Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Questions about gateways/routers, vpn's and ports

Pinkieprime
 Share

Go to solution Solved by LIGISTX,
24 minutes ago, Pinkieprime said:

I'm just looking for tips and thoughts on hardening my home network. It's nothing particularly crazy, streaming, playstation/switch, eventually a plex server and pc gaming, maybe some smarthome stuff.

I understand the smarthome devices should be placed on their own VLAN. 

I'm just wondering what steps you guys take to protect your home network. What ports do you close/disable? 

I'm currently subscribed to IPVanish. Should I continue to just use the desktop app, or should I set that up in my router's config? Does it change servers or automatically select them, or is it just one server all the time? If I set this up in my router, does that apply to my whole network, or segment certain parts of the network for specific services, like say my plex server or playstation?

Thanks in advance for all your suggestions!

IoT devices should be in a vlan so they can’t interact with your “secured” devices like windows machines, mac’s, etc. 

 

You would need a firewall/router that supports vlans, switches that obey vlan policies, and Wifi AP’s that obey vlan policies and would need to set up multiple SSID’s (one for “secure” network, one for IoT). 
 

Using a VPN in the way your using it doesn’t really do much… unless your trying to avoid your ISP knowing where your connecting. But that isn’t really important or meaningful unless you live somewhere where they don’t allow you to visit certain sites or they monitor and track your usage, like, say China. The “more useful” use for a VPN is one you host yourself inside your network so you can VPN into your LAN when your away to access your network shares or manage webUI’s of any appliances you have (like your firewall, or switches, or SSH clients etc). 
 

You don’t “close ports”, by default all ports are closed, and should always remain this way unless you have a specific reason to open a port and will expose something that is actually hardened and intended to be externally exposed. 

I'm just looking for tips and thoughts on hardening my home network. It's nothing particularly crazy, streaming, playstation/switch, eventually a plex server and pc gaming, maybe some smarthome stuff.

I understand the smarthome devices should be placed on their own VLAN. 

I'm just wondering what steps you guys take to protect your home network. What ports do you close/disable? 

I'm currently subscribed to IPVanish. Should I continue to just use the desktop app, or should I set that up in my router's config? Does it change servers or automatically select them, or is it just one server all the time? If I set this up in my router, does that apply to my whole network, or segment certain parts of the network for specific services, like say my plex server or playstation?

Thanks in advance for all your suggestions!

Link to comment
Share on other sites

Link to post
Share on other sites

25 minutes ago, Pinkieprime said:

I understand the smarthome devices should be placed on their own VLAN. 

 

What is your goal with this? Many devices will have issues if there on their own vlan as they want to talk to other devices on your network, like apple tvs and chromecasts.

 

25 minutes ago, Pinkieprime said:

I'm just wondering what steps you guys take to protect your home network. What ports do you close/disable? 

 

What are you protecting it from? Normally all ports are closed by default, and you need to port forward if you want a service to be available publically. Normally you don't want to block outbound ports

 

26 minutes ago, Pinkieprime said:

'm currently subscribed to IPVanish. Should I continue to just use the desktop app, or should I set that up in my router's config? Does it change servers or automatically select them, or is it just one server all the time? If I set this up in my router, does that apply to my whole network, or segment certain parts of the network for specific services, like say my plex server or playstation?

What is your goal with the VPN ? Are you trying to appear in a different location? I don't see a VPN helping with privacy much unless you know your ISP or someone else is doing something in the connection. Your basically just moving your data from your ISP to the VPN service and their ISP.

Link to comment
Share on other sites

Link to post
Share on other sites

24 minutes ago, Pinkieprime said:

I'm just looking for tips and thoughts on hardening my home network. It's nothing particularly crazy, streaming, playstation/switch, eventually a plex server and pc gaming, maybe some smarthome stuff.

I understand the smarthome devices should be placed on their own VLAN. 

I'm just wondering what steps you guys take to protect your home network. What ports do you close/disable? 

