Solved

VPN - Can a Linksys Home Router be used to establish a full time VPN tunnel to a MS PPTP VPN Server?

Posted on 2007-11-13
14
3,941 Views
Last Modified: 2008-01-09
Hey everyone,

I need to know if a Linksys Home/SOHO VPN Router be used to establish a full time VPN tunnel to a MS PPTP VPN Server?  Say for example,
a user at home wants to connect to his office via VPN.  

The corporate VPN solution is a MS PPTP VPN server.  The home user has a capable Linksys, DLink, Netgear, etc VPN tunnel capable router.

Is that possible and has it been seen before?

Thanks,
inverted
0
Comment
Question by:inverted_2000
  • 5
  • 4
  • 2
  • +3
14 Comments
 
LVL 18

Accepted Solution

by:
chuckyh earned 250 total points
ID: 20275302
PPTP is mainly used for session based vpn connections. I don't think you'll be able to establish a constant tunnel with a Ms pptp vpn server.
You'll need a device that does ipsec to establish a constant tunnel between 2 sites.
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20275331
Thanks chuckyh...

Anyone else had some experience trying this?

Thanks (o:
0
 
LVL 29

Expert Comment

by:Michael W
ID: 20275370
The nearest Linksys router that can work as a full time VPN tunnel is either the BEFSX41, BEFVP41 and the RV Series (i.e. RVS4000, RV016, etc).

I recommend the RV016 class units as these are the easiest to setup and have a number of features to make sure the tunnel stays up, even where there is no traffic going on.

0
 
LVL 9

Assisted Solution

by:Brugh
Brugh earned 50 total points
ID: 20275387
^ Chuck is correct. You will have to establish IPSec Tunnel between the two devices and yes, depending on which model you own, the linksys will do Point to point VPN tunneling.  You will just want to verify that against the product manual.

You must have a firewall at the main office, in which case, you will need to know if the main office router can handle IPSec tunnels(most can),  and then determine if its compatible with the Linksys you want to use at the home.

However, keep in mind that a HOME network is not normally protected and if that tunnel is always up, you open yourself up to a big security gap.

 - brugh

0
 
LVL 29

Expert Comment

by:Michael W
ID: 20275395
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20275435
The "Linksys" SOHO VPN routers...which I've installed for SMB offices from time to time...are IPSec based VPN applicances.

Our MS server, being a PPTP, will not, or is not configured for IPSec tunnels...so,

1)  Being that our MS VPN server at work is PPTP, users can NOT establish a full time tunnel with a retail SOHO VPN router such was the WRV54G router from Links, or the other models that mwecomputers pointed out.
2) A full time tunnel via IPSec would be possible if the MS server at the office was configured for that and the SOHO VPN router was configured for the office tunnel?

What cha think about those 2 questions?
thanks a ton folks.
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20275456
yeah mwecomputers:

I just installed a  
WRVS4400N
in a SOHO...the VPN Client software still isn't too good, and it dropped the wireless clients like mad till I upgraded the firmware a few weeks ago for them.

FYI )o:
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 29

Expert Comment

by:Michael W
ID: 20275591
I hope you aren't using the Linksys QuickVPN client software on the remote user platforms. It's crap. The hardware VPN endpoints will be the most likely bet, the issue is just finding one that handles IPSec correctly.

Can you describe the network infrastructure and the server environment the users need access to? That might give us a better picture where to start and how to design a solution for the problem.
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20275692
Big corporate Network uses PPTP on a MS server 2003 to allow remote VPN access for remote, single laptop type, users.

A boss of mine wants a couple of thin clients to access the Big Corporate network without using another MS Server to create the connection, but a much less expensive SOHO router that the thin clients will connect to the terminal server with.

Hope that helps (o:
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 50 total points
ID: 20282033
If you want to flash a new OS onto your router you can
http://lifehacker.com/software/router/hack-attack-turn-your-60-router-into-a-600-router-178132.php

A list of supported SOHO routers is here:
http://www.dd-wrt.com/wiki/index.php/Supported_Devices

installation instructions are here:
http://www.dd-wrt.com/wiki/index.php?title=Installation#Is_your_router_supported.3F

Of course this isn't supported by linksys.

0
 
LVL 29

Assisted Solution

by:Michael W
Michael W earned 150 total points
ID: 20289936
Since the MS PPTP server most likely requires MS-CHAP to be used (i.e. desktop clients are readily available), I don't really think there is a hardware VPN router solution to this.

Now, if your remote users had say a linux server available, they could setup something like a FreeS/WAN or PPTP Client on it and have it be used for a network sharing connection.

PPTP Client -- http://pptpclient.sourceforge.net
Poptop - The PPTP Server for Linux -- http://www.poptop.org/
FreeS/WAN -- http://www.jacco2.dds.nl/networking/freeswan-l2tp.html
0
 
LVL 18

Expert Comment

by:chuckyh
ID: 20290355
So to sum it all up.

If you want to establish full time VPN tunnels between 2 sites, you'll need firewalls/routers that can do ipsec tunnels at both sites, that is by far the easiest way..
Ms server can be configured to do an ipsec tunnel. http://support.microsoft.com/kb/816514
I wouldn't recommend it though.
0
 
LVL 2

Author Comment

by:inverted_2000
ID: 20293193
My Boss installed a 2003 Std box to conduct the VPN connection.

I really appreciate eveyone's comments and help.  I learned some very useful new information from this.

THanks again,
inverted
0
 

Expert Comment

by:Ben Zarpentine
ID: 24445322
Do those routers mention above support VPN Split tunneling or Full tunneling?
Thanks,
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now