Questions re: 2-home setup
-
Greetings netgate users. I have not purchased yet but wanted to run my plan by you to see if what I'm planning is doable. Don't want to spend the money if it's not going to do what I'd like.
two homes in different states. Want to put a netgate at each and establish a VPN tunnel between the 2. Orbi and cell phone extender plug into netgate which plugs into Arris NVG599 in bridge mode. pfSense provides DHCP and would use MAC reservations on each home network.
Not planning to have static IPs from the ISP at either location but will use DDNS to identify the endpoints by name. First question, will the VPN tunnel reestablish itself if one or the other ISP changes my address since I use DNS names to reference each location's public IP?
Want some traffic at each home to not use VPN and just go out the WAN port to the Internet. Second question, is this doable just using networks, address groups, and FW rules or is more required? From what I've read and watched on youtube, it seems doable but would like to confirm.
Using netgate 1100, what is the best throughput you've seen on the VPN tunnel? Only using the tunnel for file share off a NAS and RDP.
What other questions should I have or areas to consider before moving forward with this?
Thanks in advance for any assistance.
-
I have been running a VPN tunnel for several years with no issues. It re-establishes the connection automatically. I am unsure if either end has changed IPs, but both ends are using DDNS. The routing was more or less automatic when we added the VPN interface.
With no rules, traffic to the internet always goes out the WAN link. We put rules in place to limit network exposure on both sides.
The Netgate device needed depends on what else you want to do and your WAN speed. In my case the VPN is limited to 50Mbps due to one of the links. Both sides are 7100's.Be aware some things, such of Plex, will see the other side as local and can take all of the bandwidth unless you tell Plex what is local. We added rules to force Plex to go out the WAN.
-
@andyrh Great info thanks.
Any Plex will be LAN only, never across the VPN. I have 200mbs on one side and 500mbs on the other.
Love that the routing was automatic.
With this info, I feel confident enough to make the purchase. The rapid response is greatly appreciated.
-
@lensman said in Questions re: 2-home setup:
I have 200mbs on one side and 500mbs on the other.
Up and Down? Bare in mind that the limit is often the upload speed at either end.
Also the total throughput may be limited by the latency between the sites.
Steve
-
@stephenw10 on the 200 mbps end, upload is not great. About 20 mbps. Thanks XFinity. On the 500 mbps end it is somewhere in the 200 mbps range.
-
Ok so 200/20 is the best you could ever see over the VPN. The 1100 is capable of passing that using an ipsec tunnel given sufficiently low latency.
You would not want to use it at 500Mbps end though as it would throttle the unencrypted WAN bandwidth.
If you have any old hardware available for a test I would recommend trying that first.
Steve
-
@stephenw10 said in Questions re: 2-home setup:
You would not want to use it at 500Mbps end though as it would throttle the unencrypted WAN bandwidth.
Can you explain that please? Why would doing this throttle the unencrypted bandwidth at all?
-
Because 500Mbps is at the limit of what the 1100 can pass. You would want a 2100 there at a minimum to be sure of not reducing the available WAN bandwidth.
Steve
-
@stephenw10 I see. Specs indicated a little better than that which is why I purchased it to begin with. I'll give it a shot with the 1100 and measure. Will upgrade to 2100 if needed. Thank you for the response and detail.
-
The 1100 will be fine at the 200Mbps end but personally I would want something more powerful at the 500Mbps end. If you never actually use 500Mbps you may never notice it.
Unfortunately where I am I can only dream of 500Mbps.
-
@stephenw10 That is sad. I was skeptical but with AT&T in Northeast FL, I regularly see 500 mbps download on speed tests. I doubt I ever actually pull that much but we easily stream 3 or 4 TVs while I am working from home (VPN'd into work network as well) or on Teams calls with video and have zero issues. That is all pre netgate so going to be an interesting test. I'll report some results after it is all working
