Configuring TP-Link TD-W8970 for Remote Access via VPN from Abroad

Hello all.
I have a small problem to solve and unfortunately I get tired and tired and cannot cope. I want to access my home network from the outside. I am abroad and I want to browse my resources from there, but also use Polish ip. I read that the goal I would like to achieve will help me meet vpn. Using various guides, I tried to configure the router and connect to it remotely via a computer. Unfortunately, none of this. Every now and then there are other mistakes that I cannot overcome. In my opinion, I have to start all over again and this is where I would like to ask for help. Where to start? What exactly to do? Are you sure vpn is the best solution for me?

My router is tp-link td-w8970.
At home, I also have a computer at my disposal, but due to the fact that it would have to be turned on all the time, I am not willing to apply this solution, but if it is necessary, this is an option.

Thanks in advance for any answers and help.

What connections do you have in both locations?
VPN can be set up on routers, so PC operation is not necessary, but it is difficult to find cheap VPN equipment on neo, unless you supply your ETH router.

Another alternative is to buy a VPN account on some site.

You can replace the software on your modem-router with OpenWRT and run a PPTP or OpenVPN server on it ... There is also the issue of variable IP, here you will need a dynamic DNS service (e.g. DynDNS, no-IP and tp) and a client of this service running on router and make sure the DNS name always points to the current IP address.

hermes-80 wrote:

What connections do you have in both locations?
VPN can be set up on routers, so PC operation is not necessary, but it is difficult to find cheap VPN equipment on neo, unless you supply your ETH router.

Another alternative is to buy a VPN account on some site.

The connection at home is 100/20 Mbit / s and the connection at the "receiving" point is 25 / 1.5 Mbit / s
I have neither neo nor variable ip. Buying a VPN on a website will probably not allow me to use my network (?)

hermes-80 wrote:

You can replace the software on your modem-router with OpenWRT and run a PPTP or OpenVPN server on it ... There is also the issue of variable IP, here you will need a dynamic DNS service (e.g. DynDNS, no-IP and tp) and a client of this service running on router and make sure the DNS name always points to the current IP address.

OpenWRT is silent for my router. It is for this model, but only in the hardware version v1 and I have v3, unless I have not read something. As for ip, the same as above - it is not variable.

So supply a second router with a VPN server at home and use a PC client or router with a suitable FW at a remote location.

I don't think it makes sense to pay extra to Draytek as an ADSL router with a VPN server.

pull1990 wrote:

As for ip, the same as above - it is not variable.

... and is it public?

So my router does not allow me to create a vpn server on it? Which router do you recommend at a reasonable price?

Is my ip public? I do not know. How to check?

The easiest way is to put together a VPN (openVPN) on Tomato ( Link - TAP, TUN) - then you have DD-WRT, Gargoyle (OpenWRT) and more advanced Mikrotik routers or some own gateway on some miniPC (raspberry Pi, banana pi etc. - but it's higher school with configuration in the console).
For the server, a more efficient machine, e.g. Asus RT-N18, Asus RT-AC56U (which Asus withdrew from production because it was too efficient compared to the price - but you can still get somewhere in warehouses).

Quote:

Is my ip public? I do not know. How to check?

Ask your ISP if it is public and unblocked.

And if only to try to put the server on the computer that is at home and the client on my computer. It's about openvpn or other solutions

Then attack the topic. Remember to redirect the appropriate ports on the router to the server location.

Can you tell me more about it? I don't really know how to do this

http://www.sierp.net/faq/openvpn.htm#serwer
http://vpnonline.pl/konfiguracja/windows7-openvpn

Before you wrote back, I already did according to these instructions:
http://www.networkservices.pl/baza-wiedzy/instalacja-i-konfiguracja-openvpn-w-windows

Something went forward, but when I turn on the connection with the server, it stands on the yellow icon, at this point I turn on the client and it also stands in a similar place. Below is the client's log:

Tue Jan 26 9:13:41 PM 2016 SIGHUP [hard,] received, process restarting
Tue Jan 26 21:13:41 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan 4 2016
Tue Jan 26 21:13:41 2016 Windows version 6.1 (Windows 7)
Tue Jan 26 21:13:41 2016 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Tue Jan 26 21:13:43 2016 do_ifconfig, tt-> ipv6 = 0, tt-> did_ifconfig_ipv6_setup = 0
Tue Jan 26 21:13:43 2016 open_tun, tt-> ipv6 = 0
Tue Jan 26 21:13:43 2016 TAP-WIN32 device [Local connection 2] opened: \\. \ Global \ {0AFE4ECE-7CCB-41C2-843B-D05957639783} .tap
Tue Jan 26 21:13:43 2016 Notified TAP-Windows driver to set a DHCP IP / netmask of 10.3.0.2/255.255.255.252 on interface {0AFE4ECE-7CCB-41C2-843B-D05957639783} [DHCP-serv: 10.3.0.1 , lease-time: 31536000]
Tue Jan 26 21:13:43 2016 Successful ARP Flush on interface [24] {0AFE4ECE-7CCB-41C2-843B-D05957639783}
Tue Jan 26 21:13:43 2016 UDPv4 link local (bound): [undef]
Tue Jan 26 21:13:43 2016 UDPv4 link remote: [AF_INET] 192.168.1.108:1194

At this stage, it has stopped and is still standing, nothing changes

For this you need a client and a server.

