Setting Up a VPN

Posted on 2006-06-15
Last Modified: 2012-05-05
I need to setup a VPN. I was looking at the Linksys RV082 since tom's hardware guide gave it good reviews but was going to downgrade to the RV042 since it looks like it supports more tunnels than I could use in the immediate future and is a bit cheaper. I have read mixed reviews on the RV042 though.

Basically I have a warehouse with a central infrastructure. The satellite stores around town need to be able to talk to a server I have at the warehouse. I want to accomplish this by going over VPN. One thing I like about the Linksys is that it provides dual WAN. This is good since I have 5 static dynamic business DSL IPs at each building. I will have to call AT&T but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?

Now, the question is, how do I want the satellite stores to connect to the internet, do I want to have them do everything over the VPN, or do I just want a pass through tunnel for them to talk to the central server and have them do everything else over the IPs at their location.

If I were to do everything over the VPN then I think it would be easier to get a hardware (firewall or router)/client. Do these exist? So the actual hardware box will act as a client to the RV042 VPN server and then NAT IPs to all the computers behind it.

Or, would it be better to get a "vpn router" that will allow vpn passthrough and use the built in PPTP client that XP Pro has? This way there won't be a bottleneck on the warehouse, which has a 1.5Mbps download and 512kbps upload.

Question by:dignified
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 79

Expert Comment

ID: 16917436
>but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?
1 DSL shares total bandwidth with all 5 IP addresses.

I like the idea of using an RV042 at each remote site and even at the central site.
Let each site have their own Internet access and only cross the VPN to get to the central server(s). The only way not to do that would be to have a proxy server at the central site. Then all remote Internet access comes through your bottleneck not once, not twice, but FOUR times
The RV042 is a perfect hardare client/server. They are actually "peers" and pass whatever traffic you define through the VPN tunnel.
It will simultaneously NAT and provide Stateful Packet Inspection firewall for all computers behind it.
The RV042 *is* a "vpn router". No passthrough required, don't use the PPTP client. No need for it at all.
Be like Nike and just do it!


Author Comment

ID: 16917864
Thank you, I do need to just do it hehe... I'm the same poster who was asking about segmenting the network with vlans ( I just have never used any of this high end hardware before so I am a little hesitant to go out and spend a thousand dollars before I fully understand my needs. I'm getting there though. I think I will definitely go out and go pick an RV042 up tomorrow so I can at least play with that for a day or two. I like the fact especially that it provides SPI.

So for my setup I'm still unsure about one thing and I will try my best to explain it.

So if I have WAN ip addresses at the warehouses of 1.1.1.[1-5]. I can get an L3 switch and plug the WAN into one port and assign a vlan of Then I plug the RV042 into a port assigned the same VLAN, let's say the VPN has WAN ip Then I plug in the server into the RV042 and any other computers at the warehouse that need to be on the VPN.

Then, remember, I have a second VLAN that needs to be completely isolated from the internet minus one computer, I'll put those computers on So then, would I just make a VLAN for and assign another IP, lets say, to a port on the switch and then use an access list to pass through the one computer? Would I not need to put another firewall up in front of that? If I used another firewall, could I settle for an L2 switch?


Expert Comment

ID: 16918180
>but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?>  Each static IP should be guaranteed to have it's own bandwidth size, otherwise what's the point? You're paying for it, you should get it. Call tech support at AT&T: 1-800-219-9786 and confirm this. It's been a few years since I was a dsl tech for SBC, but even tho AT&T bought them out, it should be the same..Booda2us
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.


Author Comment

ID: 16918186
I don't think they do actually, but I will call to make sure. Because it is just one line being run to your building. You'd need 5 separate lines.

Expert Comment

ID: 16919758
I would say you are generaly better off with the winxp VPN server, it is normaly more flexable and can be more easily integrated into the rest of your system (paswords etc).
LVL 79

Accepted Solution

lrmoore earned 250 total points
ID: 16920204
dignified, that is not exactly what I had in mind....

WAN link ---> RV042
                           | ----> LAN Port -----> Switch
                                                             VLAN xyz
                                                             VLAN abc

You don't really need to use any more than 1 public IP on the WAN link of the RV042 and use Private IP addresses on the servers (192.168.178.x)  Let's say your server is
Do the same thing at each store where the LAN IP's are in different IP subnets.
Store1 =
Store2 =
Store3 =
Point the default gateway of the servers and other systems that need Internet access to the LAN IP of the RV042
There will be a permanent VPN connection between Store1's private ip and the Warehouse Private IP subnet. No need for anything else like a WinXP VPN server anywhere.

Author Comment

ID: 16920491
So that diagram *is* what you have in mind? That switch should be an L3 switch also?

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question