How do you set up a VPN?

[Saajid]

I need some help/advice on how to set up a VPN.

I believe that the whole point of a VPN, is so that remote workers can "dial-in" to the office network, over the internet. They then have access to the local office network as if they were connected directly? Is this right? Am I missing something?

So now the question is how do you go about setting up a VPN? Do I need additional hardware/software? What are the costs of setting up a VPN?

I am about to purchase an ADSL modem/router for my newly acquired 4mbps ADSL line, and would like to know if there are any particular models that support VPN out of the box - if there is such a thing.

Please help!

 

[Dean]

In terms of software, the support should be built-in to the OS.

I've set VPNs up on Windows XP Professional, so I'm assuming every subsequent Pro/Enterprise/Business/Ultimate version of Windows will have the functionality too.

In terms of hardware, you can get the regular ADSL routers - just make sure one of the features is "VPN Passthrough" - I know the D-Link 2540/2640U etc all have it so just check.

 

[skyevision]

Do yourself a favour and get Logmein / Hamachi - you install the client on your pc and say your laptop. Both pc and laptop (or any other computer(s) you add) will get their own 'static IP'. Create a network on Hamachi and make sure all the computers you would like to include in your VPN joins the Network - you can even password protect it.

Now when you go to the coffee shop with your laptop, you will be able to open your laptop and print a document on the shared printer at home or grab a file on your pc (at home)'s shared folder.

Obviously the file will be transferred via internet, but yeah, that app will give you a virtual private network.

Lemme know if it works for you.

 

[Nuro]

Do yourself a favour and get Logmein / Hamachi - you install the client on your pc and say your laptop. Both pc and laptop (or any other computer(s) you add) will get their own 'static IP'. Create a network on Hamachi and make sure all the computers you would like to include in your VPN joins the Network - you can even password protect it.

Now when you go to the coffee shop with your laptop, you will be able to open your laptop and print a document on the shared printer at home or grab a file on your pc (at home)'s shared folder.

Obviously the file will be transferred via internet, but yeah, that app will give you a virtual private network.

Lemme know if it works for you.

For fairly small installs I would also recommend Hamachi, but if you want proper VPN management or you are worried about sensitive data, stay away from Hamachi. At the end of the day a 3rd party has access to your network.

If you are looking for a enterprise level vpn solution, look no further than OpenVPN (check the community section). It is a free open source solution that is very flexible. It is cross platform and I have personally deployed it across a range of servers.

I would not recommend you run you vpn on the router itself. If ever your router is damaged, you lose your vpn solution as well. It simply means that a router swap out is no longer a trivial task. It also means that if ever you implement hsdpa failover or something to that effect, vpn becomes a hassle. It is always better to have a dedicated vpn box.

 

[skyevision]

For fairly small installs I would also recommend Hamachi, but if you want proper VPN management or you are worried about sensitive data, stay away from Hamachi. At the end of the day a 3rd party has access to your network.

If you are looking for a enterprise level vpn solution, look no further than OpenVPN (check the community section). It is a free open source solution that is very flexible. It is cross platform and I have personally deployed it across a range of servers.

I would not recommend you run you vpn on the router itself. If ever your router is damaged, you lose your vpn solution as well. It simply means that a router swap out is no longer a trivial task. It also means that if ever you implement hsdpa failover or something to that effect, vpn becomes a hassle. It is always better to have a dedicated vpn box.

Totally agree...

 

[Nuro]

I actually use Hamachi for gaming with my brother, and desktop support for my dad (remote desktop). For smaller installs nothings beats its simplicity.

 

[Saajid]

OK so where do I go with this?

It's for a small business, doing software, graphic, & web development. Some of the guys want/need to work from home, and I thought that setting up a VPN is the best way to do this. Right now it's just 2-3 developers, but this could grow to 6 after a year.

I want something that is hassle free, and secure as well. I don't have an extra machine to dedicate as a VPN box. I think getting a modem/router that supports VPN is the best solution.

So.. if I go with the modem/router VPN setup, how does it work? Do I just configure the modem/router, then the guys can "dial" in from home? How do they "dial" in? Do I need to download a VPN client, or is one built into Windows (XP, Vista, 7)

 

[sycogrim08]

Cisco Pix works like a charm for me.... I dont think I could have gotten better tbh

 

[Saajid]

Cisco Pix works like a charm for me.... I dont think I could have gotten better tbh

Which model do you have, how much did it cost, and how does it work?