Yes Yes. I have a server at home on my pc and a client on my pc overseas. I was configuring everything a moment ago. I wrote earlier that I have both.

I did everything according to the instructions I wrote about.
In the configuration files I changed only "local 192.168.98.136". I entered my ip there. Maybe I should change something else or the entered ip is wrong? Come on at the stage of its verification, there are no errors and entering another one immediately crashes an error.

I made a connection using a shared key

But you are giving your IP from internal networks, not your public IP that you see on the internet.
You are waiting for port forwarding on the router or the fight with the ISP for public unblocked connections initiating IP.

Actually, I have no idea how you set it up.

I have now entered my public ip and it's even worse.
Can you say more about redirecting these ports? I don't know what to do next.

As for the configuration, I did everything as in this guide. The configuration files are as follows:

For the server:

dev tun # interface type - always TUN for the router
local 192.168.98.136 # server IP address (see additional notes at the bottom of the page)
# "local" specifies the operating mode of this end of the tunnel as a server
proto udp # type of protocol used
port 1194 # used port
ifconfig 10.3.0.1 10.3.0.2 # server IP address, client IP address (for the created connection)
secret secret.key # name of the key file
# you can enter the full path, e.g .:
# secret "c: \\ Program Files \\ OpenVPN \\ config \\ secret.key"
persist-tun # keeps the virtual interface elevated during restart
persist-key # the key will not be reloaded during the restart
keepalive 10 120 # restart on connection failure
# sends ping every 10 seconds with timeout = 120s.
cipher AES-256-CBC # Setting the recommended AES encryption with a key length of 256 bits
# and the CBC algorithm
# the setting must be identical on the client and server
comp-lzo # compression algorithm, reduces transfer wear
verb 1 # logging verbosity level


For client:

dev tun # interface type - always TUN for the router
remote 192.168.98.136 # server IP address (see additional notes at the bottom of the page)
# "remote" specifies the operating mode of this end of the tunnel as the client
proto udp # type of protocol used
port 1194 # used port
ifconfig 10.3.0.2 10.3.0.1 # client IP address, server IP address (for the created connection)
secret secret.key # name of the key file
# you can enter the full path, e.g .:
# secret "c: \\ Program Files \\ OpenVPN \\ config \\ secret.key"
persist-tun # keeps the virtual interface elevated during restart
persist-key # the key will not be reloaded during the restart
keepalive 10 120 # restart on connection failure
# sends ping every 10 seconds with timeout = 120s.
cipher AES-256-CBC # setting the recommended encryption algorithm
# the setting must be identical on the client and server
comp-lzo # compression algorithm, reduces transfer wear
verb 1 # logging verbosity level


I copied everything, only changed the address in the second line of each code. What is wrong?

For Open VPN, you need to redirect the following ports on the router behind the server:
TCP 443, TCP 943, UDP 1194

Also, you should enter public, not local, IPs. You can check your public IP in the router's panel (WAN IP) or by going to the website www.whatismyip.com from the computer behind the router.

I don't know if I understand it wrong, but the server is on the computer and not on the router.
I know my public ip, entering it does not help, and even harmful - here is the problem.

Can you elaborate on what this redirect is all about and how to do it? If I can do this, will it all work?

Thank you very much for help.

Port 1194 (Port forwarding) must be forwarded on the router in the server's network - check that the server is actually listening (CMD netstat -a) and that the firewall is not blocking it.

I checked through a website on the internet and port 1194 is closed.

Sorry, but I don't know what's going on here: "check that the server is actually listening (CMD netstat -a) and that the firewall is not blocking it."

I am unfamiliar with these topics and this is my first adventure with something like this. Thanks for your understanding because I suspect that you are already taking something from me ...

Edit:
I have forvarding in the router settings. The only problem is, I don't know what address to forward the ports to.

Enter in the DMZ of the router the PC IP that got via DHCP.

That's what I did before you wrote. It didn't change anything

Check port openness at - http://www.t1shopper.com/tools/port-scan/

Unfortunately closed. Can't possibly use a different port?

You can - it just depends on the server configuration - and the firewall may be blocking you.

The firewall on the computer is completely off, and so is the router.

Edit:

I don't know if it is possible, but I checked the ports from 1000 to 1200 and they are all closed.

So you may have an IP blocked by your ISP.

And I won't be able to do anything?

With a blocked IP address, you will not release any service from your network to the world - what are the first 6 digits of IP on the WAN of the router from the ISP?