Hello.
I've never actually set up a VPN from scratch, and I'm wanting to cut my teeth doing it on my home network.
What I'm wanting to do is have a permanent mobile VPN so that no matter where I am, I'm "at home" and the same for my wife and kids. I want to be able to log into my Cisco Lab from anywhere with no effort as well.
A secondary motive is that if I'm forcing the kids cellphones to VPN through the Cisco, I can shut off their internet connection and force them to <<the horror>> join the 19th century for some good ol' socialization.
Naturally, I'm going to sell it to them as "its secure" (which it would be of course) and "its easy to find your phone if you lose it" (which is probably possible but whatever).
On the other hand, it <thinking maybe> would allow me to control the 'smart home' I just purchased from a distance locally without using the cloud. Conjecture.
Anyway.
I bought a Cisco RV325.
My network is going to consist of:
Wireless
3x Google Wifi Pucks
LAB - On its own
There's going to be a management VLAN here for the switches, but no outbound traffic allowed
5x Cisco 2950 Catalyst Switches
3x Cisco Routers
1x Fortinet Firewall
1x Ubiquiti AP
Wired Network
2 Unmanaged Gigabit Switches
Whatever happens to be right next to the router (4 ports for that)
2 Ports for a NAS
1 Unused LAN Port
WAN to Modem
WAN to backup Cellular connection
So this is the global.
Most of this is easy.
The VPN is where things get extremely hazy for me.
I'm assuming that the VPN is going to be its own network which will have to be bridged or routed over to the local.
I am also assuming that the VPN client will allow me to set user privileges for where they're allowed to go, as well.
The VPN traffic is of course, in bound from the cloud one way, and right back out another gate. So that means it'll have to be routed, which means I am going to need a catch all that does not include any of MY networks that I want to get to.
So if my networks are [examples] 10.1.1.0/24 (wireless), 10.1.2.0/24 (home network), 10.1.3.0/30 (cisco lab), 10.1.4.0/28 or /29 (VPN network), and 10.1.5.0/24 then I just need to route everything that is coming from 10.1.4.0 to 10.1.1.0/22 and call it good, and then do a catch all of 0.0.0.0 0.0.0.0 <gateway>.
Then theres the lab itself, which is going to have a L3 Route from the RV325 to the old ass Cisco Router ring (I have 3 in the lab). So I'm thinking of bouncing 10.1.3.1 to 10.1.3.2 on the first router and using a vlan with 172.20.1.0/28 for the management on my lab.
But there's another piece to this, too. I don't have a static IP, which means I have to do this using DDNS, probably through no-ip.com or namecheap dyndns changeip or whomever. According to the patch notes, the RV325 will do at least no-ip and dyndns.
So any traffic that I am passing while I'm not at home, is [I think] going to go.
[[[VPN][Cellphone-->Cloud-->DDNS (A name(?) to IP)-->Modem-->RV325]]]-->(Either Local Traffic or Modem)-->Cloud
Dunno! I have a feeling that I'm overthinking this.
Someone tell me if I'm barking up a crazy tree or if I'm close?
No comments:
Post a Comment