| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Community
Forum: Hardware Chat Room
Thread: Solution for several machines using hard wire and VPN |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 23
|
|
| Author |
|
|
Occam
Advanced Cruncher Joined: Jan 1, 2024 Post Count: 92 Status: Offline |
Only 3-4 machines but have to use cable rather than wi-fi. The issue is that VPN changes things a lot and a cheap $10 router wont do the trick. Yeah wi-fi would be the easiest but just not an option. Now I'm simply unplugging the computer one by one and downloading, let them crunch the re-connect when they're done. Time consuming and each computer requires a new VPN connection. I see expensive routers the price of a good used computer but not interested in that. Any one using a system that might work? Thanks
|
||
|
|
hchc
Veteran Cruncher USA Joined: Aug 15, 2006 Post Count: 865 Status: Offline Project Badges: 
|
Not sure how the internal physical connection (Ethernet cable vs. Wi-Fi) matters with the external connectivity to the Internet (going naked to the ISP directly vs. going through a 3rd party VPN provider) since they are separate connections.
----------------------------------------A little unclear on what you are asking. 1. Are you running the VPN config directly on the machines and are limited to how many simultaneous connections you can make to the VPN provider? I know some only allow 3 or 5 or 10. 2. Are you asking if any of us have any router recommendations to terminate the VPN connection so that everything in your home automatically goes through the router's VPN and out to the Internet protected? If so, I've been running a self-built pfSense router since about 2013, and a few years ago I rebuilt it onto a used HP t740 thin client from eBay for a few hundred bucks and put in a used Intel i350 based 4-port gigabit NIC. I also built a second HP t740 thin client a few months ago (much cheaper in 2025!) and put in a used Intel i340 based 4-port gigabit NIC. I'm intrigued and have heard good things about Protectli devices if you don't want to build your own router and just buy something pre-built and new. 3. Is there a reason you can't simply connect all your BOINC/WCG machines to your router and just use the Internet without a VPN? Like, do you have very strict personal privacy reasons you must use a VPN even for your BOINC/WCG devices? (Not judging, just curious.) At any rate, yeah, doing things manually like you describe is a huge tedious pain and lots of babysitting. I just let my machines crunch 24/7 and they connect to WCG as needed to upload/download work and also update the operating system and reboot automatically as well. I don't have to do anything. I'm currently not running anything through a 3rd party VPN, but I have in the past and also am considering doing it again (at the router level so the whole house is automatically protected).
|
||
|
|
Link64
Senior Cruncher Joined: Feb 19, 2021 Post Count: 206 Status: Offline Project Badges: 
|
The issue is that VPN changes things a lot and a cheap $10 router wont do the trick. Yeah wi-fi would be the easiest but just not an option. If a connection over WiFi should work, than a simple network switch at the end of your cable and cables from that to each PC should work too. |
||
|
|
Spiderman
Advanced Cruncher United States Joined: Jul 13, 2020 Post Count: 138 Status: Offline Project Badges: 
|
There isn't a lot of specifics in the original request as to why WiFi vs hard-wired is a requirement, or why the constant need to change VPN parameters, however:
* Get a $25-35 cheap low-end PC off eBay with (2) NIC's, * Set it up as a Firewall with NAT turned-on, and load the VPN Client on that Firewall box. [Preferably a Linux release set to auto-load the firewall services upon boot -- this is unless the VPN Client doesn't work on Linux] * The VPN Client should be pointed to bind to the 1st NIC's network. * Subnet your 3-4 BOINC PC's to the new (non-routable) internal network's IP range (or setup DHCP) and connect them to a cheap network switch (if WiFi can't be used) that connects to the Firewall's 2nd NIC. * The 1st NIC's connection goes to the ISP's router and keeps the original IP-range of the ISP router's network.. * Confirm no direct connection of the subnetted PC's in the ISP Router's Admin page and via IPConfig (Windows) or "ip route show" (Linux) command on the subnetted PC's. Now you only have to occasionally twiddle with the VPN connection parameters on the "Firewall Box" and the BOINC PC's won't be any the wiser. On the outbound side, the NAT'ing will make it appear as only (1) VPN connection. If all else fails, Google is your friend. In a sense you're getting a "3 for 1" (or "4 for 1") use out of the VPN. Whether this violates the VPN's Terms of Service Agreement is a question you will need to read-up on... |
||
|
|
Link64
Senior Cruncher Joined: Feb 19, 2021 Post Count: 206 Status: Offline Project Badges:
|
* Get a $25-35 cheap low-end PC off eBay with (2) NIC's Or simply add another NIC to one of the BOINC-PCs if Spiderman's solution in general works for you. The result is the same, but more efficient than some ancient PC, which might burn over 100 Watts per hour while doing nearly nothing.[Edit 1 times, last edit by Link64 at Aug 17, 2025 3:08:56 PM] |
||
|
|
Occam
Advanced Cruncher Joined: Jan 1, 2024 Post Count: 92 Status: Offline |
I didn't feel the need to specify in great detail why wi-fi isn't an option. Security. If any one does not agree, go ahead and list your sigint experience. I use Linux. Any one that wants to list the Win advantage over Linux for security/privacy, go ahead. The idea of a switch should work but I recall the VPN being an issue anytime it goes through anything that splits the signal, then disconnects. The VPN gives me a few connections but not 4, but I can manually change them, but even if I get past that once, every time I need to download more I have to manually connect. I will see if I can copy/paste the issue with VPN connections and router's or anything that splits the signal. Thanks for all the replies.
