Sign in with
Sign up | Sign in
Your question

adsl modem + router for vpn use.

Last response: in Wireless Networking
Share
Anonymous
a b F Wireless
November 18, 2004 3:13:37 PM

Archived from groups: alt.internet.wireless (More info?)

Hi Guys,

Need some help & suggestions. I'm expanding the home connectivity & need to
go wireless now. I've been told to get Netgear's DG834G wireless adsl modem
+ router but have seen conflicting product reports/reviews & it doesn't seem
to work on VPN connections which i crucially need. I've even got a work
colleague test the VPN connection from her own DG834 which she has at home &
indeed, it failed to connect to the office.

Any suggestions or recommendations for a wireless adsl modem + router that
works well with VPN connections?

Thanks.

run.

More about : adsl modem router vpn

Anonymous
a b F Wireless
November 18, 2004 3:13:38 PM

Archived from groups: alt.internet.wireless (More info?)

If you are wantiing to connect to your house or office through a vpn
you need a router that has vpn endpoint.
Netgear makes some and they also have vpn client software.
The dg834g supports only vpn passthrough.



"run" <run@localtime> wrote in message
news:1100780019.11559.0@nnrp-t71-02.news.clara.net...
> Hi Guys,
>
> Need some help & suggestions. I'm expanding the home connectivity &
need to
> go wireless now. I've been told to get Netgear's DG834G wireless
adsl modem
> + router but have seen conflicting product reports/reviews & it
doesn't seem
> to work on VPN connections which i crucially need. I've even got a
work
> colleague test the VPN connection from her own DG834 which she has
at home &
> indeed, it failed to connect to the office.
>
> Any suggestions or recommendations for a wireless adsl modem +
router that
> works well with VPN connections?
>
> Thanks.
>
> run.
>
>
>
>
Anonymous
a b F Wireless
November 18, 2004 3:13:38 PM

Archived from groups: alt.internet.wireless (More info?)

On Thu, 18 Nov 2004 12:13:37 -0000, "run" <run@localtime> wrote:

>Need some help & suggestions. I'm expanding the home connectivity & need to
>go wireless now. I've been told to get Netgear's DG834G wireless adsl modem
>+ router but have seen conflicting product reports/reviews & it doesn't seem
>to work on VPN connections which i crucially need. I've even got a work
>colleague test the VPN connection from her own DG834 which she has at home &
>indeed, it failed to connect to the office.

Duz your VPN use IPSec, PPPTP, L2TP, or other tunneling protocol? The
router has to support "VPN pass thru" for every protocol you use.

How many tunnels are you running at one time? Many routers support
only one or two simultaneous tunnels.

Are you using some VPN protocol that encapsulates and authenticates
the entire packet instead of just the payload? AH won't work, ESP
will. If so, none of the NAT routers will work because changing the
header IP from a WAN IP to a NAT IP will appear as packet tampering.

Are you using Crypto IP (CIPE)?

>Any suggestions or recommendations for a wireless adsl modem + router that
>works well with VPN connections?

Nope. I don't suggest using conglomerated solutions even if they are
cheaper. I suggest you get a seperate ADSL modem ($30 on eBay), a
seperate wired router that is known to work with your office VPN
(about $80), and a seperate wireless access point ($60). The idea is
that all the wires tend to come together at the router makiing a big
wiring mess best hidden under a desk. However, the wireless part
wants to have a good view of the house. These requirements are
incompatible in a single box. Therefore, I suggest a "component"
system instead of a conglomerated duz-it-all box.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
Related resources
Anonymous
a b F Wireless
November 18, 2004 4:01:37 PM

Archived from groups: alt.internet.wireless (More info?)

Jeff, your just full of knowledge. Can I download your brain.

Would you please explain router vpn endpoints and passthroughs in some
detail.

Lets say for number 1.
I am using wireless at home and I want to use a vpn to a router. ( I
read an earlier post of yours)
What does my router need to have?


Number 2
I am sitting in a hotspot drinking a beer and I want to access my home
via vpn.
What does my router need to have?

