Need a versatile secure VPN

borgmember
borgmember used Ask the Experts™
on
Hi,

I need a VPN that will always work and be very secure. My customers and I usually use RV042 or 82 so I like to use what I sell, but the quickvpn software is buggy and is sometimes blocked.

I currently have an RV042 at my office and use quickvpn. At some sites I visit the traffic must be blocked because it will not connect and at others it does. I like it when it works because it is IPSEC with a certificate. People tell me to use pptp between the router and laptop because its all buit in and easy, but I am a security nut and want this tight.

At a main job site of mine I cannot using the quickvpn client as their firewall must be blocking me. Someone said I could setup an l2tp session between theRV042 and me, but I have not tried.

I have downloaded the open vpn virutal machine. I could add that to my vmware host, and use it to make a cert and use openvpn on my laptop. I dont know how, but from what I gather I might be able to route web traffic through the VPN to the office and go out that way to avoid download restrictions and content filters at the various offices I visit. Currently when quickvpn works, I remote desktop an office machine and browse/work from it, but the above feature would be nice if its not too complicated.

What would you use?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
I have been reading about pfsense and Untangle. It appears that pfsense is widely used and supported. I will give it a try tomorrow as a VM and see what it can do.
Top Expert 2013

Commented:
>>"need a VPN that will always work "
Not sure that is possible :-)
I like the RV042/82 as well, but I agree the QuickVPN client can be very flaky.

You could purchase thegreenbow client which is more difficult to configure but is much more stable and you could keep your existing routers.
http://www.thegreenbow.com
http://www.thegreenbow.com/doc/tgbvpn_cg_RV042_en.pdf

Other than that if you want stability, security, and good support I would recommend a Cisco unit. The newer ASA5500 series are easy to set up and affordable, starting about $400.  The other advantage of the Cisco is you can set up site to site tunnels with your existing RV042 & 82's.
"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
Commented:
IPsec, PPTP, L2TP with or without IPsec are often blocked in Office networks. Even HTTP/HTTPS (SSL/TLS) is blocked often, HTTP for obvious reasons. So, if ports are blocked, you can't get out. No VPN or other solution will help you there.

I understand you do not want PPTP. It can be decent secure if used with a very very long password, but I would not trust it to be really secure. And it is prone to GRE routing/forwarding errors, and often does not allow to have more than one PPTP connection active at one time in the whole LAN.

L2TP/IPSec would be secure enough, even with pre-shared secret instead of a certificate (if no-one knows that PSK). But it is blocked often.

IPSec itself is secure, if used with decent algorithms (DES is a no-go). Performance degredation is acceptable. But NATting issues arise, and again - often blocked.

Instead of GreenBow I would use the free (!) Shrew VPN Client (www.shrew.net). It connects to almost any device, and the site holds ready tutorials for many of them.

With OpenVPN. which is really secure, you would have to use the SSL port, which has the best chance not to be blocked.

Author

Commented:
I will eventually use pfsense and openvpn when they release the new version. Right now I am using untangle as it makes the openvpn really simple.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial