|
Hello. My wife is insisting I do research on getting a VPN for our home network but I really don't know anything about them. Is this something we should do, and if so does anyone have any suggestions? Thanks!
|
# ? Feb 24, 2022 20:40 |
|
|
# ? May 21, 2024 01:55 |
|
drat Dirty Ape posted:Hello. My wife is insisting I do research on getting a VPN for our home network but I really don't know anything about them. Is this something we should do, and if so does anyone have any suggestions? Thanks! Why does she want one? How will this be used? If you want to securely access your home network while away, then using a VPN is great. A lot of routers have VPN software on them, you just have to turn it on and configure your devices to use it. If this will be for privacy reasons for general internet usage (like VPN providers like to advertise for), then it might not be very useful. Your local ISP won't be able to see what sites you're going to or what kind of traffic you're sending out, but everyone else between (and including) the VPN server and the website you're visiting can clearly see where you're going. Actuarial Fables fucked around with this message at 21:00 on Feb 24, 2022 |
# ? Feb 24, 2022 20:54 |
|
She is worried for the security of our home network. I'm not convinced it is necessary, but I guess he is worried about hackers or something.
|
# ? Feb 24, 2022 20:58 |
|
drat Dirty Ape posted:Hello. My wife is insisting I do research on getting a VPN for our home network but I really don't know anything about them. Is this something we should do, and if so does anyone have any suggestions? Thanks! VPN means virtual private network, which is software that essentially joins your computer to a local network at a remote location by using encrypted packets over the internet. It's useful so you could connect to your office network from home to do work from home if your office had a VPN set up, since you could then use stuff that's on the office network like it was local (storage servers, printers, whatever). The VPN services you see advertised are mostly using this with a different goal, where they route your traffic through their servers and back, essentially making it so the place you connect to the wider internet from one of their endpoint servers. This is how they do a lot of the location changing stuff they advertise to get around geoblocking. They just route your traffic to a local endpoint in another country. They make a lot of claims about security that are generally over the top (although not entirely wrong) because all of the connections between you and them are encrypted. This pretty much only means that your ISP can't see what you're connecting to (which they like to do because hoovering up data on what people do is ad money, I guess), but it is by no means foolproof. There are also downsides like visiting some websites where your packets are originating from a VPN endpoint might end up with them being suspicious that it's connecting from an IP you haven't used before. In general the heavily advertised VPN services are mostly used for torrenting or accessing geoblocked streaming services. The privacy issues aren't usually as cut and dry as they suggest in their marketing because hackers aren't usually intercepting traffic from your ISP. That's almost entirely the territory of government agencies. If your use a VPN to try to get around those, they will subpoena all of your connection records from the VPN company and even the ones who say they keep no logs have often been found to be keeping logs. drat Dirty Ape posted:She is worried for the security of our home network. I'm not convinced it is necessary, but I guess he is worried about hackers or something. It's likely that she's seen marketing from VPN companies saying hackers can get at your stuff if you don't use a VPN. That's really just marketing and not a real thing. The number one way hackers will get your stuff is if you click on an advertisement online (always use adblockers, almost all malware I see comes from a bad ad served from some cesspool like the MSN homepage on edge) or if you click a link in a phishing email.