 

[syntax]

OK so where do I go with this?

It's for a small business, doing software, graphic, & web development. Some of the guys want/need to work from home, and I thought that setting up a VPN is the best way to do this. Right now it's just 2-3 developers, but this could grow to 6 after a year.

I want something that is hassle free, and secure as well. I don't have an extra machine to dedicate as a VPN box. I think getting a modem/router that supports VPN is the best solution.

So.. if I go with the modem/router VPN setup, how does it work? Do I just configure the modem/router, then the guys can "dial" in from home? How do they "dial" in? Do I need to download a VPN client, or is one built into Windows (XP, Vista, 7)

I agree with the modem/router all in one solution. Let me know ur budget on this and I will recommend something.

Do you have a static ip? if not you are going to need dyn dns, otherwise you can connect to the static ip.
If you are not sure how dyn dns works, drop me a PM.

You can use the built in windows vpn client or depending on the modem/router a proprietary client.

 

[Saajid]

I agree with the modem/router all in one solution. Let me know ur budget on this and I will recommend something.

Do you have a static ip? if not you are going to need dyn dns, otherwise you can connect to the static ip.
If you are not sure how dyn dns works, drop me a PM.

You can use the built in windows vpn client or depending on the modem/router a proprietary client.

I don't have a static IP (yet), but I've already got DynDNS set up and working. I'm using it for remote desktop connections to my server.

My budget.. as low as possible I was hoping that VPN is mostly a funtion of the ADSL modem/router, and so the cost would be the price of a higher spec modem/router. So between R1000 and R2000.

I've read about licensing issues for VPN. i.e. you pay a license fee for the number of concurrent VPN connections you require. But I think this is for software-based VPN solutions, where you require a dedicated (Linux) box.

 

[Dean]

I don't have a static IP (yet), but I've already got DynDNS set up and working. I'm using it for remote desktop connections to my server.

My budget.. as low as possible I was hoping that VPN is mostly a funtion of the ADSL modem/router, and so the cost would be the price of a higher spec modem/router. So between R1000 and R2000.

I've read about licensing issues for VPN. i.e. you pay a license fee for the number of concurrent VPN connections you require. But I think this is for software-based VPN solutions, where you require a dedicated (Linux) box.

Dude seriously - use built in Windows VPN with any modem/router that supports VPN Passthrough. The price for one will come in well within/below your budget - recommend the D-Link models as above and the setup is easy (if you're comfortable working with basic Windows networking and the usual ADSL modem web configs)

 

[Saajid]

Dude seriously - use built in Windows VPN with any modem/router that supports VPN Passthrough. The price for one will come in well within/below your budget - recommend the D-Link models as above and the setup is easy (if you're comfortable working with basic Windows networking and the usual ADSL modem web configs)

This sounds easy enough... Do you have any links to some guides or tutorials? My current router supports VPN passthrough. It's broadband router that I'm using with iBurst. If I can get it working with iBurst now, then I'll know what to do when purchasing my ADSL modem/router.

Edit: Will the connection be transparent? I want it to seem as though I am directly connected to the office network. So that I access any network service. I don't only want access to a single server/machine on which the VPN is set up?

Edit: I've read the following 2 articles from TechRepublic
- Configure a Windows Server 2003 VPN on the server side
- Get connected to a Windows Server 2003 VPN in this step-by-step

Very good, well written articles. I think I will go for a Windows Server 2003 setup.

I suppose I just need to ensure that the ADSL modem I purchase supports VPN passthrough, right? Or if it doesn't, I can just forward the correct ports for VPN on my router, to my Windows Server 2003 box, right?

 

[MidnightWizard]

Cisco

I suppose I just need to ensure that the ADSL modem I purchase supports VPN passthrough, right?
Or if it doesn't, I can just forward the correct ports for VPN on my router, to my Windows Server 2003 box, right?

You do not need a special server or other box

This will do all you need

Cisco 800 series VPN config

Lot more info where that came from


MW

 

[Saajid]

You do not need a special server or other box

This will do all you need

Cisco 800 series VPN config

Lot more info where that came from


MW

I presume you will need a Cisco router then? How much does this cost?

 

[Grep]

Listen, hassle free, get a http://www.dlink.com/products/?pid=59. You can do up to 4 PPTP connections and 16 IPSEC connections. With the PPTP, you can just use windows VPN client, take 2 seconds and you are done.

We get ours directly from the suppliers, so you might have to call around.

 

[Saajid]

I'm setting up VPN on my Windows Server 2003 box, using the built-in functionality.

Now I have the following options on my Netgear router, with radio buttons for enable and disable. Do I need to enable all these to allow outside VPN traffic to go to my Windows Server 2003 box?

VPN Passthrough
IPSec Passthrough Enable Disable
PPTP Passthrough Enable Disable
L2TP Passthrough Enable Disable

If I choose enable, how will the router know to which machine to forward VPN traffic? Or is this just for outgoing traffic?!?

If it is for outgoing VPN traffic, then what about incoming traffic? Do I need to set up port forwards (for the VPN ports) so that incoming VPN traffic is forwarded to my Windows Server 2003 box?

Coz surely the router will block all incoming traffic, unless you have a port forward set up, or a DMZ server, or the incoming traffic is the result of an outgoing request ???

EDIT: You need to enable VPN passthrough, as well as setting up port forwards for port 1723 and 43.
EDIT: I thought I enabled VPN passthrough, but I just checked my router now, and it isn't enabled! So how did it work then?

 

[Saajid]

OK so I have set up my VPN, and it is working lekka. I have ADSL at home, and iBurst at the office.

Telkom finally activated my ADSL line at the office, and I tested it with my home ADSL modem. 4mbps is working lekka. Downloaded a DVD rip of the movie 2012 at close to max line speed of 420KBps, using Afrihost bandwidth.

Now I need to purchase an ADSL modem for the office. Currently I'm using the Netgear WNR2000 with the iBurst desktop modem. However, the problem is that the WNR2000 only supports one VPN session at a time, apparently using VPN passthrough. This sucks.

I need to be able to support at least 5 VPN connections. Apparently there are some complexities with NAT and VPN. FAQ 2.10 on the following page has me worried: http://www.ozcableguy.com/routerfaq.asp#2.10

Can you guys recommend an ADSL modem, that will allow me to have at least 5 concurrent VPN sessions, without breaking the bank? I need to buy an ADSL modem/router ASAP so that I can finally ditch iBurst.

 

[MidnightWizard]

TightWad

Can you guys recommend an ADSL modem, that will allow me to have at least 5 concurrent VPN sessions , without breaking the bank?
I need to buy an ADSL modem/router ASAP so that I can finally ditch iBurst.

From your link .........

"One of the more common tales of woe I hear from people is where they've tried to save money
and
have purchased low-end Routers without considering their VPN requirements
and
for a few dollars more they could have had a more suitable product."


You need to state EXPLICITLY -- what the bank is worth.

I have advised you.

Think used / re-furb , think 877 W think 2610XM ( with ADSL WIC ) Think CISCO THINK.


MW

 

[Amida]

OK so I have set up my VPN, and it is working lekka. I have ADSL at home, and iBurst at the office.

Telkom finally activated my ADSL line at the office, and I tested it with my home ADSL modem. 4mbps is working lekka. Downloaded a DVD rip of the movie 2012 at close to max line speed of 420KBps, using Afrihost bandwidth.

Now I need to purchase an ADSL modem for the office. Currently I'm using the Netgear WNR2000 with the iBurst desktop modem. However, the problem is that the WNR2000 only supports one VPN session at a time, apparently using VPN passthrough. This sucks.

I need to be able to support at least 5 VPN connections. Apparently there are some complexities with NAT and VPN. FAQ 2.10 on the following page has me worried: http://www.ozcableguy.com/routerfaq.asp#2.10

Can you guys recommend an ADSL modem, that will allow me to have at least 5 concurrent VPN sessions, without breaking the bank? I need to buy an ADSL modem/router ASAP so that I can finally ditch iBurst.

Just put the router in bridge mode and let the server 2003 dial the PPPoE session. If you do this you can configure RRAS to handle as many VPN connections as you need.