Number 3
Do I actually have to have a vpn client sofware or can windoze be
configured in itself.
This question applies to win 2000, XPpro and XPhome






"Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> wrote in message
news:03opp0pepogfac7vds7iqfolnu8o3673k5@4ax.com...
> On Thu, 18 Nov 2004 12:13:37 -0000, "run" <run@localtime> wrote:
>
> >Need some help & suggestions. I'm expanding the home connectivity &
need to
> >go wireless now. I've been told to get Netgear's DG834G wireless
adsl modem
> >+ router but have seen conflicting product reports/reviews & it
doesn't seem
> >to work on VPN connections which i crucially need. I've even got a
work
> >colleague test the VPN connection from her own DG834 which she has
at home &
> >indeed, it failed to connect to the office.
>
> Duz your VPN use IPSec, PPPTP, L2TP, or other tunneling protocol?
The
> router has to support "VPN pass thru" for every protocol you use.
>
> How many tunnels are you running at one time? Many routers support
> only one or two simultaneous tunnels.
>
> Are you using some VPN protocol that encapsulates and authenticates
> the entire packet instead of just the payload? AH won't work, ESP
> will. If so, none of the NAT routers will work because changing the
> header IP from a WAN IP to a NAT IP will appear as packet tampering.
>
> Are you using Crypto IP (CIPE)?
>
> >Any suggestions or recommendations for a wireless adsl modem +
router that
> >works well with VPN connections?
>
> Nope. I don't suggest using conglomerated solutions even if they
are
> cheaper. I suggest you get a seperate ADSL modem ($30 on eBay), a
> seperate wired router that is known to work with your office VPN
> (about $80), and a seperate wireless access point ($60). The idea
is
> that all the wires tend to come together at the router makiing a big
> wiring mess best hidden under a desk. However, the wireless part
> wants to have a good view of the house. These requirements are
> incompatible in a single box. Therefore, I suggest a "component"
> system instead of a conglomerated duz-it-all box.
>
>
> --
> Jeff Liebermann jeffl@comix.santa-cruz.ca.us
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 AE6KS 831-336-2558
Anonymous
a b F Wireless
November 18, 2004 4:01:38 PM

Archived from groups: alt.internet.wireless (More info?)

On Thu, 18 Nov 2004 13:01:37 -0600, "Airhead"
<campbell@alliancecable.net> wrote:

>Can I download your brain.

No.

>Would you please explain router vpn endpoints and passthroughs in some
>detail.

Ummm... No. I'm late for lunch. Too many VPN options, variations,
mutations, standards, incompatibilies, techniques, topologies, and
acronyms.

>Lets say for number 1.
>I am using wireless at home and I want to use a vpn to a router. ( I
>read an earlier post of yours)
>What does my router need to have?

You need a router that will terminate a VPN tunnel. These are
commonly called "VPN routers" (duh) and are quite different from
routers offering "VPN pass thru" or "VPN tunnel support". I think I
listed some likely candidates. I've used Sonicwall, Watchguard,
Linksys, Cisco, and others. As always, I'm not a big fan of
conglomerating the router and the wireless, so I suggest you look for
seperate boxes.

There's also a security issue. If you setup a VPN tunnel from your
computah to your own router, but your computah is compromised by a
worm, virus, or trojan, it's easy enough for an attacker to go around
the tunnel and run your computah by remote control.

There's a similar issue if you have a VPN router, and use it to
*INITIATE* a VPN session into a corporate LAN through a VPN tunnel.
This has the advantage of allowing all the computers on your LAN to
play VPN without adding any additional software to each computah.
Unfortunately, it also allows unauthenticated computers into the
corporate LAN via your VPN router. If one of the kids computahs has
been compromised, they have instant access to the corporate LAN.

>Number 2
>I am sitting in a hotspot drinking a beer and I want to access my home
>via vpn.
>What does my router need to have?

IPSec VPN client software. I'm using the Cisco IPSec client, Safenet,
and some others. The IPSec client is bundled with XP, and is
available for 2000 etc.
http://www.microsoft.com/technet/community/columns/cabl...
http://www.microsoft.com/windows2000/server/evaluation/...
http://www.wown.com/pages/search.asp?query=vpn&x=0&y=0 many articles

Oh cool. An update to fix what XP SP2 broke:
http://support.microsoft.com/default.aspx?scid=kb;en-us;818043

Incidentally, ignore anything that reeks of PPTP.

Search google for VPN client software. When you get it together, and
you have a VPN router at your house, and you have a dynamic DNS
provider so you find your home IP address, you will have access to
your home LAN almost exactly as if you were plugged directly into the
LAN side of your home router (including a LAN side NAT assigned IP
address).

