This is my way of encouraging myself to do something I should have done ages ago....
In the next few weeks I will benefit from a VPN setup, so thought I would setup a topic to capture my experience... But am happy for others to chime in with their own tips.
Some time ago I setup WireGuard with what feels like only fleeting success... though I would not want to colour peoples choice of that solution with my own outcome... every chance there is a simple explanation for my issue, that I never fully investigated.
I am using a couple of TP-Link ER605 with a IPsec site-site VPN, and OpenVPN for client-site (not sure of the term) for when I am not at either of the two sites, and also for backup if I need to troubleshoot the site-site.
It might be helpful to describe what type of VPN you are looking to use, and the hardware you are planning on using.
I have an old Netgear Nighthawk router, which I believe has some form of OpenVPN option available, but my preference (right-or-wrong) is to use a setup of WireGuard installed on a local rpi4, with the port forwarding setup on the router. That said I am not tied to this setup, so am open to suggestions.
I used that combo before I changed to the ER605's. I never could get the site-site to work, and I ended up replacing the Pi's with VMs and Containers running on Synology NAS's. It worked fine, and it is a good solution, just not for me.
I don't currently have a NAS, but would not want to stiffle conversation in that space for others.... That said, cannot quite see how a VM would logically work differently to a physical rpi.... at least it shouldn't....
That didn't answer your question, sorry.
You are correct, a Pi vs. a VM isn't the issue. In fact, you can run Vm's and Containers on a Pi.
After I got the NAS's I realized I could replace the Pi's with VM's and Containers, and have less mess in my wiring closet.
I had success using PiVPN to setup Wireguard and it was easy to setup and has worked flawlessly. It uses QR code to setup a client on phone. Tasker turns on Split Tunnel when my phone disconnects from home Wi-Fi. I also have a Full Tunnel for when connected to open Wifi APs like at airport or coffee shop. I 100% recommend this method. I've looked at installing Wireguard on my EdgerouterX but it is more complicated and what I have works fine.
I have an Edgerouter 10x which can run Wireguard. So that's my primary VPN solution. It was a little daunting to set up,but it's been bulletproof.
Before that I used OpenVPN Access Server on a Pi. That was nice because it gives you a web interface for administration. 1 caveat: openvpn-as only supports 2 simultaneous connections for non-commercial use.
Both of these were for client-server setups.
I prefer Wireguard for it's modern cryptographic approach, and it's "do 1 thing well" approach. OpenVPN is infinitly configurable. Which can be overwhelming. Also complexity is the enemy of security.
I have asus gt axe routers running merlin with both openvpn and wirguard running. Also.a mikrotik router with open vpn. Open vpn on merlin supports as many connections as i want.
I will highly recommend this as well. Dead simple. But you do need to have the software on any device you want to connect with i believe. Works without port forward as well. You can setup one device on your local network and it has options to let you access every device on the network.
+1000 on Wireguard generally, and TailScale is the easiest way to implement it from what I've seen. I use WG on my EdgeRouter12 and it's been fantastic.
My only goal in getting a VPN is to be able to see the graphs on my Hubitat Dashboard when I am away from home. Is there a safer way, other than a VPN to do this?
My hesitation with a VPN is I don't want to open a route to my home network that could get hacked, because I really don't know what I'm doing with this. For those of us who bought a Hubitat because we are not familiar with and don't have the time to learn how mess with RPI's, NAS and all that, is the VPN that comes stock on the Asus Router safe?
The Asus appears to give the choice of WireGuard, IPSec, OpenVPN, and PPTP. Are all of these free and is any preferred over another?
If a VPN using the stock Asus firmware and one of the above is safe and the preferred method, and if I set it up, will I be able to see my Hubitat dashboard graphs (set up in Hubigraphs) from my phone when I am not home? Will it require installing added apps on my phone to do so, or will the graph be visible when I open the Hubitat dashboard?
I'm currently running Wireguard on DD-WRT firmware on my router. I used to use the built in Open VPN, but Wireguard is much simpler to set up on the router and client devices. I've played around with ZeroTier and Tailscale but didn't find either one to be a better solution for me.
On my phone I'm using Automate Android (similar to Tasker) to automatically connect to the VPN anytime my phone isn't connected to my home Wi-Fi. It's a full tunnel so I still use my Pihole DNS and block ads when out and about in addition to getting access to LAN devices.
AFAIK a quality VPN is the safest way to allow access to your home network when you're away. If you wanted general access to your home network that is the way you should go.
That said, you don't need a VPN to access your Hubitat dashboards remotely. You have a cloud link in the Hubitat Dashboard app just use that link.
The dashboard works via the Hubitat App, but the graphs don't show up when I am not connected to the local network. If you know how I can fix that without a VPN that would be SO APPRECIATED!!!
Maybe better to start a new topic so you don't divert this one too much away from its purpose. And you'll need to provide more info in that topic on what graphs from what sources, etc., that aren't working w/the cloud link.
