Recommend home hardware-based VPN solution?

Topic

New Reply

Do any of you have a recommendation for a hardware based VPN appliance for a home office network (and perhaps an associated 64 bit windows 7 client)? I don’t want to keep a PC on 24 X 7 and would like to find a VPN alternative.

My home network is behind a DSL Actiontec Q1000 modem that supports pass-through for IPSec, PPTP and L2TP. I have 20 meg down / 5 meg up speeds. The WAN IP address can change so I use dyndns to have a domain that I can use to access the WAN IP address. NAT, with private addressing, is used behind the DSL modem for the LAN.

I’m looking for a hardware based appliance (server) that will work with this network. I would like to plug it in to the LAN, have it request a private IP address from the DHCP server running in the DSL modem, and then be an active LAN device.

With this up and running I would like to be able to take my 64 bit windows 7 laptop to any location via a wired LAN or wireless hot spot and run the client VPN software to set up an encrypted link to the home VPN appliance. Once connected, the PC should then be able to request an IP address from the DHCP server in the modem and act as a local device on the home office LAN with great throughput.

I really don’t need a firewall, virus or intrusion detection, web filtering, or any other type of security functionality. Since this will only support one or two connections, virtually all of what I have seen is very pricey and a huge overkill from what I need.

Anyone have any recommendations or suggestions? Thanks for taking the time to read…

Reply | Quote

Replies

VPN isn’t a replacement for a PC 24×7, it’s a means of getting to that PC without anyone else snooping. Any hardware device that is a VPN endpoint and has a file sharing mechanism won’t be cheap.
The easiest may be an old PC running Ubuntu or other Linux, or use a router with VPN a endpoint to access the home server.

cheers, Paul

Reply | Quote

I have several of the following in service that have been solid for a couple of years…….

http://www.cisco.com/en/US/products/ps9925/index.html

This is a router that will create a site-to-site (or a client-to-site using the included vpn client software) VPN. It does not have any file sharing capabilities, that would be on a NAS or PC on the network behind this router.

Reply | Quote

Thanks Paul – I’m not really looking to connect to any PC on my home network. I really want access to the 3 printers that I have as well as to use the existing network filtering that is part of my current modem configuration.

That said it looks like ‘mercyh’ has a good suggestion. Cisco has 3 options, RVL200, RVS4000, and RV042. Doing a side by side comparison shows they all use the Cisco QuickVPN Client. I’ll have to nail down the differences and go with one of these.

Thanks for the info…

Reply | Quote

See this link for a list of routers, capacities, capabilities. Check the VPN box to show only VPN-capable routers. Super info source for routers.

http://www.smallnetbuilder.com/index.php?option=com_chart&Itemid=167

Reply | Quote

With this up and running I would like to be able to take my 64 bit windows 7 laptop to any location via a wired LAN or wireless hot spot and run the client VPN software to set up an encrypted link to the home VPN appliance. Once connected, the PC should then be able to request an IP address from the DHCP server in the modem and act as a local device on the home office LAN with great throughput.

The caveat to what you are looking to do is that your speeds are dependent on the slowest link on your connection. Say you are at a hotspot that’s only performing at 802.11b. You will get that speed, not the “great throughput” that you are expecting, even though you have a virtual connection to your network. If you want to take advantage of the speed on your LAN, then setup a Win7 PC and make an RDP connection to the desktop. Then you will truly be on your own network. The drawback to that is that it is not your laptop.

Reply | Quote

The caveat to what you are looking to do is that your speeds are dependent on the slowest link on your connection. Say you are at a hotspot that’s only performing at 802.11b. You will get that speed, not the “great throughput” that you are expecting, even though you have a virtual connection to your network. If you want to take advantage of the speed on your LAN, then setup a Win7 PC and make an RDP connection to the desktop. Then you will truly be on your own network. The drawback to that is that it is not your laptop.

Very true, you will find that the “great throughput” is limited by the VPN overhead also. With an RDP connection you are only sending screen refreshes and keystrokes. This is much different then trying to open a data file across the internet. I am very sure that you will not be happy with the performance of opening a spreadsheet or document across even a 3mb connection which you will rarely find at a hotspot.

Opening an RDP port directly to the internet is not a good idea security wise so if you decide to go this route I would recommend something like Logmein. http://www.logmein.com

The logmein option requires no special hardware, just an install of their software on the machine you are connecting too.

Reply | Quote

There is also TeamViewer.
http://www.teamviewer.com

cheers, Paul

Reply | Quote

Several years ago, DD-WRT software on a Linksys WRT54G router supported VPN access. If I remember right, there were a couple of VPN protocols supported.

Hope this helps.

Mike

Reply | Quote

I purchased a Netgear FVS318v3 and used the 30 day evaluation copy of their ProSafe VPN client. I was able to get the VPN to connect but was unable to ping anything. I originally used the 192.168.0.x network via NAT with my Actiontec. I spent many days and hours of time each day with tech support. They successfully did a site to site VPN between FVS318s and that worked fine. They had full access to manage my router and configure everything. But no ping capability. They had me change my internal network to the 10.x.x.x and still no ping.