I'm currently subscribed to IPVanish. Should I continue to just use the desktop app, or should I set that up in my router's config? Does it change servers or automatically select them, or is it just one server all the time? If I set this up in my router, does that apply to my whole network, or segment certain parts of the network for specific services, like say my plex server or playstation?

Thanks in advance for all your suggestions!

IoT devices should be in a vlan so they can’t interact with your “secured” devices like windows machines, mac’s, etc. 

 

You would need a firewall/router that supports vlans, switches that obey vlan policies, and Wifi AP’s that obey vlan policies and would need to set up multiple SSID’s (one for “secure” network, one for IoT). 
 

Using a VPN in the way your using it doesn’t really do much… unless your trying to avoid your ISP knowing where your connecting. But that isn’t really important or meaningful unless you live somewhere where they don’t allow you to visit certain sites or they monitor and track your usage, like, say China. The “more useful” use for a VPN is one you host yourself inside your network so you can VPN into your LAN when your away to access your network shares or manage webUI’s of any appliances you have (like your firewall, or switches, or SSH clients etc). 
 

You don’t “close ports”, by default all ports are closed, and should always remain this way unless you have a specific reason to open a port and will expose something that is actually hardened and intended to be externally exposed. 

Rig: i7 10700k @ 5.1Ghz, 4.8 Ring - - Z490 Vision G - - EVGA RTX 2080 XC Ultra @ 2025Mhz - - 4x8GB Vengeance Pro 3000Mhz 15-17-17-34 @ 3500MHz 16-19-19-38 - - Samsung 950 Pro 512 NVMe Boot + Main Programs - - Samsung 830 Pro 256 RAID 0 Lightroom + Photo work - - WD Blue 1 TB SSD for Games - - Corsair RM850x - - Sound BlasterX EA-5 - - EK Supremacy Evo - - XT45 X-Flow 420 + UT60 280 rads - - EK Full Cover GPU Block - - EK XRES RGB PWM - - Fractal Define S2 - - Acer Predator X34 -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 64 GB ECC 2133 - - 10x4 TB WD Red RAID Z2 - - 10TB WD Red for expendable data - - Corsair 750D - - Corsair RM650i - - Dell H310 6Gbps SAS HBA - - Intel RES2SC240 SAS Expander - - TreuNAS + many other VM’s

 

iPhone Xs - 2018 MacBook Air

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, LIGISTX said:

Using a VPN in the way your using it doesn’t really do much… unless your trying to avoid your ISP knowing where your connecting. But that isn’t really important or meaningful unless you live somewhere where they don’t allow you to visit certain sites or they monitor and track your usage, like, say China. The “more useful” use for a VPN is one you host yourself inside your network so you can VPN into your LAN when your away to access your network shares or manage webUI’s of any appliances you have (like your firewall, or switches, or SSH clients etc). 

Everything else you said is good to know. Thanks for all of that. I just want to dive a little more into the VPN portion

 

I was more concerned about privacy while using say my playstation online, protecting my Plex data. I have used my VPN while I was in afghanistan so I could stream otherwise blocked shows or videos. I just want to make sure I'm getting the best use out of it for my personal use case.

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, Pinkieprime said:

Everything else you said is good to know. Thanks for all of that. I just want to dive a little more into the VPN portion

 

I was more concerned about privacy while using say my playstation online, protecting my Plex data. I have used my VPN while I was in afghanistan so I could stream otherwise blocked shows or videos. I just want to make sure I'm getting the best use out of it for my personal use case.

The thing about VPN’s is… what are you actually trying to secure, and from whom. 
 

The VPN to access blocked content is totally valid and a good use case, but using a VPN “to add privacy”, if you live in any first world country this isn’t really a thing. Your government *probably* isn’t forcefully requiring your ISP to provide your internet traffic data to them, and even if they do, they *probably* are not actually doing anything with that data, unlike China who will reduce your ability to go to say a good school if your social ranking drops below a certain threshold, and that ranking is determined by all the ways in which they collect information on their people (which is why VPN’s are illegal there, well it’s one of many reasons actually). 
 

