SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Security > VPN

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 04-14-2012, 04:09 PM
mightylothar mightylothar is offline
New Member
 
Join Date: Apr 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
mightylothar is just starting out
Default VPN inside a VPN?

Hi all,

Loving the community here at Small Net Builder and all the sage advice that fills the forums.

I am fairly new to the world of VPN and am looking to set up a secure link between a few mobile users' laptops and our new Synology so that they can access files.

I know that Synology has a built in VPN server and I could forward the ports on our router but I am not sure if this is the most secure way to go about things. I am wondering if it would be a better idea to put a purpose built firewall such as the Cisco RV220W in place to establish the VPN connection to the Synology.

The connection to the Synology NAS would look like this:
Laptop(WAN) - Cable Modem - CiscoRV220W - Synology

I've love feedback on how folks establish a secure connection to their workplace. Is the SynologyVPN secure enough? If I put the Cisco in place do I use both it's VPN and the Synology's VPN?

Thanks all!
Reply With Quote
  #2  
Old 04-25-2012, 10:45 PM
dougsk dougsk is offline
New Member
 
Join Date: Jul 2011
Location: Post Falls, ID
Posts: 8
Thanks: 0
Thanked 1 Time in 1 Post
dougsk is just starting out
Default

well I guess it depends, like all things, but it is an either or, but not both situation

I'm not familiar with the synology unit but you'll want to see what practical limits they have if they don't have license limits. the rv220w definitely has license limits.

the rv220w license limits

25 quick vpn clients
5 ssl vpn tunnels
10 pptp tunnels, netbios will work here.

PPTP will be the weakest encryption protocol here, but also the most compatible, with linux, mac, windows clients. The issue becomes when there are more than one remote users behind a the same remote nat device both trying to tunnel pptp, then most of the remote routers will largely silently kill off the second users session because they only support one concurrent pptp session, many support NONE!

ssl vpn makes that problem go away, however if you're looking for Layer 2 traffic you'll not get it over an ssl vpn.

quickvpn, I only have passing familiarity with, from what I can tell, it somewhat resembles L2TP from Microsoft, eg IPSEC only with usernames and passwords. I'm going to bet you'll have the same issue with it (eg only one user per remote site) as you would with pptp, but if it truly does behave like L2TP then you will get some L2 protocol stuff like netbios or appletalk, if you need that. You'd also get L2 information from a pptp client.

You'll have to be careful not to configure both if you do decide to use the synology, cause most routers have a difficult time forwarding ip protocol 47 and GRE packets back, as pptp VPN doesn't just use TCP/UDP, but if they are configured to work as a pptp endpoint, then they will never pass back the GRE information to the synology unit, and you'll wonder why the vpn doesn't work. Good luck.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 05:00 PM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  366
stevech  156
KGB7  124
Kel-L  100
sfx2000  98
sinshiva  93
azazel1024  93
john9527  81
fistv  71
hggomes  68
RMerlin  5597
stevech  329
ryzhov_al  266
TeHashX  217
L&LD  192
RogerSC  190
sinshiva  143
joegreat  127
jlake  122
sfx2000  121
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  78022
Old Asuswrt-Merli...  46380
Old [Fork]...  19881
Old Asus locking...  10331
Old ASUS...  8273
Old Incoming...  8023
Old Share What...  3880
Old Asuswrt-Merli...  3353
Old Asuswrt-Merli...  3020
Old Thinking of...  2153
Old Asuswrt-Merli...  393
Old Asuswrt-Merli...  212
Old [Fork]...  136
Old Asus locking...  125
Old Connection...  54
Old [HOW TO]...  50
Old ASUS...  49
Old Incoming...  44
Old 376.44 -...  40
Old Use the same...  35


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.