|
||
|
|
hchc
Veteran Cruncher USA Joined: Aug 15, 2006 Post Count: 865 Status: Offline Project Badges:
|
If you're terminating the 3rd party VPN on each client machine, it seems like you are shooting yourself in the foot with extra work + having to eat up the max # of simultaneous connections to the 3rd party VPN provider. Highly recommend terminating the 3rd party VPN service directly on your router. This way there's a 24/7 single connection between your edge router/firewall and the 3rd party service. Then any and all client machines on your network will automatically be routed through the VPN as a single connection. I've done that for years on pfSense, and it works really great. I wouldn't put up with the manual process of fetching work for each machine. Just set it and forget it imho.
----------------------------------------Re: routers: either build your own for cheap or buy something like a Protectli that meets your needs. I'm currently using a used HP t740 thin client from eBay. They've come down in price quite a lot. It uses an embedded Ryzen CPU and is a bit overkill for my Internet speeds, but it still gets BIOS updates compared to the older HP thin clients. Connect all client devices to a switch, and connect the switch to your edge router's LAN interface. It's masochistic to manually connect each client device to your router's LAN interface just so they get temporary connectivity. Edited to Add: If you don't want to build or buy a router to run something like pfSense or OPNsense on to terminate your VPN and want to go the more simple consumer route, I really like Asus brand routers over anything else such as Netgear and especially TP-Link. Asus's AsusWRT is based off OpenWRT and has a nice UI and exposes plenty of advanced features. Newer models should have enough CPU/RAM for many broadband Internet connections over a VPN tunnel unless you are expecting gigabit or faster over something like Wireguard or OpenVPN (AES-256-GCM) or something. In that case you'll have to either build or buy a beefier router and run pfSense or OPNsense for VPN termination.
[Edit 2 times, last edit by hchc at Aug 18, 2025 9:15:39 PM] |
||
|
|
Paul Schlaffer
Senior Cruncher USA Joined: Jun 12, 2005 Post Count: 278 Status: Offline Project Badges: 
|
The problem isn't that clearly articulated. If the VPN is set up on the router, you should be able to include a rule to exclude the WCG traffic from the VPN. If it's VPN software on the machine, then you should be able to do split tunneling, which is exactly what I do on my machine.
----------------------------------------
“Where an excess of power prevails, property of no sort is duly respected. No man is safe in his opinions, his person, his faculties, or his possessions.” – James Madison (1792)
|
||
|
|
BobbyB
Veteran Cruncher Canada Joined: Apr 25, 2020 Post Count: 638 Status: Offline Project Badges:
|
I'm simply curious about hchc's comment.
3. Is there a reason you can't simply connect all your BOINC/WCG machines to your router and just use the Internet without a VPN? Also NOT judging.I'm doing exactly that: directly through the router to the Internet without a VPN. Am I missing something about security/privacy? Are we saying Boinc is not safe? Yeah, the ISP "knows" I'm connecting to WCG but the VPN would also "know" this if I used one unless if using one which states they do not log anything like Proton VPN |
||
|
|
Paul Schlaffer
Senior Cruncher USA Joined: Jun 12, 2005 Post Count: 278 Status: Offline Project Badges:
|
I'm simply curious about hchc's comment. 3. Is there a reason you can't simply connect all your BOINC/WCG machines to your router and just use the Internet without a VPN? Also NOT judging.I'm doing exactly that: directly through the router to the Internet without a VPN. Am I missing something about security/privacy? Are we saying Boinc is not safe? Yeah, the ISP "knows" I'm connecting to WCG but the VPN would also "know" this if I used one unless if using one which states they do not log anything like Proton VPN If you're going to use a VPN, it should be a no-logs VPN (I use Proton). But yes I agree, not all traffic needs or should go through a VPN, just the traffic that matters. I use a combination of browser isolation and split tunneling to accomplish this.
“Where an excess of power prevails, property of no sort is duly respected. No man is safe in his opinions, his person, his faculties, or his possessions.” – James Madison (1792)
|
||
|
|
|