adsl modem + router for vpn use.

Hi Guys,

Need some help & suggestions. I'm expanding the home connectivity & need to
go wireless now. I've been told to get Netgear's DG834G wireless adsl modem
+ router but have seen conflicting product reports/reviews & it doesn't seem
to work on VPN connections which i crucially need. I've even got a work
colleague test the VPN connection from her own DG834 which she has at home &
indeed, it failed to connect to the office.

Any suggestions or recommendations for a wireless adsl modem + router that
works well with VPN connections?

Thanks.

run.

If you are wantiing to connect to your house or office through a vpn
you need a router that has vpn endpoint.
Netgear makes some and they also have vpn client software.
The dg834g supports only vpn passthrough.



"run" <run@localtime> wrote in message
news:(E-Mail Removed)...
> Hi Guys,
>
> Need some help & suggestions. I'm expanding the home connectivity &
need to
> go wireless now. I've been told to get Netgear's DG834G wireless
adsl modem
> + router but have seen conflicting product reports/reviews & it
doesn't seem
> to work on VPN connections which i crucially need. I've even got a
work
> colleague test the VPN connection from her own DG834 which she has
at home &
> indeed, it failed to connect to the office.
>
> Any suggestions or recommendations for a wireless adsl modem +
router that
> works well with VPN connections?
>
> Thanks.
>
> run.
>
>
>
>

On Thu, 18 Nov 2004 12:13:37 -0000, "run" <run@localtime> wrote:

>Need some help & suggestions. I'm expanding the home connectivity & need to
>go wireless now. I've been told to get Netgear's DG834G wireless adsl modem
>+ router but have seen conflicting product reports/reviews & it doesn't seem
>to work on VPN connections which i crucially need. I've even got a work
>colleague test the VPN connection from her own DG834 which she has at home &
>indeed, it failed to connect to the office.

Duz your VPN use IPSec, PPPTP, L2TP, or other tunneling protocol? The
router has to support "VPN pass thru" for every protocol you use.

How many tunnels are you running at one time? Many routers support
only one or two simultaneous tunnels.

Are you using some VPN protocol that encapsulates and authenticates
the entire packet instead of just the payload? AH won't work, ESP
will. If so, none of the NAT routers will work because changing the
header IP from a WAN IP to a NAT IP will appear as packet tampering.

Are you using Crypto IP (CIPE)?

>Any suggestions or recommendations for a wireless adsl modem + router that
>works well with VPN connections?

Nope. I don't suggest using conglomerated solutions even if they are
cheaper. I suggest you get a seperate ADSL modem ($30 on eBay), a
seperate wired router that is known to work with your office VPN
(about $80), and a seperate wireless access point ($60). The idea is
that all the wires tend to come together at the router makiing a big
wiring mess best hidden under a desk. However, the wireless part
wants to have a good view of the house. These requirements are
incompatible in a single box. Therefore, I suggest a "component"
system instead of a conglomerated duz-it-all box.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Jeff, your just full of knowledge. Can I download your brain.

Would you please explain router vpn endpoints and passthroughs in some
detail.

Lets say for number 1.
I am using wireless at home and I want to use a vpn to a router. ( I
read an earlier post of yours)
What does my router need to have?


Number 2
I am sitting in a hotspot drinking a beer and I want to access my home
via vpn.
What does my router need to have?

Number 3
Do I actually have to have a vpn client sofware or can windoze be
configured in itself.
This question applies to win 2000, XPpro and XPhome






"Jeff Liebermann" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Thu, 18 Nov 2004 12:13:37 -0000, "run" <run@localtime> wrote:
>
> >Need some help & suggestions. I'm expanding the home connectivity &
need to
> >go wireless now. I've been told to get Netgear's DG834G wireless
adsl modem
> >+ router but have seen conflicting product reports/reviews & it
doesn't seem
> >to work on VPN connections which i crucially need. I've even got a
work
> >colleague test the VPN connection from her own DG834 which she has
at home &
> >indeed, it failed to connect to the office.
>
> Duz your VPN use IPSec, PPPTP, L2TP, or other tunneling protocol?
The
> router has to support "VPN pass thru" for every protocol you use.
>
> How many tunnels are you running at one time? Many routers support
> only one or two simultaneous tunnels.
>
> Are you using some VPN protocol that encapsulates and authenticates
> the entire packet instead of just the payload? AH won't work, ESP
> will. If so, none of the NAT routers will work because changing the
> header IP from a WAN IP to a NAT IP will appear as packet tampering.
>
> Are you using Crypto IP (CIPE)?
>
> >Any suggestions or recommendations for a wireless adsl modem +
router that
> >works well with VPN connections?
>
> Nope. I don't suggest using conglomerated solutions even if they
are
> cheaper. I suggest you get a seperate ADSL modem ($30 on eBay), a
> seperate wired router that is known to work with your office VPN
> (about $80), and a seperate wireless access point ($60). The idea
is
> that all the wires tend to come together at the router makiing a big
> wiring mess best hidden under a desk. However, the wireless part
> wants to have a good view of the house. These requirements are
> incompatible in a single box. Therefore, I suggest a "component"
> system instead of a conglomerated duz-it-all box.
>
>
> --
> Jeff Liebermann (E-Mail Removed)
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 AE6KS 831-336-2558

On Thu, 18 Nov 2004 13:01:37 -0600, "Airhead"
<(E-Mail Removed)> wrote:

>Can I download your brain.

No.

>Would you please explain router vpn endpoints and passthroughs in some
>detail.

Ummm... No. I'm late for lunch. Too many VPN options, variations,
mutations, standards, incompatibilies, techniques, topologies, and
acronyms.

>Lets say for number 1.
>I am using wireless at home and I want to use a vpn to a router. ( I
>read an earlier post of yours)
>What does my router need to have?

You need a router that will terminate a VPN tunnel. These are
commonly called "VPN routers" (duh) and are quite different from
routers offering "VPN pass thru" or "VPN tunnel support". I think I
listed some likely candidates. I've used Sonicwall, Watchguard,
Linksys, Cisco, and others. As always, I'm not a big fan of
conglomerating the router and the wireless, so I suggest you look for
seperate boxes.

There's also a security issue. If you setup a VPN tunnel from your
computah to your own router, but your computah is compromised by a
worm, virus, or trojan, it's easy enough for an attacker to go around
the tunnel and run your computah by remote control.

There's a similar issue if you have a VPN router, and use it to
*INITIATE* a VPN session into a corporate LAN through a VPN tunnel.
This has the advantage of allowing all the computers on your LAN to
play VPN without adding any additional software to each computah.
Unfortunately, it also allows unauthenticated computers into the
corporate LAN via your VPN router. If one of the kids computahs has
been compromised, they have instant access to the corporate LAN.

>Number 2
>I am sitting in a hotspot drinking a beer and I want to access my home
>via vpn.
>What does my router need to have?

IPSec VPN client software. I'm using the Cisco IPSec client, Safenet,
and some others. The IPSec client is bundled with XP, and is
available for 2000 etc.
http://www.microsoft.com/technet/com...uy/cg0502.mspx
http://www.microsoft.com/windows2000...l2tpclient.asp
http://www.wown.com/pages/search.asp?query=vpn&x=0&y=0 many articles

Oh cool. An update to fix what XP SP2 broke:
http://support.microsoft.com/default...b;en-us;818043

Incidentally, ignore anything that reeks of PPTP.

Search google for VPN client software. When you get it together, and
you have a VPN router at your house, and you have a dynamic DNS
provider so you find your home IP address, you will have access to
your home LAN almost exactly as if you were plugged directly into the
LAN side of your home router (including a LAN side NAT assigned IP
address).

>Number 3
>Do I actually have to have a vpn client sofware or can windoze be
>configured in itself.
>This question applies to win 2000, XPpro and XPhome

Self configuring? Surely you jest. You gotta screw around with
arcane acroynms, cryptic values, and incomprehensible instructions.
Search google for "xp vpn setup" and notice how many universities and
libraries have canned setups for licensed VPN clients. If you think
setting up a wireless router is a thrill, wait until you dive into the
myriad of options and choices available in an IPSec VPN.

Besides, if it were easy, it would be no fun.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Thanks for the lecture



"Jeff Liebermann" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Thu, 18 Nov 2004 13:01:37 -0600, "Airhead"
> <(E-Mail Removed)> wrote:
>
> >Can I download your brain.
>
> No.
>
> >Would you please explain router vpn endpoints and passthroughs in
some
> >detail.
>
> Ummm... No. I'm late for lunch. Too many VPN options, variations,
> mutations, standards, incompatibilies, techniques, topologies, and
> acronyms.
>
> >Lets say for number 1.
> >I am using wireless at home and I want to use a vpn to a router.
( I
> >read an earlier post of yours)
> >What does my router need to have?
>
> You need a router that will terminate a VPN tunnel. These are
> commonly called "VPN routers" (duh) and are quite different from
> routers offering "VPN pass thru" or "VPN tunnel support". I think I
> listed some likely candidates. I've used Sonicwall, Watchguard,
> Linksys, Cisco, and others. As always, I'm not a big fan of
> conglomerating the router and the wireless, so I suggest you look
for
> seperate boxes.
>
> There's also a security issue. If you setup a VPN tunnel from your
> computah to your own router, but your computah is compromised by a
> worm, virus, or trojan, it's easy enough for an attacker to go
around
> the tunnel and run your computah by remote control.
>
> There's a similar issue if you have a VPN router, and use it to
> *INITIATE* a VPN session into a corporate LAN through a VPN tunnel.
> This has the advantage of allowing all the computers on your LAN to
> play VPN without adding any additional software to each computah.
> Unfortunately, it also allows unauthenticated computers into the
> corporate LAN via your VPN router. If one of the kids computahs has
> been compromised, they have instant access to the corporate LAN.
>
> >Number 2
> >I am sitting in a hotspot drinking a beer and I want to access my
home
> >via vpn.
> >What does my router need to have?
>
> IPSec VPN client software. I'm using the Cisco IPSec client,
Safenet,
> and some others. The IPSec client is bundled with XP, and is
> available for 2000 etc.
>
http://www.microsoft.com/technet/com...guy/cg0502.msp
x
>
http://www.microsoft.com/windows2000...ews/bulletins/
l2tpclient.asp
> http://www.wown.com/pages/search.asp?query=vpn&x=0&y=0 many
articles
>
> Oh cool. An update to fix what XP SP2 broke:
> http://support.microsoft.com/default...b;en-us;818043
>
> Incidentally, ignore anything that reeks of PPTP.
>
> Search google for VPN client software. When you get it together,
and
> you have a VPN router at your house, and you have a dynamic DNS
> provider so you find your home IP address, you will have access to
> your home LAN almost exactly as if you were plugged directly into
the
> LAN side of your home router (including a LAN side NAT assigned IP
> address).
>
> >Number 3
> >Do I actually have to have a vpn client sofware or can windoze be
> >configured in itself.
> >This question applies to win 2000, XPpro and XPhome
>
> Self configuring? Surely you jest. You gotta screw around with
> arcane acroynms, cryptic values, and incomprehensible instructions.
> Search google for "xp vpn setup" and notice how many universities
and
> libraries have canned setups for licensed VPN clients. If you think
> setting up a wireless router is a thrill, wait until you dive into
the
> myriad of options and choices available in an IPSec VPN.
>
> Besides, if it were easy, it would be no fun.
>
>
> --
> Jeff Liebermann (E-Mail Removed)
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 AE6KS 831-336-2558

Thanks guys.... i wasn't expecting a lecture but now i'll have to do my
homework & hope to get an A grade base on the stuff mentioned here.

I'll look into a 'component' set as suggested Jeff. Thanks a million.

run.




"run" <run@localtime> wrote in message
news:(E-Mail Removed)...
> Hi Guys,
>
> Need some help & suggestions. I'm expanding the home connectivity & need
to
> go wireless now. I've been told to get Netgear's DG834G wireless adsl
modem
> + router but have seen conflicting product reports/reviews & it doesn't
seem
> to work on VPN connections which i crucially need. I've even got a work
> colleague test the VPN connection from her own DG834 which she has at home
&
> indeed, it failed to connect to the office.
>
> Any suggestions or recommendations for a wireless adsl modem + router that
> works well with VPN connections?
>
> Thanks.
>
> run.
>
>
>
>

On Thu, 18 Nov 2004 22:20:37 -0000, "run" <run@localtime> wrote:

>Thanks guys.... i wasn't expecting a lecture but now i'll have to do my
>homework & hope to get an A grade base on the stuff mentioned here.

I'll have a quiz prepared when you get back. One thing that wasn't
clear is that we are talking about two different types of router
features for VPN.

One is VPN "pass thru" which most routers support (to varying
degrees). This requires VPN client software on your computah.

The other is a "VPN router" that can initiate or terminate a VPN
tunnel, without any additional software on the clients.

>I'll look into a 'component' set as suggested Jeff. Thanks a million.

A million whats? Dollars? Paypal to email address below will work.
Or just mail me a cheque. Thanks much in advance.


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice http://www.LearnByDestroying.com
# (E-Mail Removed)
# 831.421.6491 digital_pager (E-Mail Removed) AE6KS

run <run@localtime> wrote:
> Thanks guys.... i wasn't expecting a lecture but now i'll have to do my
> homework & hope to get an A grade base on the stuff mentioned here.

> I'll look into a 'component' set as suggested Jeff. Thanks a million.

Recapping, since this broke into two completely separate topics.
1:
If you need to connect your laptop at home through a wireless router to a
corporate VPN server, you use the vpn client they gave to you , or provided
canned instructions for. You should be able to use almost any router.
I have used SMC, Netgear and Linksys.
If you wanted more than one computer to "tunnel" at the same time, you
might need to be cautious, but the Linksys and SMC will at least do two
simultaneously.

#1 is simple, people do it all the time without even considering how
difficult it may or may not be.




2:
You want to connect your wirless laptop to a VPN "somewhere" so that the
wireless portion of your connection is more secure.
hotspotvpn offers such as service for $8.99 per month.

3:
You want to connect from the internet to your home, using VPN (a home
version of what a lot of people do toward work). Jeff suggests some real
equipment. SMC offers some <$100 routers that act as VPN endpoints.
WinXP-SP2 might work on the home server.

4:
You want to connect wirelessly from your laptop to you router, as a way of
securing the wireless portion of the connection. Dunno. I think the SMC
might do that.

5:
You want your router to establish the VPN connection to some other place,
so that everything on your network is on the same VPN as the network at the
remote end. Sonicwall.

---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5

Jeff Liebermann <(E-Mail Removed)> wrote:

> Oh cool. An update to fix what XP SP2 broke:
> http://support.microsoft.com/default...b;en-us;818043

Although that's dated November 12, 2004, the elements of it seem to be
included with WinXP-SP2. They offer a download for Win2000, and a pointer
to the WinXP-SP2 as a way to implement the changes.

The binaries that are listed are dated April 2003.

---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5