First time on VPN, What to watch out for?

[dloranger]

Hey guys, I'm a fan of tomshardware forums since a while and today, I figured I would post since I had a question which is probably not easy to answer.. :?

I got a customer who wants me to configure a VPN tunnel between his new restaurant and his old one. He has a software which runs from a server on his old site, and he want his new restaurant to be part of the same network. He has a nice cable connection (up to 10 Mbps here 8) ) on both sides with a static IP adress for each site. I'm guessing this is a dream scenario, but what do I have to start with, which gear should I buy and how many of them and is there anything I should watch for?

I'm looking for the FVS318 atm, Is it the right model, If not, which would be better for this situation? 8O

 

[blue68f100]

The 318 are pretty slow. You want a router with some cpu power to be doing the 3des and auth. The 318 does not have it, it would be like dial up.

I have done VPN router to router using netgears FVS328 and FVS338. This would be the easiest thing to set up. But if you are moving lots of data, move up to a minimum FVS338 or to the highend FVS538. For me the VPN wizzard worked the first time.

I'm using beta firmware in my 338. The 338 and 538 come with client software. So if a single pc need to connect it's pretty painless. I use the client software to connect to my network when away from home.

 

[dloranger]

What spec should I look at to know how fast it is processing data off the network? What if I only have like 5 terminals on my new site?

 

[blue68f100]

If you only have terminals you are going to need to set up a router on that end.

The big thing on VPN is the uplink speed generally is the governing factor.

If you look at the specs in detail you should see a reference to the cpu. Netgear uses a Intel Xscale processor, don't recall the the speed (400mhz?). On the 538 model it is a deciated processor for handling the VPN 3DES only. It has another one for doing the router functions. I think it has a 64 meg of ram + 32 meg flash. As with any security is only as strong as the key. The Netgear uses a 48 chr key. Alway use max. It also has a dual gig WAN port, for roll over or load ballancing.

Netgear post there specs. Some mfg do not.

 

[atarione]

The 318 are pretty slow. You want a router with some cpu power to be doing the 3des and auth. The 318 does not have it, it would be like dial up.

I have done VPN router to router using netgears FVS328 and FVS338. This would be the easiest thing to set up. But if you are moving lots of data, move up to a minimum FVS338 or to the highend FVS538. For me the VPN wizzard worked the first time.

I'm using beta firmware in my 338. The 338 and 538 come with client software. So if a single pc need to connect it's pretty painless. I use the client software to connect to my network when away from home.

hi and not to derail the orig posters thread or anything... but I have a question about the prosafe routers... I looked at the users manual and for road warrior type things it only talks about clients connecting to the VPN via netgears own VPN client software? Do you know if you can connect to one of these using windows native VPN client?



and noting of course that since he is talking about Site to Site VPN it doesn't probably matter to the orig poster.


for my part I have a old PC running monowall w/ radius authentification for my VPN back to my house.... works real nicely

 

[blue68f100]

Yes you can use MS vpn software but it's a total nightmare to configure. With there client software it's a 5 min job.

I was a beta tester for Netgear for the new firmware for the 338. They have finaly got some real nice package. The VPN setup's were easy. the wizard worked the first time.

 

[dloranger]

Do I really need a higher model or would the low-end do the job.. these are only to take orders in a restaurant, there are gonna be like 5 of them. My second question would be about configuration , when you are talking about the wizard, is in on the router interface webpage? or is it on a CD-rom?

 

[blue68f100]

I would at least go with the FVS338 model. They sell for 200-300, less on ebay. I have beta software v2 which is alot better than v 1.6. Netgear tech support will send you instructions for using MS VPN, it about 3 pages long. But I would highly recomend using the VPN Client Software. It will cut your setup time from 1hr to less than 5 min. The clinet software sells for around $40/ liscen. The 338 will come with 1 copy.

The wizzard is on the router. Takes less than 2 min to setup.

 

[dloranger]

that sounds great although incredibly cheap of them to sell their client software.. wtf!

anything else i should know?

 

[blue68f100]

Not that I can think of.

 

[dloranger]

I really need to clarify the installation process before I order those..

Do I need 2 routers? Or Can i simply install 1 router on my main site and use Ms clients to connect to this main site where my server is? If i need 2 routers, do I run the wizard on both routers? I'm trying to figure out why do i need 2 routers if i also need clients. There is gonna be a wireless access point for customers to use while they are having dinner, is it gonna work with a vpn router?

 

[blue68f100]

If you go the 2 router setup, the remote/main site will look and conect like it's a local drive, mapped network drive. No software will be required on the PC, making it a easier setup. From a admin side this is easier. You can have remote admin active on the routers and do the setup remotely. I did this while I was testing different setups. If you go the 1 router & client software you have to setup each pc. Each will have to be auth. It all depends on how much work you want to do, and how seamless you want it for you client.

 

[dloranger]

What if there is 2 routers, and I add a wireless access point or router on top of that, will my network be in danger? If i go with clients only, I only have to configure them to connect to the public ip of my other site?

 

[blue68f100]

All depends weather you set the AP to a different subnet. If you isolate the the ap on a seperate sub net, your network will not show or have access, if done right. If you have 2 IP address you could split up the network and not have the risk. Go through a switch to 2 routers. 1 Public 1 Private.
But as with all wireless comes security risk. I was able to access the web with my vpn up. But there are way to block access.

 

[dloranger]

Well I only have 1 IP, so If I set up 1 router at my remote location, my terminals will have access to the server, but will my AP ( that is connected to that same router ) will have access to the internet? What I wanna understand is : When I configure a router to router vpn, does that route every traffic to the other network?