Hello, I have a question you know-it-alls

[G+_Frank Kim]

Hello, I have a question you know-it-alls. I am looking for a way to encrypt all of my home internet traffic using a VPN service - without installing apps/software on all of my individual equipment. I would like anything connected to my network to be encrypted. Is there an inexpensive DIY way of doing this?

 

I have the following equipment available to me: Sonicwall TZ 190 firewall device, Linksys WRT54G router with DD-WRT, HP Microserver with VMWare ESXi.

 

Am I crazy to think this is possible? (note: that would be perfectly fair)

[G+_Dan Phillips]

So to be clear, you want all traffic from devices inside the network to be encrypted? For example, you want to stream a video from your NAS to our Smart TV or tablet and have that info secured?

[G+_Frank Kim]

Ah, sorry for the lack of clarity there. I would like to be able to encrypt all internet traffic from all my internet enabled devices at home (i.e. iPad, Xbox, Nexus 4) without having install some type of app or software on each of these devices. I was thinking of setting up some type of go-between hardware device that would encrypt the traffic from my internal network out onto the internet.

[G+_Greg M]

Some routers allow you to use a VPN connection between the router's internet connection to the VPN's connection on the internet.

 

VPN service only encrypts the traffic to the VPN service. Once it leaves the VPN provider's servers the traffic is unencrypted unless it is a SSL connection to the destination from your  device. You still will have to pay for the VPN service.

[G+_Jesse Dickson]

There is an Open VPN version of DD-WRT that supports running in VPN client mode. You should be able to use that to connect to ProXPN or a similar service. I know I just for fun and used the PPTP client to connect to another service in the UK.

[G+_Dave Hart]

Assuming that you router does not support VPN, you could consider using your HP Microserver to host a VPN client and route all household traffic thru the server before it goes to your router / modem. You would (probably) need a second network card and a separate router to collect the household LAN traffic and direct it to the server, but there but if there is a way of segregating traffic between different sub-nets on the same hardware you might avoid having to get the additional hardware.

[G+_Frank Kim]

Perhaps I should try and create a VLAN for the server and 2nd router to route the household traffic through the VPN server and then out onto the internet? Could I configure routing and remote access and setup PROXPN on said server... would that work? Lastly, the server is (at the moment) an ESXi box so would I be able to use a VM with Windows Server 2008 or 2012? 

 

Thanks for the suggestions! You're totally awesome!

[G+_Greg Munck]

Who are trying to hide the packets from, your local LAN, or the rest o the Internet? If you are making https connections to the Web all your traffic, or whatever is targeting https will

be encrypted from that machine to the Web server. Nobody else on your lawn, not the router or anything else will ever see the clear text packets, except for the ones used to initiate the ssl handshake.

 

You can't make an ssl connection to a Web server if that Web server is not setup to accept it. Of course most sites are anyways.

 

Let's say you run a proxy or VPN server on your home router. As soon as the packets move outward to the Web the proxy is pointless because everyone sees that it came from your router. Also any extra security you added for inside your LAN is peeled off. You can send scrambled data to a Web server unless you establish the ssl connection with it.

 

If you want to really understand security in these aspects I highly recommend listening to the podcast Security Now from the beginning.

 

If you want to and anonymize you would have to use a good proxy service.

 

[G+_Greg Munck]

You probably can configure a proxy service at your router level, but I doubt that will work well. The goal there would be that everything leaving your router would go to the proxy service first automatically.

[G+_Micheal Justin]

Frank Kim what VPN service you have now? might be its not supporting your router and encrypting TZ 190 firewall device. I think you should google it to find the best way to get rid off this situation or discuss this issue on #VPN pages such as Bestvpnservice.com 

[G+_Frank Kim]

Thank you everyone for your advice. I will definitely do more research!