory look all those options look somewhat daunting / involved...

https://wiki.contribs.org/Smeserver-libreswan-xl2tpd <- would this work for multiple home users? Actually, just read this is Server/Gateway only in any case - I'm on server only :|

I've tried the Win10 'method' of connecting and its an improvement in terms of stability over the vendor supplied software.

Downloads are about 1.2 Mb/s whilst uploads are pretty bad at 300Kb/s

I now changed the MTU settings on the router to that recommended by the service provider [Eclipse in UK] although that hasnt made much difference.

As usual I am running out of time...



« Last Edit: March 21, 2020, 10:34:58 AM by gbentley »
"If you don't know what you want, you end up with a lot you don't."

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: VPN Recommendations and CoronaVirus
« Reply #5 on: March 21, 2020, 12:30:21 PM »
Quote
Actually, just read this is Server/Gateway only in any case - I'm on server only

Xl2tpd - I don't know but we can test it. It is to do with ipsec rather than xl2tpd.

You'll need to come and speak to me and Mr Terry 'The Test' Fage on Rocket as I can build stuff on the fly for you or tell you how to modify templates to test.

Quote
Downloads are about 1.2 Mb/s whilst uploads are pretty bad at 300Kb/s

Speeds are relative. How fast are the connections? Note - as you know ADSL is Asymmetric so the uploads are always going to be pants.

Quote
As usual I am running out of time...

It is a wise man who has second thoughts first.....

I was lucky as I was forced to do all this 13 years ago when we moved to Spain. So we run two offices in two countries. That forces your hand and effectively we all work remotely now with SME generally on a Proxmox VM in my server at online.net It was the last nail in the coffin of Windows as we used Sage and there was no easy way to use it online or networked across sites in those days, so we dumped it for a web based accounts - best decision ever as I could also lose Windows !

Trying to access files in real time over links is no fun at all, unless you have really fast access. We moved when 1Mb ADSL was the norm. That forces your hand.

I use unison file sync to sync all our file data between the two offices - there is way to much and the files are too big to store in the 'Cloud'.

They key here is what is your office connection speed. That will dictate what you can or cannot do no matter the type of VPN.

It may not be just a case of fixing your VPN, but reconsidering your entire IT strategy.

Either way, if you want some stuff to play about with by all means ask for a Rocket login.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation