SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Security > VPN

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 02-01-2013, 06:16 AM
ChrisB1 ChrisB1 is offline
New Member
 
Join Date: Jan 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
ChrisB1 is just starting out
Default Hardware VPN - please help me understand...

Hi everyone, I'm hoping you can help me out with a query I have with regard to getting a VPN set up at home.

I currently have a number of wired and wireless machines at home, all linked to a Netgear R6300. This is then plugged into a modem through the WAN port. I have a dynamic IP address, and I've not yet set up a DDNS, but I shall. I'm really very happy with the whole set-up, and it does everything I want... apart from having a VPN.

Now, is it possible to add a VPN endpoint to this set-up without buying a whole new router? I'm not interested in setting up a software VPN - I want a hardware box which can be left on at all times. I want to be able to connect to this remotely using my laptop, Android phone and iPad (not at the same time) and simply get an internal IP address with which I can use to initiate a RDP to my file server, or just navigate files on my NAS using Samba. Essentially, it will only be a VPN endpoint, and I would tunnel to it only. No need for site-to-site, no need to SSL, no need for any advance features, no need for any UTM, spam filters, firewall. No need for wireless. No need for any silly apps (like Cisco QuickVPN) to connect. No need for anything apart from a standard VPN endpoint.

So, how on earth do I go about doing this??? I have read and read and read until my eyes are about to explode, and I still don't understand how I can set this up easily :-(
Ultimately, what I'd like is to have a VPN box *inside* the network (ie. a client attached to the router via LAN), but I just can't see any products which do this. I must be either missing something or alternatively it cannot be done.

As far as I can see, all of the products on offer are essentially routers, with multiple LAN ports and 1 or more WAN ports for a modem. This isn't really what I'm after, as I don't want to replace my router - I want to augment it with VPN! The routing functions are good. The firewall is good. Everything is set up just how I want it.

Can anyone help?

Thanks
Breame

Last edited by ChrisB1; 02-01-2013 at 06:48 AM.
Reply With Quote
  #2  
Old 02-01-2013, 06:17 AM
ChrisB1 ChrisB1 is offline
New Member
 
Join Date: Jan 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
ChrisB1 is just starting out
Default

I'm stabbing in the dark here, but I'm guessing that I'm probably going to have to:
1. Disable the DHCP on my router
2. Disable all of the router functions and somehow switch it to some sort of 'access point' mode
3. Add a VPN gateway/router into the mix, and make that the router
4. Plug all my hardware into the VPN gateway instead of the wireless router
5. Run a cable from the gateway to the wireless router, so that my wireless devices can connect

This is sort of defeating the whole point of having such a nice router in the first place, as I'll only be using it as an access point :-(

Not only that, but as far as I can see, if I replace the router with a VPN gateway/router, throughput will drop through the floor (and that includes standard IP traffic as well as VPN traffic). My broadband is 100Mb/s and I do use bittorrent, so speed and connection restrictions would be completely unacceptable.

I just don't understand why I can't have a VPN inside the LAN?? Software VPNs work this way, why don't hardware VPNs?

Last edited by ChrisB1; 02-01-2013 at 06:44 AM.
Reply With Quote
  #3  
Old 02-01-2013, 12:43 PM
thiggins's Avatar
thiggins thiggins is offline
Mr. Easy
 
Join Date: May 2008
Posts: 9,239
Thanks: 166
Thanked 638 Times in 542 Posts
thiggins is just starting out
Default

Software VPNs run on each client that you want to terminate or originate a VPN tunnel to/from. You want to terminate your tunnel at the network gateway so that you don't have to install software clients.

As you have found out, the best way to do this is with a VPN-enabled router. The TP-LINK TL-ER6020 will handle your WAN throughput just fine and provide high VPN throghput, too. Convert your R6300 to an AP and you'll be all set.
__________________
Tim Higgins
Managing Editor,SmallNetBuilder.com
Reply With Quote
  #4  
Old 02-04-2013, 10:51 AM
ChrisB1 ChrisB1 is offline
New Member
 
Join Date: Jan 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
ChrisB1 is just starting out
Default

Mr Higgins, you are a scholar and a gentleman! Thanks for your response - much appreciated.

