SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Security > VPN

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 04-14-2012, 04:09 PM
mightylothar mightylothar is offline
New Member
 
Join Date: Apr 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
mightylothar is just starting out
Default VPN inside a VPN?

Hi all,

Loving the community here at Small Net Builder and all the sage advice that fills the forums.

I am fairly new to the world of VPN and am looking to set up a secure link between a few mobile users' laptops and our new Synology so that they can access files.

I know that Synology has a built in VPN server and I could forward the ports on our router but I am not sure if this is the most secure way to go about things. I am wondering if it would be a better idea to put a purpose built firewall such as the Cisco RV220W in place to establish the VPN connection to the Synology.

The connection to the Synology NAS would look like this:
Laptop(WAN) - Cable Modem - CiscoRV220W - Synology

I've love feedback on how folks establish a secure connection to their workplace. Is the SynologyVPN secure enough? If I put the Cisco in place do I use both it's VPN and the Synology's VPN?

Thanks all!
Reply With Quote
  #2  
Old 04-25-2012, 10:45 PM
dougsk dougsk is offline
New Member
 
Join Date: Jul 2011
Location: Post Falls, ID
Posts: 8
Thanks: 0
Thanked 1 Time in 1 Post
dougsk is just starting out
Default

well I guess it depends, like all things, but it is an either or, but not both situation

I'm not familiar with the synology unit but you'll want to see what practical limits they have if they don't have license limits. the rv220w definitely has license limits.

the rv220w license limits

25 quick vpn clients
5 ssl vpn tunnels
10 pptp tunnels, netbios will work here.

PPTP will be the weakest encryption protocol here, but also the most compatible, with linux, mac, windows clients. The issue becomes when there are more than one remote users behind a the same remote nat device both trying to tunnel pptp, then most of the remote routers will largely silently kill off the second users session because they only support one concurrent pptp session, many support NONE!

ssl vpn makes that problem go away, however if you're looking for Layer 2 traffic you'll not get it over an ssl vpn.

quickvpn, I only have passing familiarity with, from what I can tell, it somewhat resembles L2TP from Microsoft, eg IPSEC only with usernames and passwords. I'm going to bet you'll have the same issue with it (eg only one user per remote site) as you would with pptp, but if it truly does behave like L2TP then you will get some L2 protocol stuff like netbios or appletalk, if you need that. You'd also get L2 information from a pptp client.

You'll have to be careful not to configure both if you do decide to use the synology, cause most routers have a difficult time forwarding ip protocol 47 and GRE packets back, as pptp VPN doesn't just use TCP/UDP, but if they are configured to work as a pptp endpoint, then they will never pass back the GRE information to the synology unit, and you'll wonder why the vpn doesn't work. Good luck.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 08:17 AM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  349
stevech  133
john9527  123
azazel1024  121
L&LD  106
hggomes  82
noric  79
ChristineBCW  67
AndreyPopov  62
Trip  56
RMerlin  5834
stevech  338
john9527  284
ryzhov_al  272
TeHashX  229
L&LD  213
RogerSC  195
sinshiva  146
joegreat  126
sfx2000  124
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  17865
Old Asuswrt-Merli...  13298
Old Asuswrt-Merli...  10521
Old My...  6022
Old Most stable...  5290
Old RT-AC87R (U)...  4511
Old T-Mobile...  3917
Old RT-N66U...  3440
Old Can't trust...  3060
Old Does...  2954
Old Asuswrt-Merli...  122
Old Asuswrt-Merli...  87
Old Asuswrt-Merli...  66
Old My...  57
Old RT-AC87R (U)...  39
Old USB N...  37
Old T-Mobile...  35
Old Most stable...  30
Old New...  28
Old Range: G vs...  28


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.