I have an Edgerouter 10x which can run Wireguard. So that's my primary VPN solution. It was a little daunting to set up,but it's been bulletproof.
Before that I used OpenVPN Access Server on a Pi. That was nice because it gives you a web interface for administration. 1 caveat: openvpn-as only supports 2 simultaneous connections for non-commercial use.
Both of these were for client-server setups.
I prefer Wireguard for it's modern cryptographic approach, and it's "do 1 thing well" approach. OpenVPN is infinitly configurable. Which can be overwhelming. Also complexity is the enemy of security.
I have asus gt axe routers running merlin with both openvpn and wirguard running. Also.a mikrotik router with open vpn. Open vpn on merlin supports as many connections as i want.
I will highly recommend this as well. Dead simple. But you do need to have the software on any device you want to connect with i believe. Works without port forward as well. You can setup one device on your local network and it has options to let you access every device on the network.
+1000 on Wireguard generally, and TailScale is the easiest way to implement it from what I've seen. I use WG on my EdgeRouter12 and it's been fantastic.
My only goal in getting a VPN is to be able to see the graphs on my Hubitat Dashboard when I am away from home. Is there a safer way, other than a VPN to do this?
My hesitation with a VPN is I don't want to open a route to my home network that could get hacked, because I really don't know what I'm doing with this. For those of us who bought a Hubitat because we are not familiar with and don't have the time to learn how mess with RPI's, NAS and all that, is the VPN that comes stock on the Asus Router safe?
The Asus appears to give the choice of WireGuard, IPSec, OpenVPN, and PPTP. Are all of these free and is any preferred over another?
If a VPN using the stock Asus firmware and one of the above is safe and the preferred method, and if I set it up, will I be able to see my Hubitat dashboard graphs (set up in Hubigraphs) from my phone when I am not home? Will it require installing added apps on my phone to do so, or will the graph be visible when I open the Hubitat dashboard?
I'm currently running Wireguard on DD-WRT firmware on my router. I used to use the built in Open VPN, but Wireguard is much simpler to set up on the router and client devices. I've played around with ZeroTier and Tailscale but didn't find either one to be a better solution for me.
On my phone I'm using Automate Android (similar to Tasker) to automatically connect to the VPN anytime my phone isn't connected to my home Wi-Fi. It's a full tunnel so I still use my Pihole DNS and block ads when out and about in addition to getting access to LAN devices.
AFAIK a quality VPN is the safest way to allow access to your home network when you're away. If you wanted general access to your home network that is the way you should go.
That said, you don't need a VPN to access your Hubitat dashboards remotely. You have a cloud link in the Hubitat Dashboard app just use that link.
The dashboard works via the Hubitat App, but the graphs don't show up when I am not connected to the local network. If you know how I can fix that without a VPN that would be SO APPRECIATED!!!
Maybe better to start a new topic so you don't divert this one too much away from its purpose. And you'll need to provide more info in that topic on what graphs from what sources, etc., that aren't working w/the cloud link.
OK, back to this VPN thread as that other thread settles a VPN is needed.
AFAIK a quality VPN is the safest way to allow access to your home network when you're away.
Is a VPN via my Asus router "a quality VPN"? If so, which of the four options is recommended?
If you wanted general access to your home network that is the way you should go.
I do not need general access to my home network. I ONLY want to see the Hubigraphs in my Hubitat Android app dashboard. Will I need to load any apps on my phone to see the Hubigraphs on the Hubitat Android app dashboard via VPN?
I experimented with Cloudflare and another similar option that I can't remember name and both seemed like great options if I didn't already have Wireguard VPN.
+1 for Tailscale.
Have to say it wasn't as easy as click and go, eventually got it working.
Running it on my Qnap using Virtualization Station.
Tried setting it up using a container but that was way over my screwing around tolerance.
A few years ago I was using a Linux box with iptables for my firewall and I setup both openvpn and wireguard on it to see which I liked better. Wireguard turned out to have something like 15% less throughput so I ditched it. Last year I replaced the Linux box with an OPNsense box and setup openvpn on it. It's been rock solid. YMMV
I use my VPN on every device away from home so that all my traffic is routed through my pihole for it's blocking of BS traffic. I expected to "feel" a slightly slower connection but it's turned out to be indistinguishable from being connected to my wifi at home.
Wow, I did notice a flurry of posts during the hours that after I posted (went to bed)...
My lazy self would revert back to the WireGuard setup I have had issues with.... But I may dabble in some others based on comments here along with other forums.
Thanks to those who have posted so far, don't let my post stifle the conversation...
Could you point me in the direction of the instructions that you used to do so? Last time I looked over an year ago, I was confused by instructions that I found.
Sure. To be clear. Wireguard supports the Edgerouter. The Edgerouter does not come with it built in. I started with this article which got me about 90% of the way.
VERY IMPORTANT: Take notes and copy your keys off to somewhere secure but assessable like a password manager because the peer configuration will get wiped every time you do a firmware update on the Edgerouter. I simply saved the console commands so that I could replay them when necessary. Not a big deal, if you have the notes. It takes me less than 5min to do it after a firmware update. Just something I have to remember to do.
If you figure out a way around this, please let me know.
