Apologies in advance for the noob question. Basically, I want to set up Radarr, Sonarr in Docker, etc. and I was going to have a vpn container and run the apps through that.
However, I can run nordvpn on my router. I can select which clients to apply it to, so when the VM is running I was just going to apply the vpn to it. So my questions are:
If I do this, do I even need to have a vpn container to run the apps though?
How can I check that it is working in the console?
For example, my windows pc I just go to whatismyip.com or whatever and check with the vpn on vs off. There’s got to be some simple commands to check in the console with the vpn on vs off, right?
I run pfSense bare metal and have OpenVPN and wireguard VPN (both Nord).
I assign static IP addresses and then have an alias for VPN clients with firewall rules to route via selected VPNs. Also have a floating killswitch rule.
Don’t need any other containers if you do it at router level.
With cli based machines you can curl icanhazip.com (need to double check the URL) and with anything gui based well you know how to check.
If you set it up on the router, it should be completely transparent on the clients.
Nord et. al. are not actually VPNs. They are just encrypted “next hop” links. The difference is fairly semantic though.
I have not set up Nord but I would imagine it provides a “route” or default gateway to which you can “route” traffic.
In that sense, a routing rule on your router should be able to choose which traffic goes to the nord gateway encrypted and which goes out the normal connection.
You could just statically forward all traffic through Nord, probably easier to setup.
On “actual” VPNs…
I use OpenVPN with an AWS Route53 DNS updater running on a LinkSYS WRT router. However this is for remote clients to “bridge” into the LAN directly.
When I connect my phone to the VPN (happens automagically and is enforced), all my traffic from the phone is routed via the VPN to my home server over 3/4G data network and then, via my web filters, DNS filters etc before going out onto the net.
The effect this has is to make the phone feel a lot more like a corporate device. No ads. Lots of blocked rubbish.
More importantly I can, for example, open a browser on the phone and navigate to a private IP or hostname on the LAN directly. The phone even has a local IP address and can be pinged even when it’s remote.
This is exactly what I needed. I already set a static IP for the VM so I applied the VPN and could see the IP change. Did a bunch of googling last night and couldn’t find that answer, thanks.
I’m really new to all of this but am loving learning.
>have an alias for VPN clients
can you elaborate on this? is this a group of clients that you can toggle on/off using the alias without having to do each one individually?
Note. There are obvious security factors to consider with this approach.
It kinda raises the severity of security you need to keep your phone under. Leaving it unlocked on a train seat might lead to some interesting events if a tech savy person finds it.
Then again, in that event, I just need to get access to the server myself long enough to delete the phones certificates/keys… or better yet, honey pot it for analysing who has it and what they are doing.
yeah I was having too some time ago and another user in the KASM reddit helped me with the cli curl.
Alias is a group of clients yes (can also be site, networks or ports)
its not an on/off thing as such but kinda works that way at the same time.
you can say route this alias via. or allow this alias to here. or deny this alias to here etc etc
None as far as I know. Well, I guess the Windows PC has Windows Defender but I’m guessing this isn’t what you’re referring to?
Sounds like learning about this might be the next project. After some googling I see that I can create a VM with pfsense/opnsense but seems like it would be better to get a new router (any recommendations)? Right now I just have the standard modem from Spectrum > Deco Mesh (used as router) > Switch.
I did some research after your first post and I can get a router and install pfsense/opnsense/whatever and set up the Deco Mesh as access points instead of using as router. However, I wouldn’t even know what to do with a firewall even if I set it up and am afraid of completely screwing up the internet access lol.
Again apologies for the noob questions, I haven’t done anything outside of being a normal Windows PC user until a few weeks ago when I decided upgrade my raspberry pi plex server to its own computer with proxmox setup. It seems to be a never ending rabbit hole of learning.
I would start by using proxmox to learn the basics of pfSense, the build a configuration that you can transfer over to a bare metal pfSense router/firewall.
I’m planning on doing a presentation for work around proxmox and pfSense so I can mock up a web version and share that with you.
Happy to walk you through stuff as it seems you are trying to do what I’ve done.
Thanks, I really appreciate it. Good advice, I will start in a VM and make sure everything works, get familiar with it, etc. before going bare metal. If you don’t mind I’ll pm you with questions. Although, I will do as much on my own as I can before bugging you and I know there’s plenty of information out there for me to figure it out.
