Solved

VPN - Can a Linksys Home Router be used to establish a full time VPN tunnel to a MS PPTP VPN Server?

Posted on 2007-11-13
14
3,942 Views
Last Modified: 2008-01-09
Hey everyone,

I need to know if a Linksys Home/SOHO VPN Router be used to establish a full time VPN tunnel to a MS PPTP VPN Server?  Say for example,
a user at home wants to connect to his office via VPN.  

The corporate VPN solution is a MS PPTP VPN server.  The home user has a capable Linksys, DLink, Netgear, etc VPN tunnel capable router.

Is that possible and has it been seen before?

Thanks,
inverted
0
Comment
Question by:inverted_2000
  • 5
  • 4
  • 2
  • +3
14 Comments
 
LVL 18

Accepted Solution

by:
chuckyh earned 250 total points
ID: 20275302
PPTP is mainly used for session based vpn connections. I don't think you'll be able to establish a constant tunnel with a Ms pptp vpn server.
You'll need a device that does ipsec to establish a constant tunnel between 2 sites.
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20275331
Thanks chuckyh...

Anyone else had some experience trying this?

Thanks (o:
0
 
LVL 29

Expert Comment

by:Michael W
ID: 20275370
The nearest Linksys router that can work as a full time VPN tunnel is either the BEFSX41, BEFVP41 and the RV Series (i.e. RVS4000, RV016, etc).

I recommend the RV016 class units as these are the easiest to setup and have a number of features to make sure the tunnel stays up, even where there is no traffic going on.

0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 9

Assisted Solution

by:Brugh
Brugh earned 50 total points
ID: 20275387
^ Chuck is correct. You will have to establish IPSec Tunnel between the two devices and yes, depending on which model you own, the linksys will do Point to point VPN tunneling.  You will just want to verify that against the product manual.

You must have a firewall at the main office, in which case, you will need to know if the main office router can handle IPSec tunnels(most can),  and then determine if its compatible with the Linksys you want to use at the home.

However, keep in mind that a HOME network is not normally protected and if that tunnel is always up, you open yourself up to a big security gap.

 - brugh

0
 
LVL 29

Expert Comment

by:Michael W
ID: 20275395
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20275435
The "Linksys" SOHO VPN routers...which I've installed for SMB offices from time to time...are IPSec based VPN applicances.

Our MS server, being a PPTP, will not, or is not configured for IPSec tunnels...so,

1)  Being that our MS VPN server at work is PPTP, users can NOT establish a full time tunnel with a retail SOHO VPN router such was the WRV54G router from Links, or the other models that mwecomputers pointed out.
2) A full time tunnel via IPSec would be possible if the MS server at the office was configured for that and the SOHO VPN router was configured for the office tunnel?

What cha think about those 2 questions?
thanks a ton folks.
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20275456
yeah mwecomputers:

I just installed a  
WRVS4400N
in a SOHO...the VPN Client software still isn't too good, and it dropped the wireless clients like mad till I upgraded the firmware a few weeks ago for them.

FYI )o:
0
 
LVL 29

Expert Comment

by:Michael W
ID: 20275591
I hope you aren't using the Linksys QuickVPN client software on the remote user platforms. It's crap. The hardware VPN endpoints will be the most likely bet, the issue is just finding one that handles IPSec correctly.

Can you describe the network infrastructure and the server environment the users need access to? That might give us a better picture where to start and how to design a solution for the problem.
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20275692
Big corporate Network uses PPTP on a MS server 2003 to allow remote VPN access for remote, single laptop type, users.

A boss of mine wants a couple of thin clients to access the Big Corporate network without using another MS Server to create the connection, but a much less expensive SOHO router that the thin clients will connect to the terminal server with.

Hope that helps (o:
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 50 total points
ID: 20282033
If you want to flash a new OS onto your router you can
http://lifehacker.com/software/router/hack-attack-turn-your-60-router-into-a-600-router-178132.php

A list of supported SOHO routers is here:
http://www.dd-wrt.com/wiki/index.php/Supported_Devices

installation instructions are here:
http://www.dd-wrt.com/wiki/index.php?title=Installation#Is_your_router_supported.3F

Of course this isn't supported by linksys.

0
 
LVL 29

Assisted Solution

by:Michael W
Michael W earned 150 total points
ID: 20289936
Since the MS PPTP server most likely requires MS-CHAP to be used (i.e. desktop clients are readily available), I don't really think there is a hardware VPN router solution to this.

Now, if your remote users had say a linux server available, they could setup something like a FreeS/WAN or PPTP Client on it and have it be used for a network sharing connection.

PPTP Client -- http://pptpclient.sourceforge.net
Poptop - The PPTP Server for Linux -- http://www.poptop.org/
FreeS/WAN -- http://www.jacco2.dds.nl/networking/freeswan-l2tp.html
0
 
LVL 18

Expert Comment

by:chuckyh
ID: 20290355
So to sum it all up.

If you want to establish full time VPN tunnels between 2 sites, you'll need firewalls/routers that can do ipsec tunnels at both sites, that is by far the easiest way..
Ms server can be configured to do an ipsec tunnel. http://support.microsoft.com/kb/816514
I wouldn't recommend it though.
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20293193
My Boss installed a 2003 Std box to conduct the VPN connection.

I really appreciate eveyone's comments and help.  I learned some very useful new information from this.

THanks again,
inverted
0
 

Expert Comment

by:Ben Zarpentine
ID: 24445322
Do those routers mention above support VPN Split tunneling or Full tunneling?
Thanks,
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question