|
# ? Feb 24, 2022 21:13 |
|
Partycat posted:Streaming services should reduce the bitrate of the content for it to stream rather than buffer up. It’s entirely possible to configure a router to limit connection speed through policing and shaping, or give it a bandwidth bucket and cut it off when it uses it up. I’m only familiar with this on MikroTik routers. Eletriarnation posted:I agree with this. Bandwidth limiting a video stream in the best case would just cause the streaming client to step down to a lower quality setting, but it could also cause lots of pauses to buffer. If you have a way to change your default stream quality for the client in settings or whatever, that would be a much better way to do it. Thanks! Quality settings would be ideal, but the Best/Better/Good quality setting on their Firestick 4k Pros don't seem to affect stream quality or overall data usage. The usage pattern can't be changed because TV watching is the primary activity for my partner's grandmother, meaning the primary TV is streaming 8-12 hours per day. With their 1 TB data cap, that means that they should be okay if they can push the hourly data usage below ~3GB/hour, but their daily usage has remained around 40-80GB per day regardless of changes to quality settings. Going by rate estimates I've seen for Amazon Prime and IMDB TV that should be easily doable at medium-quality settings, if those settings were actually functional. That's why I'm trying to resort to bandwidth limiting - if the apps can negotiate lower-bandwidth streams based on available bandwidth I'm hoping I can force them to use the lower-quality streams (instead of buffering/pausing). Just from my brief search, it seems like most consumer routers don't expose this level of control. However, DD-WRT might support hard bandwidth limits per MAC, so that could work! Does anyone her have experience with DD-WRT on C9s? Anything to keep in mind outside of the loss of NAT Boost (which I assume I'd lose anyway with policing/shaping)? I'm also open to picking up a MikroTik if they have cheap (<$100) consumer routers that allow per-device traffic policing. Stickman fucked around with this message at 17:39 on Feb 25, 2022 |
# ? Feb 24, 2022 23:34 |
|
drat Dirty Ape posted:She is worried for the security of our home network. I'm not convinced it is necessary, but I guess he is worried about hackers or something. If you're worried about your home network, you should A) Make sure your router software is up-to-date and have good passwords for everything, including wifi passwords. Try not to store the password for your router in the browser on your PC and remember to log out so the session doesn't remain open. B) Make sure your devices connected to your home network are kept up to date. If you need to access your internal network from outside, such as get at a local NAS or cameras or something, you could run your own VPN server on your end, but I'm guessing that's not what you're talking about. Using a third party VPN for your internet access from your local network is only really useful in two cases: A) You wish for your traffic to appear to be coming from somewhere else, such as a different country. Usually to get around region restrictions on websites. B) You wish to swap your ISP's ability to monitor your traffic with the VPN company's ability to monitor your traffic. I guess depending on your ISP there could be a reason to do this. Note that neither of those have anything to do with the security of your local network or stopping hackers.
|
# ? Feb 25, 2022 16:45 |
|
So probably a dumb question, but I just got 1000mb up/down fiber, but my speed tests are still capping out at 100mb. Desketops are wired connection, but I also tested my laptop on wireless and it's still 100. My router is gigabit, and the switch at my desktops is gigabit.
|
# ? Feb 25, 2022 22:00 |
|
Jaxyon posted:So probably a dumb question, but I just got 1000mb up/down fiber, but my speed tests are still capping out at 100mb. Desketops are wired connection, but I also tested my laptop on wireless and it's still 100. Check the ethernet cables - they might only be capable of 100mb. I did a stupid amount of troubleshooting on my router before finally thinking of trying a different cable, and instantly my speeds went to where they should be.
|
# ? Feb 25, 2022 22:12 |
|
Jaxyon posted:So probably a dumb question, but I just got 1000mb up/down fiber, but my speed tests are still capping out at 100mb. Desketops are wired connection, but I also tested my laptop on wireless and it's still 100. Is it an edge router x? Are you using a vpn? The x needs to be configured and the vpn if it is cheap like mine will cap out way under a gig also does your desktop have a gig nic ?
|
# ? Feb 25, 2022 23:00 |
|
Hey thanks for the tips regarding the VPN everyone. I learned something!
|
# ? Feb 25, 2022 23:06 |
|
Elephanthead posted:Is it an edge router x? Are you using a vpn? The x needs to be configured and the vpn if it is cheap like mine will cap out way under a gig also does your desktop have a gig nic ? Router is an Asus RT66 Laptop is maxxing at 100 wired, and it's brand new work laptop. No vpn
|
# ? Feb 26, 2022 00:28 |
|
Jaxyon posted:So probably a dumb question, but I just got 1000mb up/down fiber, but my speed tests are still capping out at 100mb. Desketops are wired connection, but I also tested my laptop on wireless and it's still 100. Check what speed the NIC has negotiated in Windows. Long, poorly shielded cables might start out at 1000 after a reboot but after interference it will drop down to 100 to keep a steady connection. I had this happen a lot at my old place.
|
# ? Feb 26, 2022 00:59 |
Jaxyon posted:Router is an Asus RT66 I had that router and had a similar problem. DD WRT helped me drastically but never got me all the way to it handling gigabit speeds. I think that the router might claim gigabit capacity but just can't deliver.
|
|
# ? Feb 26, 2022 03:17 |
|
If multiple devices on the OPs network is hitting 100 its because something between the switch and the upstream connection is negotiating at 100base-t. Either a bad cable, a bad port, or a configuration mishap.
