I have 3 sites, which one with Linksys befsx41 routers and I’m trying to connect all of them, by vpn tunnels, to another site that have one router that don’t support ipsec vpn (usr 9003).
Like I have an windows 2003 server, I think that if I install one ipsec vpn client (it can’t be the native ipsec pol because the public ip’s [I use DynDns] of the routers are dynamic) I will resolve the problem.
The problem is that I don’t know which client to use. I already tried the ssh sentinel, but it is incompatible with windows 2003 server.
Really? I've always used my domain to connect instead of IP (I also have a dyndns account and a dynamic public IP). Course I've only done PPTP computer to site connections w/ windows.
Is there a different way to make an ipsec connection other than the new connection wizard?
I have too my Windows 2003 server accepting PPTP vpn conections and works very well.
The problem is how to connect the 4 sites if 3 of them only support IPSEC vpn (linksys befsx41). If you watch to this step by step configuration of Linksys
you will see that on vpn tunnel only support entries of ips and not domains.
One question that I have is: in main menu of linksys configuration have the possibility of PPTP and L2TP. How this work if the router don’t have modem? Where is maked the connection? If it connect by PPTP will rotate at the same time the internet connection?
The objective is connect the 4 sites don't metter if it is pptp, l2tp/ipsec or IPsec... and rotate internet in all of them.
Ahh, it makes much more sense now. That link is a keeper
My vpn knowlege is fairly limited (obviously) but I was under the impression that PPTP and L2TP were mainly for computer to site connections not site to site connections.
I took a look at the manual for that befsx41 and it shows an option to change the remote security group to host and the remote security gateway to FQDN (pg 43). That would let you set a domain name instead of IP on the linksys. If yours doesn't have that option maybe there is a new firmware version avaliable that adds it.
If 3 sites have a befsx41 you might as well get a 4th for the last site and interconnect them with those. Have one host the tunnels and the others connect to it.
If you have the dynamic dns setup on the linksys to update to your dyndns account the tunnels should reconnect seemlessly when the IP changes at either end.
At this point it may be costing more to try and make the software work rather than just buying the linksys and having it work. That router is only like $60, that would be well worth the price tag to have your VPNs work and be reliable/stable.
I cant think of any sort of VPN server/client for Serv2k3 that can do a site-to-site connection for free. The only option I can see if you want to avoid buying a linksys would be to setup a linux box on an old junky computer. There are all sorts of VPN solutions avaliable for linux. Though I can guarentee you it wont be easy