After several weeks of tech support I tried TheGreenBow IPSec VPN evaluation client and followed their tutorial for the 318 configuration. The VPN connected and still unable to ping any devices. Netgear had me try ‘beta’ firmware and that made no difference either. Netgear escalated it to their engineering group and my 30 day free return time was fast approaching. After calling tech support and finding the ticket still open with engineering I returned the router and software for a refund. I wasted dozens of hours and many days with their tech support with no success.

With this router I had to put my Actiontec Q1000 into bridge mode so I was unable to use the built in 4 port gig switch, firewall, QoS, and wireless functions that the Actiontec supports. The 318 had to make the connection to the ISP and got the WAN address. I’m not looking for this type of solution. So I reconfigured my DSL modem back to the prior config and am now using the 192.168.0.x network again.

I would like to find a simple appliance I can just plug into my network, have it receive a DHCP address (192.168.0.x) from the Actiontec and then I can put that in the DMZ or configure the necessary port forwarding to support incoming VPN requests (the Actiontec allows for a DMZ and will do all the port forwarding). I would then like to make a VPN connection to this device from my remote PC and receive a DHCP address from my 192.168.0.x network so it appears as just another device on my home office network. Then I can use all my printers and use the default gateway for all my outbound web traffic that would be filtered through openDNS. I would also have access to all the PCs and server on the network.

I already use LogeMeIn, VNC, and Teamviewer to access a specific PC, but that does not provide the network connectivity I’m after. I know there are PC based software solutions, Windows 7 internal VPN, OpenVPN, tinc, etc. I am not particularly looking for a PC software based solution. I did try configuring a Windows 7 VPN since I have 64 bit Windows 7 professional on both remote and office PCs, but kept getting different errors when I tried to connect.

Any other ideas on a hardware solution that will allow me to maximize the use of my DSL modem and provide the network connectivity I desire?

Reply | Quote

I have been looking at the D-Link DIR-130 and the manual has a section on “Connect to Another Router” where they provide the instructions on how to connect the 130 to another router or switch. However it says that “The LAN ports on the router cannot accept a DHCP address from your other router.” So I’m suspicious that any device plugged into the remaining 7 LAN ports (the WAN port is not used in this setup) would require static addresses in order to work.

They do not provide an evaluation copy of their VPN client. Looks like thegreenbow client will work. Anyone with experience using the DIR-130 as a possible solution?

Reply | Quote

Ruler, (and or others), did you get your Q1000 DSL modem and Cisco RVS4000 installed and setup for your network? I would like to do the same and also need to setup a VPN and use DynDNS. I am also thinking about adding a Cisco WAP4410N. Would anyone have any input on the details of setting these up for use with my network?

Thank ! ! !

Rodney

Reply | Quote

Hi Rodney,

I called Cisco pre-sales and they suggested I purchase a specific router. When it arrived and didn’t work I called Cisco tech support and was told the device will not work the way I wanted. I explained I had asked the presales person THREE times what I needed in the way of functionality and was told each time that it would work. NOT!

I’ve purchased 3 different vendor’s products and had to return all of them within 30 days for full refunds. I have been unable to find any product that will meet my needs.

Come on guys – I know networks. I understand bandwidth limitations, RDP, VNC, Teamviewer, LogMeIn, VPN service providers, etc. I don’t want to have a PC on 24X7 that I have to connect through. I just want a network to network connection where my remote PC can VPN into my home office network, get a DHCP address, and function as though it was sitting right on the network. I have been unable to find a solution.

Sorry Rodney – no success yet for me 🙁

Reply | Quote

There is also TeamViewer.
http://www.teamviewer.com

cheers, Paul

I am also thinking the same

Reply | Quote

Have you looked at the Sonicwall productss. I use one years ago for vpn and didn’t have an issue.

Reply | Quote

Out of frustration I haven’t done anything with this for quite some time. Thanks to the last comment from hodget I found a SonicWALL TZ100. After getting it installed and correctly configured I can use the included SSL-VPN NetExtender software. It supports 1 SSL VPN. That address is connection based so I can install NetExtender on any of my remote devices but can only use 1 at a time, unless I want to opt for another license for 2 concurrent sessions. I also have it configured to TunnelAll. When I run NetExtender, I get connected to my home office network, get an assigned address from that network (192.168.0.x) and all my internet traffic flows through my home DSL network.

It works like a dream and allows me to connect to every device I have on my home network. Finally I’ve found the perfect solution to solve the requirements I have. Though I had to put my DSL modem in tunnel mode and am unable to use any of its features, I found a great refurbished ‘n’ wireless router for $29.99 that supports all the wireless modes so that takes care of my wireless devices.

Because CenturyLink changes my WAN IP address fairly frequently, I opted to pay for 1 dedicated IP address that allows me to always have the same address as opposed to using DynDNS on a running PC to access the TZ100 when they had changed the address.

FINALLY everything work great!!!

Thank you for everyone’s suggestions and ideas. Problem solved…

Reply | Quote