How do I access my shares at home from 2nd location?

Hi all,

I love networking, but I'm not as good as I used to be... (a) I forgot a lot, (b) I haven't been keeping up to date, and (c) I would trust the cohort here a lot more than my Google-Fu.

I'll be staying with my family for the forseeable future and I'd like to have network access to my home network (back at my own home, obviously).

I have an ASUS GT-AC5300 router here at my sister's and ASUS GT-BE98 PRO at home (just got it recently and I love it!!!).

I'm guessing I need to set up a VPN between the two of them? Any tips, suggestions, recommendations? While here at my sister's, I'd like to be able to type in //MY_SERVER (WIN10/11) and access MY_SERVER running Windows Server 2019 at home. When at home, it works great and I can access any of my 3 servers just by typing in //SERVER_NAME.

The problem is that both are set for 192.168.2.1 (router) and 192.168.2.xxx for the local IP addresses at both locations.

While at my sister's, I'd like to access Internet via this ISP and while at home, I'd like to use my home's ISP (but this is secondary). Unfortunately, my sister's location will be my PRIMARY location, but all the servers will remain at home.

So, my question... (1) which router should be where (I'm guessing the better one here at my sister's) and (2) what's the best way for me to be able to access my home shares.

Thank you!!!!!!

[edit] Just changed my sister's router to 192.168.3.1 and everyone now has 192.168.3.xxx (also, if I should buy another router to replace the old AC5300, I'm ok with that, too. [/edit]

This is the AC-5300 router's VPN dashboard:



And this is the router at home:



I haven't used any of this VPN stuff

Probably want openvpn or ipsec since both routers support either of those. Can't recommend a server, but you'll need to set one up on one of the routers, or on a server behind the routers.

Openvpn or tailscale..tailscale is probably the easiest, see if it will work for you.

I use enterprise vpn routers to do exactly what you're doing across several sites (and homes) across the US. I could print a document to my parents printer when they couldn't open it, etc. I did this by setting up IPsec VPN tunnels. These are pretty much the industry standard for VPN tunnels, but are generally not supported as well on consumer hardware. Seems like your Asus boxes do have support for it.

Another alternative that can be just is good though is openvpn which is supported on both your Asus boxes as well. So what I would try first is IPsec and if that doesn't work, use Openvpn.

You won't necessarily be able to access devices on each side by their name, but you should be able to hit them by IP address. As far as Internet access, each system on each side will use its own local Internet access. Which has advantages if one side is having some sort of an issue with their ISP, then you can use a system on the other side to see if it's the site or the isp. You can also get around session limits and visitor limits per IP and system since you have more than one.

Setting up tunnels is very, very detailed work and I've rarely gotten a tunnel to come up on the first shot. So check each step and configuration detail carefully before trying it. And also, set everything to the most insecure/basic setup first. Once you get that going, you can beef up the group number, shared key, etc. Just get the basic tunnel up and working first.

Hope this helps!

I would try setting your home router as an openvpn server and your sister's router as a openvpn client to your home router.

Pay attention to settings so that only the private subnets go across the VPN; you probably don't want to send all your internet traffic from the sister's house out from your home and back, cause it'll usually be slower. Sometimes you might want to send some traffic over to get around geofencing if you live very far away.

As an experienced software dev with a networking focus, I can firmly say, don't touch ipsec at all unless you can't avoid it, you're being paid well, and it's the only way to do something that is very important to your employer. It's fucking terrible.

Wireguard is supposed to be nice, but that doesn't help if only one side supports it.

There are ways to make cross subnet network shares by name work, but probably easier to get your home server a static ip assignment and just use the ip.

Thanks, guys!!! I will actually buy the Asus RT-BE58U for my sister's house (since I'm here) and will keep the RT-BE96U Pro at my home and will run WireGuard between them. Thank you for all the info and recommendations!!

Actually, leaning towards the ASUS RT-BE86U, unless you guys point me in another direction. Would like to stay with ASUS. Thanks, again!!

In the meantime, I connected my laptop via WireGuard app to my router back home. The VPN tunnel works and when I go to whatsmyip.org on my laptop here, it shows me the IP address from home. So, I'm guessing great success? But, when I type in the \\server_name into explorer or even in command prompt (ping server_name), nothing comes back. Any recommendations? But, the IP address at home 192.168.2.xxx works when I ping it. I'm guessing, DNS issue?

I'd start with a VPN client on a laptop if you have one. Set up your router as a VPN server, then get the laptop connecting to it. Tether to cellular if you can (unless you have a second internet connection) for testing, or test from a neighbor's house or local business with WiFi. Trying to set up another router to connect remotely when you don't have access to the other end is a bitch, especially if you haven't tested it ahead of time. If you get the laptop going at least you know the VPN server works and you can get into it remotely. Once you have that going do you need the router on the other end connected? You don't if access to your home network is just for you.

Yep, good call zandor with the access to the other router. I connect to one of the machines at home via TeamViewer and from that, I can access the router. Makes things easier to set up.

But yeah, you're 100% right and I actually did think about it. Since it's only for ME and I can access the home network from my laptop via WireGuard, the whole site-to-site with a new router idea isn't really necessary. Waste of money; even though I liked the idea of getting a new router

Just gotta figure out the DNS... if I type in \\192.168.1.50, I can access the shares on my server. But, if I type in \\server_name, it doesn't find it.

RavinDJ said:

Just gotta figure out the DNS... if I type in \\192.168.1.50, I can access the shares on my server. But, if I type in \\server_name, it doesn't find it.

Click to expand...

If you even need it. For just a couple machines back home you can always just stick them in the hosts file in Windows\System32\drivers\etc\ or in /etc on Linux and I think Mac as long as they have static IPs or your DHCP server is set up to always give them the same address.

zandor said:

If you even need it. For just a couple machines back home you can always just stick them in the hosts file in Windows\System32\drivers\etc\ or in /etc on Linux and I think Mac as long as they have static IPs or your DHCP server is set up to always give them the same address.

Click to expand...

Damn! I owe you a beer for that simple solution/hack!!! Works flawlessly. Just needed 3 machines!!!

Am I supposed to be getting slow speeds like this?

I have 300/20 from Optimum... which, now that I think about it, it makes sense... 20/8=2.5 MB/s under IDEAL conditions.

Is it worth it to upgrade to 1Gig (940/940) for $40/month extra?

[edit] I actually think it's 940/35, now that I read more about it. [/edit]

Depends if you want days vs hours really. Check the business plans, often have a symmetrical option.

kydsid said:

Depends if you want days vs hours really. Check the business plans, often have a symmetrical option.

Click to expand...

The problem is that it's still over coax instead of fiber

Once you do get symmetrical, you'll hit another bottleneck - SFTP speeds (since SMB was not made for high latency networks, you'll want to use a different protocol). So far rclone is the only way i've found to saturate my download speed. It has tuning params built in for concurrent transfers. A single SFTP transfer will max out at 2-8mb/s for me otherwise. There is a GUI but unfortunately its not as user-friendly as other SFTP apps like Filezilla etc.