>Number 3
>Do I actually have to have a vpn client sofware or can windoze be
>configured in itself.
>This question applies to win 2000, XPpro and XPhome

Self configuring? Surely you jest. You gotta screw around with
arcane acroynms, cryptic values, and incomprehensible instructions.
Search google for "xp vpn setup" and notice how many universities and
libraries have canned setups for licensed VPN clients. If you think
setting up a wireless router is a thrill, wait until you dive into the
myriad of options and choices available in an IPSec VPN.

Besides, if it were easy, it would be no fun.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
Anonymous
a b F Wireless
November 18, 2004 6:10:13 PM

Archived from groups: alt.internet.wireless (More info?)

Thanks for the lecture



"Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> wrote in message
news:vvupp0dd3eggemn3vuh29ml66skubrd7ri@4ax.com...
> On Thu, 18 Nov 2004 13:01:37 -0600, "Airhead"
> <campbell@alliancecable.net> wrote:
>
> >Can I download your brain.
>
> No.
>
> >Would you please explain router vpn endpoints and passthroughs in
some
> >detail.
>
> Ummm... No. I'm late for lunch. Too many VPN options, variations,
> mutations, standards, incompatibilies, techniques, topologies, and
> acronyms.
>
> >Lets say for number 1.
> >I am using wireless at home and I want to use a vpn to a router.
( I
> >read an earlier post of yours)
> >What does my router need to have?
>
> You need a router that will terminate a VPN tunnel. These are
> commonly called "VPN routers" (duh) and are quite different from
> routers offering "VPN pass thru" or "VPN tunnel support". I think I
> listed some likely candidates. I've used Sonicwall, Watchguard,
> Linksys, Cisco, and others. As always, I'm not a big fan of
> conglomerating the router and the wireless, so I suggest you look
for
> seperate boxes.
>
> There's also a security issue. If you setup a VPN tunnel from your
> computah to your own router, but your computah is compromised by a
> worm, virus, or trojan, it's easy enough for an attacker to go
around
> the tunnel and run your computah by remote control.
>
> There's a similar issue if you have a VPN router, and use it to
> *INITIATE* a VPN session into a corporate LAN through a VPN tunnel.
> This has the advantage of allowing all the computers on your LAN to
> play VPN without adding any additional software to each computah.
> Unfortunately, it also allows unauthenticated computers into the
> corporate LAN via your VPN router. If one of the kids computahs has
> been compromised, they have instant access to the corporate LAN.
>
> >Number 2
> >I am sitting in a hotspot drinking a beer and I want to access my
home
> >via vpn.
> >What does my router need to have?
>
> IPSec VPN client software. I'm using the Cisco IPSec client,
Safenet,
> and some others. The IPSec client is bundled with XP, and is
> available for 2000 etc.
>
http://www.microsoft.com/technet/community/columns/cabl...
x
>
http://www.microsoft.com/windows2000/server/evaluation/...
l2tpclient.asp
> http://www.wown.com/pages/search.asp?query=vpn&x=0&y=0 many
articles
>
> Oh cool. An update to fix what XP SP2 broke:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;818043
>
> Incidentally, ignore anything that reeks of PPTP.
>
> Search google for VPN client software. When you get it together,
and
> you have a VPN router at your house, and you have a dynamic DNS
> provider so you find your home IP address, you will have access to
> your home LAN almost exactly as if you were plugged directly into
the
> LAN side of your home router (including a LAN side NAT assigned IP
> address).
>
> >Number 3
> >Do I actually have to have a vpn client sofware or can windoze be
> >configured in itself.
> >This question applies to win 2000, XPpro and XPhome
>
> Self configuring? Surely you jest. You gotta screw around with
> arcane acroynms, cryptic values, and incomprehensible instructions.
> Search google for "xp vpn setup" and notice how many universities
and
> libraries have canned setups for licensed VPN clients. If you think
> setting up a wireless router is a thrill, wait until you dive into
the
> myriad of options and choices available in an IPSec VPN.
>
> Besides, if it were easy, it would be no fun.
>
>
> --
> Jeff Liebermann jeffl@comix.santa-cruz.ca.us
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 AE6KS 831-336-2558
Anonymous
a b F Wireless
November 19, 2004 1:20:37 AM

Archived from groups: alt.internet.wireless (More info?)

