Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[hoyt]

Anyone using a rackmount router that they'd recommend?  I'd like to get a consumer/ low-pro grade to run VPN software with a few gigabit switch ports.  Thanks!

[MrC]

http://yabb.jriver.com/interact/index.php?topic=74114.msg502850#msg502850

[hoyt]

Thanks!  Pardon the ignorance... But does a firewall hardware device also let you establish a remote VPN connection out of the box?  For instance, I want to connect my home network to a separate VPN server.  I'm seeing that these types of devices offer VPN connectivity to remotely access the environment they are protecting, but I really want to go the other way around. 

I hadn't thought of a firewall as a router, but I suppose that's a large part of what they do..

[MrC]

Typically most users would use VPN client software on a system to connect to a remote server, but this would only be for that system.  This device does do IPSec VPN for site to site tunnels.

Most folks don't need large-scale routers, as they typically have a network or two.   All of these commodity appliances do routing.

[glynor]

I can second MrC's recommendation. If you want something fancier (and therefore more difficult to use but more flexible) another option is to use a separate nice switch (and I still like the Netgear ProSafe switches) and build a Sophos UTM beige box (formerly called Astaro Security Gateway).  If this is for home use, they have a free home user license that works for up to 50 hosts and is full featured.

But, for most needs, I think the Netgear ProSafe Firewall is a great choice.  I'm pretty sure it'll do the Site-to-Site VPN tunneling you need (that's what the type of VPN you're looking for is called).

[glynor]

Also, all home routers are also firewalls.

Routers for this kind of use provide NAT (translating multiple internal, usually 192.168.x.x, addresses into one "real" WAN address.  NAT is a kind of firewall.

Cheap home routers are often not very sophisticated, and the bad ones often have firmware security problems, but NAT itself is actually (when working right and not bypassed via UPnP or similar stupidity) a pretty good firewall solution for most home needs.  It doesn't do deep packet inspection or "intelligent" threat assessment (ala Snort), but it does effectively prevent "uninvited external connections".

But I would avoid most "consumer " brands (even Netgear).  They're mostly junk with poorly written firmware, and they won't support Site to Site VPN anyway.

[felix2]

VPN is one where you take advantage of an existing network like the Internet and build a private subnetwork to 'tunnel' through from one computer to another computer. This is frequently called 'remote connection' from your mobile computer back to a computer, called server, that you controlled and is private.

To do this:
1) You mobile computer must enable special software that can do the remote connection to the server. Late versions of Windows OS has such ability but you must turn it on.
2) You server similarly must run the corresponding remote connection software, but the server side is more complicated because it has the additional responsibility to talk to network gear to enable the VPN, and to establish security. Only Windows Server OSs have such capability.
3) In-between the above is the router that permits such a tunneling network connection to be established. All consumer routers do not permit it. Some 'prosumer' routers do, but the firmware inside is really rough and implement only a subset of all necessary VPN functions. You will likely run into complications. Only business class routers that specifically implements the FULL SET of VPN protocols permit trouble-free VPNs. (Check Cisco) Also, the router side VPN protocols must also talk to the server side VPN protocols correctly, meaning the VPN router must be compatible to the Windows Server OS in question.
4) For you to establish a VPN, the IP address of both ends must be fixed. This is true for enterprise because they buy expensive business Net services which deliver fixed IP addresses. But consumer Net service never deliver fixed IP addresses - they dynamically assign IP addresses. Without fixed IP address, doing a VPN is all but impossible.

VPN can be straightforward (if you are lucky), but likely a challenge for novice.