|
# ? Feb 26, 2022 13:44 |
|
Cyks posted:If multiple devices on the OPs network is hitting 100 its because something between the switch and the upstream connection is negotiating at 100base-t. Either a bad cable, a bad port, or a configuration mishap. Yeah I'm going to buy a network cable that I'm sure is Cat6 because I think it's the connection between the gateway and the router. I haven't updated anything in at least 5 years and I assume I have some lovely cables. The gateway has it's own speedtest and it says it's near 1gb My partners cellphone won't get internet from the router even though I didn't change anything in settings, just the ISP. My phone works fine and it's the same brand and almost same model. Any ideas? Never mind it was an easy fix, just forgot and reapplied the network. Jaxyon fucked around with this message at 20:43 on Feb 26, 2022 |
# ? Feb 26, 2022 19:44 |
|
Moved into a new apartment today. Super excited because this place has fiber internet. The ISP router showed up 15 minutes after I got the keys, went to open up the ONT and get everything connected and uh That's not right.
|
# ? Mar 4, 2022 01:36 |
|
Welp enjoy your $60 service fee.
|
# ? Mar 4, 2022 03:32 |
|
Comatoast posted:I made the mistake of updating the unifi software & the firmware on my 3 year old Unifi AP-AC-LR and it went from being perfectly stable to completely unable to maintain a connection. Any amount of throughput from any client kills the connection to my Windows 10 laptop. 5G seems worse than 2.4G, but they are both showing the problem. This is not what I was expecting from my Wednesday morning. You can’t roll back on those?!
|
# ? Mar 4, 2022 06:02 |
Wireless fiber is the new hotness!
|
|
# ? Mar 4, 2022 12:41 |
|
That’s just like mine except I have a thing that says warning laser and an exploding eye that plugs into it.
|
# ? Mar 5, 2022 00:56 |
|
Thankfully it was classified as an "installation" issue so I didn't get charged for it. The tech replaced the ONT with a fiber outlet and changed out the previous router with a "BGW320-500", so I think I got an upgrade. I'd like to use my own gear, but the WiFi (4x4ax) outclasses my AP (2x2ac) and I don't have a router that can take an SFP module, so maybe I'll rework my setup instead.
|
# ? Mar 5, 2022 17:55 |
Actuarial Fables posted:Thankfully it was classified as an "installation" issue so I didn't get charged for it. The tech replaced the ONT with a fiber outlet and changed out the previous router with a "BGW320-500", so I think I got an upgrade. I'd like to use my own gear, but the WiFi (4x4ax) outclasses my AP (2x2ac) and I don't have a router that can take an SFP module, so maybe I'll rework my setup instead. 802.11ax has its own set of problems: This one is mostly for for battery-powered devices, but the fast fourier transformations and forward error correction are always active and computing them require considerable amount of power. There's also the issue that it's primarily designed for many simultaneous low-rate data transmissions whereas typical web-browsing consists largely of few high-rate data transmissions. OFDMA is also inheritly more subject to inter-cell and intra-cell interference, which means that if you're in a highly congested area and your neighbours have 802.11ax setup as well, the closer you get to their cell the lower signal strength you'll have unless the base stations are talking to each other which they won't be, since they're on separate networks. This is further complicated by the use of higher frequencies, which get worse and worse at penetrating any building material as you approach the upper end of the ISM bands. Also, radiation patterning might be better, although there's really no way to know that except to plot it - but at least it's one of the areas where there's still a good correlation between the manufacturing cost of a device (which is always very low for CPE, which are built down to a price) and the result you get. If it was me making the decision, I'd probably stick with your old AP, if you know that one works well.
|
|
# ? Mar 5, 2022 18:42 |
|
Actuarial Fables posted:Thankfully it was classified as an "installation" issue so I didn't get charged for it. The tech replaced the ONT with a fiber outlet and changed out the previous router with a "BGW320-500", so I think I got an upgrade. I'd like to use my own gear, but the WiFi (4x4ax) outclasses my AP (2x2ac) and I don't have a router that can take an SFP module, so maybe I'll rework my setup instead. If it's AT&T, once they install a 320 you can't go back, as the ONT is built into the router, and they won't install an ONT just to give you an old router they are working to phase out.