Thanks guys.... i wasn't expecting a lecture but now i'll have to do my
homework & hope to get an A grade base on the stuff mentioned here.

I'll look into a 'component' set as suggested Jeff. Thanks a million.

run.




"run" <run@localtime> wrote in message
news:1100780019.11559.0@nnrp-t71-02.news.clara.net...
> Hi Guys,
>
> Need some help & suggestions. I'm expanding the home connectivity & need
to
> go wireless now. I've been told to get Netgear's DG834G wireless adsl
modem
> + router but have seen conflicting product reports/reviews & it doesn't
seem
> to work on VPN connections which i crucially need. I've even got a work
> colleague test the VPN connection from her own DG834 which she has at home
&
> indeed, it failed to connect to the office.
>
> Any suggestions or recommendations for a wireless adsl modem + router that
> works well with VPN connections?
>
> Thanks.
>
> run.
>
>
>
>
Anonymous
a b F Wireless
November 19, 2004 2:54:12 AM

Archived from groups: alt.internet.wireless (More info?)

On Thu, 18 Nov 2004 22:20:37 -0000, "run" <run@localtime> wrote:

>Thanks guys.... i wasn't expecting a lecture but now i'll have to do my
>homework & hope to get an A grade base on the stuff mentioned here.

I'll have a quiz prepared when you get back. One thing that wasn't
clear is that we are talking about two different types of router
features for VPN.

One is VPN "pass thru" which most routers support (to varying
degrees). This requires VPN client software on your computah.

The other is a "VPN router" that can initiate or terminate a VPN
tunnel, without any additional software on the clients.

>I'll look into a 'component' set as suggested Jeff. Thanks a million.

A million whats? Dollars? Paypal to email address below will work.
Or just mail me a cheque. Thanks much in advance.


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice http://www.LearnByDestroying.com
# jeffl@comix.santa-cruz.ca.us
# 831.421.6491 digital_pager jeffl@cruzio.com AE6KS
Anonymous
a b F Wireless
November 19, 2004 2:55:04 AM

Archived from groups: alt.internet.wireless (More info?)

run <run@localtime> wrote:
> Thanks guys.... i wasn't expecting a lecture but now i'll have to do my
> homework & hope to get an A grade base on the stuff mentioned here.

> I'll look into a 'component' set as suggested Jeff. Thanks a million.

Recapping, since this broke into two completely separate topics.
1:
If you need to connect your laptop at home through a wireless router to a
corporate VPN server, you use the vpn client they gave to you , or provided
canned instructions for. You should be able to use almost any router.
I have used SMC, Netgear and Linksys.
If you wanted more than one computer to "tunnel" at the same time, you
might need to be cautious, but the Linksys and SMC will at least do two
simultaneously.

#1 is simple, people do it all the time without even considering how
difficult it may or may not be.




2:
You want to connect your wirless laptop to a VPN "somewhere" so that the
wireless portion of your connection is more secure.
hotspotvpn offers such as service for $8.99 per month.

3:
You want to connect from the internet to your home, using VPN (a home
version of what a lot of people do toward work). Jeff suggests some real
equipment. SMC offers some <$100 routers that act as VPN endpoints.
WinXP-SP2 might work on the home server.

4:
You want to connect wirelessly from your laptop to you router, as a way of
securing the wireless portion of the connection. Dunno. I think the SMC
might do that.

5:
You want your router to establish the VPN connection to some other place,
so that everything on your network is on the same VPN as the network at the
remote end. Sonicwall.

---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5
Anonymous
a b F Wireless
November 19, 2004 2:58:39 AM

Archived from groups: alt.internet.wireless (More info?)

Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:

> Oh cool. An update to fix what XP SP2 broke:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;818043

Although that's dated November 12, 2004, the elements of it seem to be
included with WinXP-SP2. They offer a download for Win2000, and a pointer
to the WinXP-SP2 as a way to implement the changes.

The binaries that are listed are dated April 2003.

---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5
Anonymous
a b F Wireless
November 19, 2004 1:16:08 PM

Archived from groups: alt.internet.wireless (More info?)

On Thu, 18 Nov 2004 23:58:39 +0000 (UTC),
dold@XReXXadslX.usenet.us.com wrote:

>Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:
>
>> Oh cool. An update to fix what XP SP2 broke:
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;818043
>
>Although that's dated November 12, 2004, the elements of it seem to be
>included with WinXP-SP2. They offer a download for Win2000, and a pointer
>to the WinXP-SP2 as a way to implement the changes.
>
>The binaries that are listed are dated April 2003.

Oops and thanks. I didn't have time to take it apart. Note that this
is revision 15 of the VPN update. I was hopeing that this was a fix
for some of the VPN related oddities I was having with XP SP2, but
apparently not. MS did fix the loopback problem:
http://support.microsoft.com/default.aspx?kbid=884020
but I was still seeing some weird problems. Meanwhile, at least two
vendors have issued updates to their VPN clients that seem to have
fixed or bypassed the problem, so I'm not sure it was all XP SP2
fault.
http://www.peterprovost.org/archive/2004/08/12/1754.asp...



--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
Anonymous
a b F Wireless
November 20, 2004 10:22:43 PM

Archived from groups: alt.internet.wireless (More info?)

Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:
>>> Oh cool. An update to fix what XP SP2 broke:
>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;818043

> Oops and thanks. I didn't have time to take it apart. Note that this
> is revision 15 of the VPN update. I was hopeing that this was a fix

I encountered a dreadful slowdown, useless system, on Win2000 with Nortel
Contivity VPN client after applying MS04-11
http://support.microsoft.com/default.aspx?kbid=841382
This would happen any time I made certain changes to TCP, like adding a new
WiFi card. I could cure it by uninstalling and reinstalling Contivity, but
that sometimes took an hour, the system was so slow.

When I read the workaround, I thought that they were suggesting that I
disable VPN, but on second read, I think it might not have disabled
Contivity, which was the only VPN or IPSec that I was using.
Too late though. I applied the hotfix, which cured the slowdown, but now I
could not renew an address when changing wired networks. I had to reboot.

I tried reloading win2000, but the release/renew problem still was there,
so I upgraded tow WinXP. Actually I did a fresh install. The Contivity
client continued to work, right through SP2.

I haven't used anything but Contivity on SP2. I had previously used
SonicWall, Checkpoint, Cisco and "standard" Windows IPSec on Win2000.

I've been tinking about using my SMC as a VPN endpoint to come back "home"
while on the road, but I see that it has IPSec and PPTP. I saw you mention
PPTP in ill manner in this thread. I wonder why? I think that's what we
used on the Sonicwall, linking the different offices together, with
Sonicwall in each office.
http://www.smc.com/files/AH/7004WFW_VPN_QIG_US.pdf

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5
Anonymous
a b F Wireless
November 21, 2004 1:15:25 PM

Archived from groups: alt.internet.wireless (More info?)

On Sat, 20 Nov 2004 19:22:43 +0000 (UTC),
dold@XReXXadslX.usenet.us.com wrote:

>I've been tinking about using my SMC as a VPN endpoint to come back "home"
>while on the road, but I see that it has IPSec and PPTP.

Model number please? The SMC Barricade Plus series will terminate
either an IPSec or PPTP tunnel and qualifies as a "VPN router".

>I saw you mention
>PPTP in ill manner in this thread. I wonder why?

Even Microsloth no longer supports PPTP and switched to first pushing
L2TP and then IPSec. I still service some legacy NT4 servers
terminating a PPTP VPN. Mysterious hangs, lousy performance, failure
to release IP addresses on disconnect, and other oddities are my main
issues. There were also some problems with PPTP hanging when bringing
up programs that access the ethernet card. I guess(tm) that the
security PPTP offers is good enough, but probably not up to current
standards. The only reason anyone uses it is that the client comes
free with older Windoze mutations. Not recommended.

>I think that's what we
>used on the Sonicwall, linking the different offices together, with
>Sonicwall in each office.
>http://www.smc.com/files/AH/7004WFW_VPN_QIG_US.pdf

Yeah, that's it. No personal experience with the box. PPTP has the
advantage in that the older Windoze mutations have a PPTP client
included. It appears that you can mix different types of VPN types
with the Barricade Plus. Sonicwall SOHO and TELE boxes do only IPSec,
so you may have been using a mixture. Dunno.

If you have a Barricade Plus router, methinks it should work just fine
for calling home securely. However, I would suggest you use IPSec
instead of PPTP.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
!