It does seem like a bit of a shame to disable my router, but if that's what needs to be done, then fair enough. It does also seem to be increasing the number of boxes I have (modem, router, access point instead of just modem, router/access point).

One alternative I suppose is maybe to sell my Netgear and purchase a wireless router with VPN built-in. I could maybe purchase an Asus RT-N66U (in the hope that the firmware is in a better state than when it was originally reviewed...).

Ultimately, I think I'll probably go with your suggestion though.

Thanks again
Reply With Quote
  #5  
Old 03-28-2013, 12:07 PM
Pain Pain is offline
New Member
 
Join Date: Mar 2013
Posts: 16
Thanks: 0
Thanked 1 Time in 1 Post
Pain is just starting out
Default

OP, If you are still watching this thread, be advised that the TP-ER6020 has some issues with client vpns. It will not currently allow you to use the same subnet for your vpn clients as the LAN, making it sort of useless.

There are other inexpensive hardware vpns, and I'm currently working my way through them to find some that are reliable, yet cheap. Seems those 2 things are mutually exclusive

I don't think your netgear will support DD-WRT [third party firmware]. You could get a Linksys router like an E4200 [or other router supported by DD-WRT] and that will give you a hardware vpn solution that works great. That Linksys router is also fast enough for your internet connection. I have one and if I could have gotten it to work with a site-to-site vpn I would have used it, but I need both site-to-site and client-to-site.

It would take some time to figure out DD-WRT though, so there will be a time investment.
Reply With Quote
  #6  
Old 04-01-2013, 07:24 AM
Samir's Avatar
Samir Samir is offline
Member
 
Join Date: Apr 2013
Location: HSV
Posts: 85
Thanks: 1
Thanked 5 Times in 5 Posts
Samir is just starting out
Default

Quote:
Originally Posted by ChrisB1 View Post
I'm stabbing in the dark here, but I'm guessing that I'm probably going to have to:
1. Disable the DHCP on my router
2. Disable all of the router functions and somehow switch it to some sort of 'access point' mode
3. Add a VPN gateway/router into the mix, and make that the router
4. Plug all my hardware into the VPN gateway instead of the wireless router
5. Run a cable from the gateway to the wireless router, so that my wireless devices can connect

I just don't understand why I can't have a VPN inside the LAN?? Software VPNs work this way, why don't hardware VPNs?
1. yep
2. yep, it can't be the gateway
3. yep, because it needs to know all the routes to route traffic properly
4. not necessarily. You can just run a single wire from the new vpn router to the current switch/router being used as a switch
5. not necessary if you're plugging into the existing network in step 4.

The reason you can't have it inside the lan is that it needs a direct connection to your internet to create the tunnel.

One way around this is to get another IP address from your service provider. And then you'd have turn off DHCP and statically assign a LAN IP to the VPN router on the same subnet as your main router, which may not work. So then you'd have to switch the new router to do the DHCP and statically assign a LAN IP to your old router.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 12:22 PM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  440
azazel1024  129
john9527  90
L&LD  88
htismaqe  84
stevech  71
ColinTaylor  67
hggomes  64
sfx2000  61
Anzaia  50
RMerlin  6263
john9527  443
stevech  352
ryzhov_al  289
TeHashX  252
L&LD  241
RogerSC  202
sinshiva  146
sfx2000  136
joegreat  127
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  43354
Old RT-AC68 -...  21098
Old RT-AC68P...  6781
Old Moderate Nat...  4336
Old ASUS RT-N66U...  3926
Old iOS 8.1...  3699
Old WiFi...  2348
Old RT-AC87U -...  2296
Old Firewall...  1914
Old RT-AC68P QOS...  1859
Old Asuswrt-Merli...  203
Old RT-AC68 -...  137
Old Review: 24...  35
Old RT-AC68P...  33
Old iOS 8.1...  33
Old Firewall...  29
Old Moderate Nat...  27
Old WiFi...  27
Old RT-AC87U -...  26
Old How to flash...  24


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.