|
# ? Mar 5, 2022 20:16 |
|
I have a 48-port patch panel with about 30 in use and need to PoE power 2 WAPs and 8 cameras. I'd like to get a Layer 3 switch, but only have a 14" deep rack. This Cisco (Meraki Go) looks like it would fit, even possibly the 48-port version, but seems to only be configurable with a smartphone app. All the other 24- or 48-port L3 switches I can find are much deeper. Anywhere else I can look for an L3 switch that is configurable from console + web and will fit? I guess I could also get a deeper rack but it would be a pita and I'd rather not.
|
# ? Mar 6, 2022 01:20 |
|
RoboBoogie posted:You can’t roll back on those?! I reset the AP to default and started with a fresh VM and fresh Unifi Software, and that seems to have made things more stable. Though it has needed to be restarted twice since the format, where it was stable for literally years prior to the update.
|
# ? Mar 6, 2022 01:28 |
|
Hed posted:I have a 48-port patch panel with about 30 in use and need to PoE power 2 WAPs and 8 cameras. https://www.amazon.com/TP-Link-Wall-Mount-Protection-Optimization-TL-SG1210P/dp/B084JFPDT4?th=1 connected to a managed switch like either a TL-SG105PE or TL-SG108PE for your APs. Don't see why you'd need a layer 3 switch for cameras (or a L3 switch for a home network at all).
|
# ? Mar 6, 2022 03:08 |
|
I want to route between VLANs for my camera VLAN, and my separate WLANs (that are different VLANs now). Currently my WAPs understand trunk ports but my switch is dumb and is on my normal trust VLAN. I guess I could do all the routing on my firewall but I still need my switch to be configurable on which physical ports belong to which VLAN.
|
# ? Mar 6, 2022 04:33 |
|
Hed posted:I want to route between VLANs for my camera VLAN, and my separate WLANs (that are different VLANs now). Currently my WAPs understand trunk ports but my switch is dumb and is on my normal trust VLAN. I suppose it matters if a requirement is for your cameras to run on multiple different vlans but I don’t/wouldn’t. In my case I lock down access in pfsense so only a server running Blue Iris has access to that network. My AP is trunked off a TL-SG105E (non PoE version of the managed switch linked above) and I run two SSIDs with different vlans (since I use wireless cameras living in an apartment).
|
# ? Mar 7, 2022 00:21 |
|
Hed posted:I have a 48-port patch panel with about 30 in use and need to PoE power 2 WAPs and 8 cameras. It doesn't look like the Meraki Go switches are Layer 3 capable at all. If you're concerned about a switch fitting in your shallow rack, a lot of switches you can flip the rack ears on them backwards to fit in shorter racks. The switch sticks out a bit in the front, which could be an issue if your rack has a door that you want to close. For equipment that doesn't have ears that you can flip, you can also get rack depth extenders. https://smile.amazon.com/StarTech-com-Depth-Adapter-Server-Racks/dp/B01GGKM4S8?th=1
|
# ? Mar 7, 2022 18:23 |
|
Thanks! Now there’s a product I didn’t know existed! I found some Cisco products ($$) that have something like a quarter inch short of mine so I was trying to look for a right angle IEC connector (assuming it doesn’t vent front to back, hard to find pics). But extending to buy that insurance looks great.
|
# ? Mar 7, 2022 19:39 |
|
I've spent 4 hours today trying to get an old WD Mycloud to download to my PC with no luck. Latest suggestion I was given is to enable UPNP in my router and see if that helps. I remember that being not recommended a long time ago, but haven't messed with it since. Is UPNP still a big security risk? Does disabling it impact much in general household/streaming/gaming use?
