On Tuesday 10 July 2018 19:26:17 Ben Finney wrote: > Dennis Wicks <w...@mgssub.com> writes: > > I want to set up a VPN for several computers in my house that are > > all on a local network. > > What do you mean by “set up a VPN”? > > Is it sufficient to pay someone else to host the VPN, and your > computers connect to that VPN managed by someone else? > > Do you expect to manage the VPN software? The hardware? Or do you want > that job done by someone else? > > > And suggestions, hints, warnings? > > Be sure that the VPN is run by someone invested in *your* security. > This excludes parties that offer “zero cost VPN” to all-comers; their > incentive is mostly to turn your traffic into money, which almost > certainly conflicts with your privacy. > > So, that means either you (or a party who already has your trust and > has no conflict with your interests) set up the VPN specifically for > you; or, you find a managed VPN for whom *you are the customer*, so > that they will want to serve your needs and not someone else's. > > Once you explain more what your purpose is (and what you mean by “set > up a VPN”), we can give more specific advice.
+100 on this advice. For instance, and this is just one way, decades ago I set all my stuff up on 192.168.xx.zz addresses, which are NOT propagated thru a router to the internet or vice versa. I have one outward facing address at a fixed ipv4 address determined by the MAC of the router. That router is running dd-wrt. As is a spare that has its MAC set to clone the main router. It also runs iptables and dnsmasq. All local addresses are in the hosts files, identical on all machines, with resolv.conf set to search hosts, dns. The dns is the routers local address on all machines, so that if where I want to go is not a local address obtainable from the hosts file, then the router is queried, which if dnsmasq has not already cached the lookup, sends the dns request on to my ISP's dns server. And it all happens in milliseconds, so my access to the net from any of my machines is transparent. Yet in nearly 2 decades, only one person has been able to get into this system, and he was both invited and given the login/pw's to do it. As a guard dog, dd-wrt has very quick reflexes and sharp teeth. And there is nothing virtual about it. Yet it Just Works(TM). I do have a couple 8 port switches in order to give me that connectivity here, and in the garage, plus a 4 port hub in a smaller outbuilding to hook it all up. That 90 foot piece of cat5 to that outbuilding from the house has now been blowing in the wind for nearly 2 decades, surviving a 100+ mph blow that took down 4, 30 yo 40+ ft pine trees, part of this houses roof, and about 70 feet of privacy fence. And it still works. Thats how I do it. -- Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
