SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Security > VPN

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 04-14-2012, 04:09 PM
mightylothar mightylothar is offline
New Member
 
Join Date: Apr 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
mightylothar is just starting out
Default VPN inside a VPN?

Hi all,

Loving the community here at Small Net Builder and all the sage advice that fills the forums.

I am fairly new to the world of VPN and am looking to set up a secure link between a few mobile users' laptops and our new Synology so that they can access files.

I know that Synology has a built in VPN server and I could forward the ports on our router but I am not sure if this is the most secure way to go about things. I am wondering if it would be a better idea to put a purpose built firewall such as the Cisco RV220W in place to establish the VPN connection to the Synology.

The connection to the Synology NAS would look like this:
Laptop(WAN) - Cable Modem - CiscoRV220W - Synology

I've love feedback on how folks establish a secure connection to their workplace. Is the SynologyVPN secure enough? If I put the Cisco in place do I use both it's VPN and the Synology's VPN?

Thanks all!
Reply With Quote
  #2  
Old 04-25-2012, 10:45 PM
dougsk dougsk is offline
New Member
 
Join Date: Jul 2011
Location: Post Falls, ID
Posts: 8
Thanks: 0
Thanked 1 Time in 1 Post
dougsk is just starting out
Default

well I guess it depends, like all things, but it is an either or, but not both situation

I'm not familiar with the synology unit but you'll want to see what practical limits they have if they don't have license limits. the rv220w definitely has license limits.

the rv220w license limits

25 quick vpn clients
5 ssl vpn tunnels
10 pptp tunnels, netbios will work here.

PPTP will be the weakest encryption protocol here, but also the most compatible, with linux, mac, windows clients. The issue becomes when there are more than one remote users behind a the same remote nat device both trying to tunnel pptp, then most of the remote routers will largely silently kill off the second users session because they only support one concurrent pptp session, many support NONE!

ssl vpn makes that problem go away, however if you're looking for Layer 2 traffic you'll not get it over an ssl vpn.

quickvpn, I only have passing familiarity with, from what I can tell, it somewhat resembles L2TP from Microsoft, eg IPSEC only with usernames and passwords. I'm going to bet you'll have the same issue with it (eg only one user per remote site) as you would with pptp, but if it truly does behave like L2TP then you will get some L2 protocol stuff like netbios or appletalk, if you need that. You'd also get L2 information from a pptp client.

You'll have to be careful not to configure both if you do decide to use the synology, cause most routers have a difficult time forwarding ip protocol 47 and GRE packets back, as pptp VPN doesn't just use TCP/UDP, but if they are configured to work as a pptp endpoint, then they will never pass back the GRE information to the synology unit, and you'll wonder why the vpn doesn't work. Good luck.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 10:40 AM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  365
john9527  150
azazel1024  119
stevech  114
htismaqe  103
sfx2000  78
L&LD  76
TonyH  68
AndreyPopov  53
ColinTaylor  52
RMerlin  6027
john9527  377
stevech  350
ryzhov_al  279
TeHashX  233
L&LD  232
RogerSC  199
sinshiva  147
sfx2000  133
joegreat  126
Most Viewed Threads* Hottest Threads*
Old Shellshock...  27638
Old Asuswrt-Merli...  14512
Old Brainstorming...  2302
Old Looking for...  2082
Old RT-AC68P  2065
Old Advice on...  1919
Old RT-AC68U...  1480
Old Asus...  1454
Old Issues...  1379
Old AC-68...  1322
Old Asuswrt-Merli...  118
Old Advice on...  48
Old Brainstorming...  47
Old Looking for...  35
Old Shellshock...  31
Old Stable...  25
Old Issues...  25
Old WiFi Rates  23
Old RT-AC68U...  22
Old Belkin Pre-N...  21


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.