|
# ? Mar 7, 2022 23:08 |
|
PageMaster posted:I've spent 4 hours today trying to get an old WD Mycloud to download to my PC with no luck. Latest suggestion I was given is to enable UPNP in my router and see if that helps. I remember that being not recommended a long time ago, but haven't messed with it since. Is UPNP still a big security risk? Does disabling it impact much in general household/streaming/gaming use? UPNP just lets the thing be accessed by people from the internet by automatically making a port forward from the external interface of your router to the device. If you're using WD's cloud interface thing for it that might help, it's just potentially dangerous because then strangers can also get to whatever port it's forwarding. I don't see how it could be needed to access the thing on the LAN but I don't know how they've set it up. Ideally it would be able to support a bunch of different file sharing protocols for your network but they may have to be enabled. If you don't know what IP it's using on your LAN, you might be able to look at a list on your router, or run an ip scanner on your phone or computer and just look for the WD device. Then you could try accessing its management page. The only thing I can think of that's changed for network file sharing recently is SMBv1 being disabled a year or two back so you have to use v2 now. Maybe your mycloud doesn't support that for LAN stuff and you'll have to log into it and use something else. FTP? I don't know! edit: also WD said if you have an old one leave it off the internet: https://www.bleepingcomputer.com/news/security/western-digital-warns-customers-to-update-their-my-cloud-devices/
|
# ? Mar 7, 2022 23:53 |
|
CaptainSarcastic posted:Check the ethernet cables - they might only be capable of 100mb. I did a stupid amount of troubleshooting on my router before finally thinking of trying a different cable, and instantly my speeds went to where they should be. So I replaced the cables between gateway and router, and then router and PC. Now I get 220d/350u, while the gateways own speedtest says it's gettting 1gb/1gb. An improvement, but not sure if it's my NIC or the router.
|
# ? Mar 8, 2022 05:10 |
|
Jaxyon posted:So I replaced the cables between gateway and router, and then router and PC. Now I get 220d/350u, while the gateways own speedtest says it's gettting 1gb/1gb. The gateway speed test is from your gateway to the local peering point so it's going to be fast as poo poo since it doesn't have to traverse the Internet. A speed test you from your browser or whatever has to cross that peering point which may or may not be clogged as hell because ISPs are poo poo. *Glares at AT&T*
|
# ? Mar 8, 2022 12:43 |
|
You shouldn’t be seeing a 70% reduction due to standard congestion I don’t care how lovely every ISP is. That’s a sign that something is wrong Hard to troubleshoot from this point but the two things I’d check is that it wasn’t going over wireless even if you had a cable connected (if the device is capable of both) and check to see if you have QoS running on your router.
|
# ? Mar 8, 2022 14:21 |
|
I'm fed up with the ubuiqiti gear. My UAP AC lites are crapping the bed and the wife is (validly) complaining that the Wifi doesn't work. I tried updating to the latest firmware, but that seems WORSE. Looking to dump ubquiti all together. I have two sites, with USGs at both locations, with a site to site VPN. Total of 5 APs between the two locations. One has 1000/1000Mbit fiber. So I'm looking to buy: 2 routers router supports site to site vpn router supports gigabit line rate WAN probably ~5 APs, don't have to be bleeding edge standards PoE if possible, wall warts acceptable. Looking under $1,500, slightly flexible on price. Inflexible on dumping ubiquity. What is reasonable to buy? edit: pfsense routers, are they still A Thing? What sorta hardware would I need for gigabit line rate horse_ebookmarklet fucked around with this message at 03:06 on Mar 9, 2022 |
# ? Mar 9, 2022 02:59 |
|
If you want a dedicated small box for it you can see what Netgate is offering for models that come preloaded for ideas. I run pfsense on a Protectli 6 port and it has no problem doing line rate 1Gb full duplex at all.
|
# ? Mar 9, 2022 03:46 |
|
I've been happy with my tp-link APs. The AC1750's are only $400 for a 5 pack and POE powered. Don't know much about their routers but they claim gigabit site to site vpn and are cheap.
|
# ? Mar 9, 2022 04:07 |
|
Jaxyon posted:So I replaced the cables between gateway and router, and then router and PC. Now I get 220d/350u, while the gateways own speedtest says it's gettting 1gb/1gb. Have you tried connecting the computer straight to the gateway and see what the speed is with the router of the loop?
|
# ? Mar 9, 2022 04:25 |
|
|
# ? May 21, 2024 01:55 |
|
horse_ebookmarklet posted:I'm fed up with the ubuiqiti gear. My UAP AC lites are crapping the bed and the wife is (validly) complaining that the Wifi doesn't work. I tried updating to the latest firmware, but that seems WORSE. I think omada does all you want? I've been running a basic setup for a while, just a router and two APs fed with poe injectors. (Bought the 1350 APs on ebay for 35$ each) Mainly because I have been cheap and not bought a poe switch or replaced the other dollar bin ap I have. Was pretty surprised how easily it all setup and have not had any issues in months.
|
# ? Mar 9, 2022 06:09 |