There shouldn’t be any reason to pipe your play station or Plex over a vpn, all a vpn will do is add latency and reduce bandwidth. Just about all internet traffic these days is encrypted, so not like anyone can snoop on the actual data itself. Look at the URL on this website, it’s “https”, the s means it is using SSL, which is encrypted. I’m sure Sony’s stuff is all the same, basically nothing these days isn’t. So while your ISP may know your play station is connecting to say a Sony sever, they can’t see what the data is that is being sent. Same with Plex, it encrypts your video stream if you connect to your Plex from outside your LAN.

Rig: i7 10700k @ 5.1Ghz, 4.8 Ring - - Z490 Vision G - - EVGA RTX 2080 XC Ultra @ 2025Mhz - - 4x8GB Vengeance Pro 3000Mhz 15-17-17-34 @ 3500MHz 16-19-19-38 - - Samsung 950 Pro 512 NVMe Boot + Main Programs - - Samsung 830 Pro 256 RAID 0 Lightroom + Photo work - - WD Blue 1 TB SSD for Games - - Corsair RM850x - - Sound BlasterX EA-5 - - EK Supremacy Evo - - XT45 X-Flow 420 + UT60 280 rads - - EK Full Cover GPU Block - - EK XRES RGB PWM - - Fractal Define S2 - - Acer Predator X34 -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 64 GB ECC 2133 - - 10x4 TB WD Red RAID Z2 - - 10TB WD Red for expendable data - - Corsair 750D - - Corsair RM650i - - Dell H310 6Gbps SAS HBA - - Intel RES2SC240 SAS Expander - - TreuNAS + many other VM’s

 

iPhone Xs - 2018 MacBook Air

Link to comment
Share on other sites

Link to post
Share on other sites

15 minutes ago, Pinkieprime said:

I have used my VPN while I was in afghanistan so I could stream otherwise blocked shows or videos.

That would be the main use case for most people in a private context. Circumvent regional restrictions.

 

It doesn't really do anything to protect your privacy. If you're connected to a server using HTTPS (like this forum), your provider can't see anything other than the fact that you're connected to the host "linustechtips.com". They can't see the full URL, nor any content you send or receive. They can see everything for sites that are still only using HTTP.

 

By using a VPN, you've essentially replaced one ISP with another. Any data you send and receive is now encrypted between you and the VPN provider. This means your original ISP can't see anything other than a connection to the VPN provider. Your VPN provider in turn can see as much or as little as your ISP previously could.

Remember to either quote or @mention others, so they are notified of your reply

Link to comment
Share on other sites

Link to post
Share on other sites

@Eigenvektorfantastic forum handle btw. 

Rig: i7 10700k @ 5.1Ghz, 4.8 Ring - - Z490 Vision G - - EVGA RTX 2080 XC Ultra @ 2025Mhz - - 4x8GB Vengeance Pro 3000Mhz 15-17-17-34 @ 3500MHz 16-19-19-38 - - Samsung 950 Pro 512 NVMe Boot + Main Programs - - Samsung 830 Pro 256 RAID 0 Lightroom + Photo work - - WD Blue 1 TB SSD for Games - - Corsair RM850x - - Sound BlasterX EA-5 - - EK Supremacy Evo - - XT45 X-Flow 420 + UT60 280 rads - - EK Full Cover GPU Block - - EK XRES RGB PWM - - Fractal Define S2 - - Acer Predator X34 -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 64 GB ECC 2133 - - 10x4 TB WD Red RAID Z2 - - 10TB WD Red for expendable data - - Corsair 750D - - Corsair RM650i - - Dell H310 6Gbps SAS HBA - - Intel RES2SC240 SAS Expander - - TreuNAS + many other VM’s

 

iPhone Xs - 2018 MacBook Air

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×