Jump to content


Photo

How to share VPN tunnel using Connectify (virtual router) and a physical router

Connectify Bottlenecking Sharing

  • Please log in to reply
1 reply to this topic

#1 bizel

bizel

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 19 August 2013 - 08:38 AM

Hi.

Could anyone help me out how to set up  below described setup.

First of all I'll explain what I'd to achieve.

I'd like to share VPN tunnel without physical router bottlenecking issue.

To do this I found out I can use a software called Connectify which allows me to share VPN tunnel established on PC VPN client (I can share it without router doing all the encyption which results in speed bottlenecking due to low router's CPU capabilities). So far I managed to share the tunnel over TP-Link WN722N USB Wifi card. Here comes my question. I think that I could get stronger sharing connection, or signal, or wifi performance generally speaking, if I could share that tunnel over a physical router (TP-Link MR3420 v2) which comes with two external antennas then on TP-Link WN722N USB Wifi card which comes with just one antenna. How to set up a router to act as a Wifi card so I could share VPN tunnel over Connectify in which I could point out such a router to as a "sharing device").

I know that from some point of view such a solution may look too complicated, but after reading of tons of articles I found out it's the only way to achieve what I want to achieve (which Is sharing VPN tunnel without router bottlenecking through strong WIFI signal).

 



#2 32dsof94324

32dsof94324

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 29 May 2014 - 04:53 AM

Set your local ip address' for connectify and the router you're planning on sharing it to as static IP address' which have a matching gateway.. You will find out what these address' are by viewing the properties for connecify. In windows you see it when mousing over the Connectify tray icon. If you have 2 Ethernet ports like me on your computer, In Connectify Share you "TAPV9" adapter to your computers second Ethernet to the wireless router. Make sure to set your wireless router in which you will be sending your connectify output to as the same static address' as connectify set itself to, be sure that the firmware on that router is not blocking VPN, as many router have that option..  Change your routers DNS settings as well.  I use Google's 8.8.8.8 and OpenDNS's 208.67.220.220 public ones.  However, you may wish to choose a faster resolver, this is based on your favorite servers location, run DNS speed test such as the one generously offered at grc.com

 

If you have 2 routers in your set up (one brings the internet from the Modem to the machine running Connectify and the other is the one broadcasting the internet from Connectify. These routers should not only be static, with edited DNS settings they should also be on separate subnets (i.e. - Router A's gateway: "192.168.2.1" Router B's gateway: "192.168.9.1") to heighten security and lesson the chances of leakage. Placing all machines accessing the internet on the router inside the "inner circle" so that all communications are forced to go through the VPN.

 

I also utilize the Dispatch software to act as a firewall layer and to also to break up my throughput total for bandwidth into many local access points. You would simply point the programs to your Tap Adapter. This in combination with AirVPNs new 3 concurrent connections deal and port forward/IP hoping options are great. An additional recommended firewall software controller is at binisoft.org - The windows firewall control software... this is just a recommendation.

 

With sufficient bandwidth you may also try things like use a VPN on a machine thats already going through the VPN Router, so its double wrapped... use a mix of different VPN services to strengthen security. Web-browse using services like "proxfree", to mitigate companies such as facebook and google from documenting the IP address' you use when you sign in, even if they are VPN address'. Don't forget that google is documenting everyone's IP address and connecting the lines to their router mac address' as well (each mac address is authentic). Their google vehicles they drive around to map our world are also equip to capture and document your wifi access points name and also its distinct mac address it uses too. The data is correlated in a way to pinpoint your every move when using their apps on a smart phone while giving the app access to your GPS chip. This information is used to sell to 3rd parties, it's how they thrive. Pinpointing your real location to within a few feet using alternative methods, this can totally hinder anonymity and make your entire setup and paying for the VPN pointless.  Turn off Bluetooth until the newer encrypted model is around and matured too if you care about privacy.  As boring as it is READ THE TERMS OF SERVICE before accepting ANYTHING for everything... these days smart phone apps are getting increasingly nosy to say the least... and you're agreeing to it, Keep in mind that these agreements change too, sometimes without much notice to the user.

 

As far as complication goes.... honestly I can make your head spin with some of the setups I've had.  

 

To make a more elaborate setup which I've taken a liken to in recent months; given you're willing to spend some time tinkering and obtain a fair amount of adapters and a few extra servers for routing purposes (or one very powerful machine running a few virtual machines) as well as recommended outside perimeter pfsense for beefy security...... you can set up an array of high powered wifi adapters and outsource your bandwidth though multiple access points.. for example my apartment complex offers 3 different wifi access points around the complex to ensure good coverage... Each access point is on its own different channel to avoid clashing with one another since each has the same name but each has its own unique mac address which can be used to distinguish its a new point of access .... I utilize all 3 simultaneously and to do so I have to use 3 different high powered wifi adapters... VPN them all and set up my DDwrt firmware as well as Dispatch and I use virtual machines like plug ins too.  I won't get too deep but with some careful planning to avoid DNS leaks and some thought in local network security a man can actually set up quite an orchestrated "hybrid" array of internet connections to form one fast and VPN secured interaction to the internet if one were so inclined.  ...As I said I highly recommended (another piece used in my set up) replacing the firmware on your router with DDWRT firmware, or if your router isn't a kind you can do that with I urge you to obtain a cheap router from ebay or something like that to flash with the DDWRT  ... it contains many great settings which you won't find on your average router..... Don't forget that you can use 3 concurrent connections with AIRVPN, and you can port forward and router hop within the circle of servers, these tools are there so you can to take advantage of speed and throughput and customize your setup till your hearts content.  Think outside the box, think of the world of vitalization and expand your security.

 

As a penetration tester I am continuously trying to breach my own network using kali/armitage/metasploit. 

 

as far as bottle necking it should not be an issue in most common situations. If your connection keeps dropping when you use it, this can happen with certain ISP's when using alternative ports sometimes... (for example bright house networks at my old place in FL would block all VPN traffic on port 53). With the "big data" era in our grasps many people don't realize that they have to make sure they have updated to "10/100/1000" (many older computers have 10/100 and are not capable of 1000 MB/s throughput) ALSO routers must be able to handle that 1000mb/s speed as well so make sure not only your computers have 10/100/1000 capable Ethernet port but also your router, to avoid replacing PC Ethernet cards all together consider wireless "N" connection for higher advantage of wifi speed and stronger connectivity, or the newer "802.11ac". Consider other wireless devices such as your home wireless telephone or baby monitors which can sometime run on the 2.4 ghz spectrum.  Make sure you're not putting the microwave near the access point... sometimes the answer is something silly like that.

 

=)







Similar Topics Collapse

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 13808 - BW: 44201 Mbit/sYour IP: 54.205.211.87Guest Access.