I want to create a private VPN that my family can use on their mobile devices no matter what internet connection they are on. I want to be able to use my home internet connection through my Untangle router so that I can filter access for my children and myself. I am familiar with a lot of the technologies at play, but not sure what the best solution/stack would be to approach it, or how to organize it into my existing network. Is there a pre-existing guide to something similar that I am unaware of? Any and all help is appreciated.
The way that I have it setup is I created a VPN server on my pfSense install that my mobile devices can access when away from home. I then downloaded an app to my android phone called automate. It runs in the background and waits to see if I leave my home wifi network. When it detects that it runs a script that connects to my VPN using the Android OpenVPN client and then returns to the home screen. It also does the reverse when I connect to my home wifi again, disconnecting me from the VPN.
That sounds like exactly what I am looking for in this regard, or at least very, very close. I am not competent with any programming or scripting languages, so at least that gives me a place to start. It sounds like I will need to learn several things before I can get to a working setup, though.
Which language did you use? Python, C, others? Thanks very much for the reply.
Here’s a client configuration generator: so that you don’t have to type a lot of stuff on your phone and can scan/share a client config qr code image instead: WireGuard Tools - QR Code Generator
Setting up VPNs requires a little bit of networking and a little bit of systems/configuration knowledge (tcp/ip basics, a bit about firewalls, a bit about basic static routing principles), you don’t really need a lot; usually you don’t need any advanced programming / scripting skills. Most network tools work through a command line, but I guess untangle has a ui to make things simpler.
Important thing to choose is whether you want to connect using L2 / L3 … in other words, do you want to be on the same LAN as all the other hosts and move broadcast traffic like various device discovery advertisments through the VPN, or not.
If you don’t need this, (e.g. you only care about internet access and http / layer3 IP access to services on your network), wireguard is a good choice.
My take on it is getting a Pi 4 2GB and use OpenVPN on it with a loopback to Pi Hole in order to block all the malicious domains and, maybe, specific domains according to your needs. This way you’re reducing the load on your router, keeping it more secure because, if the VPN get’s breached, it’s your Pi that’s gonna take the hit and not your router and, last but not least, everything is very well documented everywhere on the internet and it’s easy to deploy.
I tested this setup on my old Pi 2 but the 100Mbit LAN was a big limitation. Other than that it worked really well and was realiable even on such a low powered device with 1GB of RAM.
Hey, thanks for the reply, I don’t know if this will affect the decision making here, but my current Untangle box is running on a Xeon-W series workstation with 24GB of ram and a 500GB SSD because that’s literally what I had sitting around to put in it. So resource draw is not a concern, I believe. From a security perspective, what is the benefit of running OpenVPN behind the Pi-hole? Untangle has a pretty robust ad-blocker builtin, and the biggest draw for me is the Policy management and application control. Curious what your perspective is on it. Cheers!
I didn’t know you had such baller setup as a router.
Passing OpenVPN through Pi Hole allows to block specific sites and domains pretty easly, check on all the traffic generated by each device and generally it’s pretty flexible for allowing or denying specific parts of the web traffic. It’s just on an off and making sure to block malicious website before they go through your VPN is generally a good thing.
What do you mean when you say policy management and application control? Can you be more specific?
So Untangle’s big selling point is the Policy Management and Application Control that they have baked into their NG-Firewall. Basically, the Application Control lets me say “Nobody can watch youtube.” And with one checkmark, it blocks the websites on computers, the apps on phones, the APIs for smart TVs and game consoles, everything. Then you can go into the Policy Management and say, “Nobody can watch youtube, except for these people.” It also has the slick “single pane of glass” stuff, so you can see multiple sites, do SD-WAN, and other cool stuff like that.
Yes, automate is an android app that allows you to make script-like functions that operate on the device. It uses a drag and drop interface with configurable fields.
The VPN was pretty easy to setup with the hardest part due to the fact that I have dual WAN connections, @D0N_M3GA If you are wanting some assistance with either the VPN or using the Automate app send me a direct message and we can coordinate from there.