SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Security > VPN

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 04-14-2012, 04:09 PM
mightylothar mightylothar is offline
New Member
 
Join Date: Apr 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
mightylothar is just starting out
Default VPN inside a VPN?

Hi all,

Loving the community here at Small Net Builder and all the sage advice that fills the forums.

I am fairly new to the world of VPN and am looking to set up a secure link between a few mobile users' laptops and our new Synology so that they can access files.

I know that Synology has a built in VPN server and I could forward the ports on our router but I am not sure if this is the most secure way to go about things. I am wondering if it would be a better idea to put a purpose built firewall such as the Cisco RV220W in place to establish the VPN connection to the Synology.

The connection to the Synology NAS would look like this:
Laptop(WAN) - Cable Modem - CiscoRV220W - Synology

I've love feedback on how folks establish a secure connection to their workplace. Is the SynologyVPN secure enough? If I put the Cisco in place do I use both it's VPN and the Synology's VPN?

Thanks all!
Reply With Quote
  #2  
Old 04-25-2012, 10:45 PM
dougsk dougsk is offline
New Member
 
Join Date: Jul 2011
Location: Post Falls, ID
Posts: 8
Thanks: 0
Thanked 1 Time in 1 Post
dougsk is just starting out
Default

well I guess it depends, like all things, but it is an either or, but not both situation

I'm not familiar with the synology unit but you'll want to see what practical limits they have if they don't have license limits. the rv220w definitely has license limits.

the rv220w license limits

25 quick vpn clients
5 ssl vpn tunnels
10 pptp tunnels, netbios will work here.

PPTP will be the weakest encryption protocol here, but also the most compatible, with linux, mac, windows clients. The issue becomes when there are more than one remote users behind a the same remote nat device both trying to tunnel pptp, then most of the remote routers will largely silently kill off the second users session because they only support one concurrent pptp session, many support NONE!

ssl vpn makes that problem go away, however if you're looking for Layer 2 traffic you'll not get it over an ssl vpn.

quickvpn, I only have passing familiarity with, from what I can tell, it somewhat resembles L2TP from Microsoft, eg IPSEC only with usernames and passwords. I'm going to bet you'll have the same issue with it (eg only one user per remote site) as you would with pptp, but if it truly does behave like L2TP then you will get some L2 protocol stuff like netbios or appletalk, if you need that. You'd also get L2 information from a pptp client.

You'll have to be careful not to configure both if you do decide to use the synology, cause most routers have a difficult time forwarding ip protocol 47 and GRE packets back, as pptp VPN doesn't just use TCP/UDP, but if they are configured to work as a pptp endpoint, then they will never pass back the GRE information to the synology unit, and you'll wonder why the vpn doesn't work. Good luck.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 09:04 AM.

Top 10 Stats
Top Posters* Top Thanked
RMerlin  315
L&LD  159
thelonelycode...  144
stevech  141
azazel1024  103
KGB7  64
Adamm  64
speedingcheet...  57
jim769  56
TeHashX  55
RMerlin  4368
stevech  270
ryzhov_al  199
TeHashX  191
RogerSC  164
L&LD  163
joegreat  104
jlake  98
PrivateJoker  93
sinshiva  85
Most Viewed Threads* Hottest Threads*
Old Beta Version...  16985
Old ASUS...  16246
Old Asuswrt-Merli...  16088
Old 'Heartbleed'...  12224
Old Potential...  7522
Old Groundhog...  5946
Old Asus-Merlin...  5796
Old Linksys...  4538
Old Linksys...  4470
Old [TUTORIAL]...  2660
Old Asuswrt-Merli...  146
Old Beta Version...  112
Old Linksys...  104
Old Potential...  98
Old ASUS...  93
Old Groundhog...  49
Old Asus router...  43
Old [TUTORIAL]...  39
Old Asus-Merlin...  35
Old 'Heartbleed'...  33



Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.