SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Security > VPN

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 04-14-2012, 04:09 PM
mightylothar mightylothar is offline
New Member
 
Join Date: Apr 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
mightylothar is just starting out
Default VPN inside a VPN?

Hi all,

Loving the community here at Small Net Builder and all the sage advice that fills the forums.

I am fairly new to the world of VPN and am looking to set up a secure link between a few mobile users' laptops and our new Synology so that they can access files.

I know that Synology has a built in VPN server and I could forward the ports on our router but I am not sure if this is the most secure way to go about things. I am wondering if it would be a better idea to put a purpose built firewall such as the Cisco RV220W in place to establish the VPN connection to the Synology.

The connection to the Synology NAS would look like this:
Laptop(WAN) - Cable Modem - CiscoRV220W - Synology

I've love feedback on how folks establish a secure connection to their workplace. Is the SynologyVPN secure enough? If I put the Cisco in place do I use both it's VPN and the Synology's VPN?

Thanks all!
Reply With Quote
  #2  
Old 04-25-2012, 10:45 PM
dougsk dougsk is offline
New Member
 
Join Date: Jul 2011
Location: Post Falls, ID
Posts: 8
Thanks: 0
Thanked 1 Time in 1 Post
dougsk is just starting out
Default

well I guess it depends, like all things, but it is an either or, but not both situation

I'm not familiar with the synology unit but you'll want to see what practical limits they have if they don't have license limits. the rv220w definitely has license limits.

the rv220w license limits

25 quick vpn clients
5 ssl vpn tunnels
10 pptp tunnels, netbios will work here.

PPTP will be the weakest encryption protocol here, but also the most compatible, with linux, mac, windows clients. The issue becomes when there are more than one remote users behind a the same remote nat device both trying to tunnel pptp, then most of the remote routers will largely silently kill off the second users session because they only support one concurrent pptp session, many support NONE!

ssl vpn makes that problem go away, however if you're looking for Layer 2 traffic you'll not get it over an ssl vpn.

quickvpn, I only have passing familiarity with, from what I can tell, it somewhat resembles L2TP from Microsoft, eg IPSEC only with usernames and passwords. I'm going to bet you'll have the same issue with it (eg only one user per remote site) as you would with pptp, but if it truly does behave like L2TP then you will get some L2 protocol stuff like netbios or appletalk, if you need that. You'd also get L2 information from a pptp client.

You'll have to be careful not to configure both if you do decide to use the synology, cause most routers have a difficult time forwarding ip protocol 47 and GRE packets back, as pptp VPN doesn't just use TCP/UDP, but if they are configured to work as a pptp endpoint, then they will never pass back the GRE information to the synology unit, and you'll wonder why the vpn doesn't work. Good luck.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 12:58 PM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  341
sm00thpapa  232
stevech  185
azazel1024  155
KGB7  138
htismaqe  83
jim769  83
philmiami  76
AcostaJA  69
ColinTaylor  59
RMerlin  5085
stevech  315
ryzhov_al  250
TeHashX  209
RogerSC  187
L&LD  186
joegreat  123
jlake  122
sfx2000  111
sinshiva  111
Most Viewed Threads* Hottest Threads*
Old ASUS RT-N66U...  23913
Old NETGEAR...  13020
Old Switched...  7597
Old 3.0.0.4.376.1...  6752
Old NEW RT-AC68R...  6629
Old ASUS...  6034
Old ASUS RTAC68U...  3519
Old Netgear...  3320
Old ASUS...  3173
Old N66U daily...  2856
Old ASUS RT-N66U...  169
Old NETGEAR...  161
Old Switched...  65
Old NEW RT-AC68R...  56
Old ASUS...  51
Old N66U daily...  47
Old Which router...  41
Old Netgear...  41
Old ASUS RTAC68U...  41
Old TP-Link...  38


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.