VPN connection through Netgear router

Hi Guys,

I have a small private network with Netgear router to the internet.
I've subscribed to Cactus, (a public VPN service)

Up until now I've used my PC to establish a VPN connection through Windows to Cactus, by means of IP, username & password.

I'd like to setup a permanent VPN connection on the Netgear router and let the PC access the VPN tunnel through the router.

I am not sure if this is at all possible?

The Netgear router is asking for a pre-shared key, remote network settings, etc.

Cactus supplied:

VPN servers (PPTP & L2TP/IPsec)  IP's
Proxy settings (type = https)
Ports:  3129, 8080,81

What type of connection should I use in the Netgear config to accomplish this?
Rupert EghardtProgrammerAsked:
Who is Participating?
BembiConnect With a Mentor CEOCommented:
Right. As you can not really see, how a provider VPN is configured - there are a lot of options - you may run into some weird trouble. But even you can have luck.

Just to explain: a endpoint to endpoint vpn tunnel connect two endpoints together. The connection is bidirectional, so each endpoint can connect to each other endpoint, dependedn on which side the request is initiated. Typical is a router to router VPN.

A client to endpoint connection is allways initiated from the client, means unidirectional. The client requests the connection (i.e. windows build in VPN) and the endpoint connects the client.

Provider VPN connection can have different constructions. But mostly they offer a vpn endpoint to the local network, what is connecte by their routers to the internet. In this case the provider router is the endpoint or a device before the provider router. Usually a client to endpoint connection, nevertheless, if you know the correct configuration, you can build a endpoint to endpoint (connection).

Due to security reasons, it is a best practise to keep the endpoint near the local network. As you can not control the provider router, you have to trust the provider. If the endpoint is in your own network, the provider is out of scope.

The other best practise is to take two identical routers. There some interesting implementations and sometimes the preconfiguration of the routers is such different (between differenent manufacturers, that it is sometimes difficult to get them connected together. Two identical routers have the same preconfigurations and even the configurations dialog is equal, so that you do not need to fight with the understanding of differne tsoftware settings. Also some routers does not really like each other.

Most of the standard routers in the 100-200 USD class has implemented LAN to LAN VPN, so not the bigest investment. Of course you get also 2000 USD routers if you like.
If it's asking for a pre-shared key, then it sounds like it's trying to use the IPSec protocol.  That's not compatible with PPTP.

I suggest you contact Cactus technical support and ask them if they can recommend any particular brand of router.  Failing that, ask them what capabilities your router needs in order to set up a permanent link.
There are in general two constellations. Client to endpoint and endpoint to endpoint.
In a client to endpoint szenarion, you setip some VPN settings on a router, and you have to provide these settings on the client (via client software or Windows VPN.
In an endpoint to endpoitn szenario, the two endpoints talkin to each other and the client does not be aware about the vpn tunnel.

Nevertheless two windows servers can be involved in such a tunnel, it is more usual to use two devices in fron tof the windows network, i.e two routes. In this case, both router need the capability to allow endpoint to endpoint (or LAN to LAN) vpn tunnels. The basic setup is that each router can connect to each other router by vpn in any direction. This need a cross over setup, so router1 has a VPN endpoint, what is accessed by router2, and router2 has an endpoint what is accessed by router2. Most routers have such capabilities, at least the not most cheapest one.

If there is such a LAN to LAN possibilit,y the next step is, how the two router can secure the connection. Preshared key is the one (a key to validate and possibly encrpyt the traffic), what is something like a password, setiup on each router to connect to the other side. More secure but also more specific is to use certificates, which than have to be exchange between the two router, hat the one side knows the certificate of the other-

In practise, both endpoints (routers) should be the same to make sure, all capabilities are supported. Then you setup a LAN to LAN connection on both routes, so that tehy can connect in both directions. Than you decide, on which level (PPP, IPSEC, LT2P) they secure the connection and what is needed for this setting (i.e. preshared key or certificate).
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Rupert EghardtProgrammerAuthor Commented:
Thanks Bembi,

So as far as I understand,

The router VPN option is for a router-to-router VPN tunnel, (endpoint to endpoint)
Or for a client to connect to the router from externally. (client to endpoint)

There is normally no option that I can setup / connect to a public VPN service using a router?  Thus having that public VPN service permanently available on my internal network?
asavenerConnect With a Mentor Commented:
There is normally no option that I can setup / connect to a public VPN service using a router?  Thus having that public VPN service permanently available on my internal network?
That would  be a router-to-router connection.  I used to do that for my corporate connection when I worked from home.  Any traffic to the corporate network went through my router and then over the VPN.

The question is whether this is the service your VPN provider is offering, and whether your router is compatible with their service.
Rupert EghardtProgrammerAuthor Commented:
I think it will be a nightmare to try and get our router to talk to their router, let alone having the same or compatible router as theirs.

I've in the meantime setup a VPN connection on the local server (linking to the public VPN service), shared this connection and is working.

This is probably the best I'd be able to do ...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.