SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Security > VPN

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 02-01-2013, 05:16 AM
ChrisB1 ChrisB1 is offline
New Member
 
Join Date: Jan 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
ChrisB1 is just starting out
Default Hardware VPN - please help me understand...

Hi everyone, I'm hoping you can help me out with a query I have with regard to getting a VPN set up at home.

I currently have a number of wired and wireless machines at home, all linked to a Netgear R6300. This is then plugged into a modem through the WAN port. I have a dynamic IP address, and I've not yet set up a DDNS, but I shall. I'm really very happy with the whole set-up, and it does everything I want... apart from having a VPN.

Now, is it possible to add a VPN endpoint to this set-up without buying a whole new router? I'm not interested in setting up a software VPN - I want a hardware box which can be left on at all times. I want to be able to connect to this remotely using my laptop, Android phone and iPad (not at the same time) and simply get an internal IP address with which I can use to initiate a RDP to my file server, or just navigate files on my NAS using Samba. Essentially, it will only be a VPN endpoint, and I would tunnel to it only. No need for site-to-site, no need to SSL, no need for any advance features, no need for any UTM, spam filters, firewall. No need for wireless. No need for any silly apps (like Cisco QuickVPN) to connect. No need for anything apart from a standard VPN endpoint.

So, how on earth do I go about doing this??? I have read and read and read until my eyes are about to explode, and I still don't understand how I can set this up easily :-(
Ultimately, what I'd like is to have a VPN box *inside* the network (ie. a client attached to the router via LAN), but I just can't see any products which do this. I must be either missing something or alternatively it cannot be done.

As far as I can see, all of the products on offer are essentially routers, with multiple LAN ports and 1 or more WAN ports for a modem. This isn't really what I'm after, as I don't want to replace my router - I want to augment it with VPN! The routing functions are good. The firewall is good. Everything is set up just how I want it.

Can anyone help?

Thanks
Breame

Last edited by ChrisB1; 02-01-2013 at 05:48 AM.
Reply With Quote
  #2  
Old 02-01-2013, 05:17 AM
ChrisB1 ChrisB1 is offline
New Member
 
Join Date: Jan 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
ChrisB1 is just starting out
Default

I'm stabbing in the dark here, but I'm guessing that I'm probably going to have to:
1. Disable the DHCP on my router
2. Disable all of the router functions and somehow switch it to some sort of 'access point' mode
3. Add a VPN gateway/router into the mix, and make that the router
4. Plug all my hardware into the VPN gateway instead of the wireless router
5. Run a cable from the gateway to the wireless router, so that my wireless devices can connect

This is sort of defeating the whole point of having such a nice router in the first place, as I'll only be using it as an access point :-(

Not only that, but as far as I can see, if I replace the router with a VPN gateway/router, throughput will drop through the floor (and that includes standard IP traffic as well as VPN traffic). My broadband is 100Mb/s and I do use bittorrent, so speed and connection restrictions would be completely unacceptable.

I just don't understand why I can't have a VPN inside the LAN?? Software VPNs work this way, why don't hardware VPNs?

Last edited by ChrisB1; 02-01-2013 at 05:44 AM.
Reply With Quote
  #3  
Old 02-01-2013, 11:43 AM
thiggins's Avatar
thiggins thiggins is online now
Mr. Easy
 
Join Date: May 2008
Posts: 9,013
Thanks: 151
Thanked 593 Times in 500 Posts
thiggins is just starting out
Default

Software VPNs run on each client that you want to terminate or originate a VPN tunnel to/from. You want to terminate your tunnel at the network gateway so that you don't have to install software clients.

As you have found out, the best way to do this is with a VPN-enabled router. The TP-LINK TL-ER6020 will handle your WAN throughput just fine and provide high VPN throghput, too. Convert your R6300 to an AP and you'll be all set.
__________________
Tim Higgins
Managing Editor,SmallNetBuilder.com
Reply With Quote
  #4  
Old 02-04-2013, 09:51 AM
ChrisB1 ChrisB1 is offline
New Member
 
Join Date: Jan 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
ChrisB1 is just starting out
Default

Mr Higgins, you are a scholar and a gentleman! Thanks for your response - much appreciated.

It does seem like a bit of a shame to disable my router, but if that's what needs to be done, then fair enough. It does also seem to be increasing the number of boxes I have (modem, router, access point instead of just modem, router/access point).

One alternative I suppose is maybe to sell my Netgear and purchase a wireless router with VPN built-in. I could maybe purchase an Asus RT-N66U (in the hope that the firmware is in a better state than when it was originally reviewed...).

Ultimately, I think I'll probably go with your suggestion though.

Thanks again
Reply With Quote
  #5  
Old 03-28-2013, 11:07 AM
Pain Pain is offline
New Member
 
Join Date: Mar 2013
Posts: 16
Thanks: 0
Thanked 1 Time in 1 Post
Pain is just starting out
Default

OP, If you are still watching this thread, be advised that the TP-ER6020 has some issues with client vpns. It will not currently allow you to use the same subnet for your vpn clients as the LAN, making it sort of useless.

There are other inexpensive hardware vpns, and I'm currently working my way through them to find some that are reliable, yet cheap. Seems those 2 things are mutually exclusive

I don't think your netgear will support DD-WRT [third party firmware]. You could get a Linksys router like an E4200 [or other router supported by DD-WRT] and that will give you a hardware vpn solution that works great. That Linksys router is also fast enough for your internet connection. I have one and if I could have gotten it to work with a site-to-site vpn I would have used it, but I need both site-to-site and client-to-site.

It would take some time to figure out DD-WRT though, so there will be a time investment.
Reply With Quote
  #6  
Old 04-01-2013, 06:24 AM
Samir's Avatar
Samir Samir is offline
Member
 
Join Date: Apr 2013
Location: HSV
Posts: 85
Thanks: 1
Thanked 5 Times in 5 Posts
Samir is just starting out
Default

Quote:
Originally Posted by ChrisB1 View Post
I'm stabbing in the dark here, but I'm guessing that I'm probably going to have to:
1. Disable the DHCP on my router
2. Disable all of the router functions and somehow switch it to some sort of 'access point' mode
3. Add a VPN gateway/router into the mix, and make that the router
4. Plug all my hardware into the VPN gateway instead of the wireless router
5. Run a cable from the gateway to the wireless router, so that my wireless devices can connect

I just don't understand why I can't have a VPN inside the LAN?? Software VPNs work this way, why don't hardware VPNs?
1. yep
2. yep, it can't be the gateway
3. yep, because it needs to know all the routes to route traffic properly
4. not necessarily. You can just run a single wire from the new vpn router to the current switch/router being used as a switch
5. not necessary if you're plugging into the existing network in step 4.

The reason you can't have it inside the lan is that it needs a direct connection to your internet to create the tunnel.

One way around this is to get another IP address from your service provider. And then you'd have turn off DHCP and statically assign a LAN IP to the VPN router on the same subnet as your main router, which may not work. So then you'd have to switch the new router to do the DHCP and statically assign a LAN IP to your old router.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 09:59 AM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  364
stevech  156
KGB7  119
Kel-L  102
sfx2000  98
azazel1024  93
sinshiva  83
john9527  81
fistv  70
F5ing  68
RMerlin  5603
stevech  329
ryzhov_al  266
TeHashX  217
L&LD  192
RogerSC  190
sinshiva  143
joegreat  127
jlake  122
sfx2000  121
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  78299
Old Asuswrt-Merli...  47556
Old [Fork]...  20482
Old Asus locking...  10399
Old ASUS...  8454
Old Incoming...  8064
Old Asuswrt-Merli...  3432
Old Asuswrt-Merli...  3059
Old Thinking of...  2218
Old 376.44 -...  1805
Old Asuswrt-Merli...  393
Old Asuswrt-Merli...  215
Old [Fork]...  136
Old Asus locking...  125
Old Connection...  55
Old ASUS...  50
Old [HOW TO]...  50
Old Incoming...  44
Old 376.44 -...  40
Old Use the same...  35


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.