Solved

VPN connection through Netgear router

Posted on 2014-04-09
6
1,637 Views
Last Modified: 2014-04-26
Hi Guys,

I have a small private network with Netgear router to the internet.
I've subscribed to Cactus, (a public VPN service)

Up until now I've used my PC to establish a VPN connection through Windows to Cactus, by means of IP, username & password.

I'd like to setup a permanent VPN connection on the Netgear router and let the PC access the VPN tunnel through the router.

I am not sure if this is at all possible?

The Netgear router is asking for a pre-shared key, remote network settings, etc.

Cactus supplied:

VPN servers (PPTP & L2TP/IPsec)  IP's
Proxy settings (type = https)
Ports:  3129, 8080,81

What type of connection should I use in the Netgear config to accomplish this?
0
Comment
Question by:Rupert Eghardt
  • 2
  • 2
  • 2
6 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 39990033
If it's asking for a pre-shared key, then it sounds like it's trying to use the IPSec protocol.  That's not compatible with PPTP.

I suggest you contact Cactus technical support and ask them if they can recommend any particular brand of router.  Failing that, ask them what capabilities your router needs in order to set up a permanent link.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 39990131
There are in general two constellations. Client to endpoint and endpoint to endpoint.
In a client to endpoint szenarion, you setip some VPN settings on a router, and you have to provide these settings on the client (via client software or Windows VPN.
In an endpoint to endpoitn szenario, the two endpoints talkin to each other and the client does not be aware about the vpn tunnel.

Nevertheless two windows servers can be involved in such a tunnel, it is more usual to use two devices in fron tof the windows network, i.e two routes. In this case, both router need the capability to allow endpoint to endpoint (or LAN to LAN) vpn tunnels. The basic setup is that each router can connect to each other router by vpn in any direction. This need a cross over setup, so router1 has a VPN endpoint, what is accessed by router2, and router2 has an endpoint what is accessed by router2. Most routers have such capabilities, at least the not most cheapest one.

If there is such a LAN to LAN possibilit,y the next step is, how the two router can secure the connection. Preshared key is the one (a key to validate and possibly encrpyt the traffic), what is something like a password, setiup on each router to connect to the other side. More secure but also more specific is to use certificates, which than have to be exchange between the two router, hat the one side knows the certificate of the other-

In practise, both endpoints (routers) should be the same to make sure, all capabilities are supported. Then you setup a LAN to LAN connection on both routes, so that tehy can connect in both directions. Than you decide, on which level (PPP, IPSEC, LT2P) they secure the connection and what is needed for this setting (i.e. preshared key or certificate).
0
 

Author Comment

by:Rupert Eghardt
ID: 39991383
Thanks Bembi,

So as far as I understand,

The router VPN option is for a router-to-router VPN tunnel, (endpoint to endpoint)
Or for a client to connect to the router from externally. (client to endpoint)

There is normally no option that I can setup / connect to a public VPN service using a router?  Thus having that public VPN service permanently available on my internal network?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 28

Assisted Solution

by:asavener
asavener earned 250 total points
ID: 39991423
There is normally no option that I can setup / connect to a public VPN service using a router?  Thus having that public VPN service permanently available on my internal network?
That would  be a router-to-router connection.  I used to do that for my corporate connection when I worked from home.  Any traffic to the corporate network went through my router and then over the VPN.

The question is whether this is the service your VPN provider is offering, and whether your router is compatible with their service.
0
 

Author Comment

by:Rupert Eghardt
ID: 39991435
I think it will be a nightmare to try and get our router to talk to their router, let alone having the same or compatible router as theirs.

I've in the meantime setup a VPN connection on the local server (linking to the public VPN service), shared this connection and is working.

This is probably the best I'd be able to do ...
0
 
LVL 35

Accepted Solution

by:
Bembi earned 250 total points
ID: 39992501
Right. As you can not really see, how a provider VPN is configured - there are a lot of options - you may run into some weird trouble. But even you can have luck.

Just to explain: a endpoint to endpoint vpn tunnel connect two endpoints together. The connection is bidirectional, so each endpoint can connect to each other endpoint, dependedn on which side the request is initiated. Typical is a router to router VPN.

A client to endpoint connection is allways initiated from the client, means unidirectional. The client requests the connection (i.e. windows build in VPN) and the endpoint connects the client.

Provider VPN connection can have different constructions. But mostly they offer a vpn endpoint to the local network, what is connecte by their routers to the internet. In this case the provider router is the endpoint or a device before the provider router. Usually a client to endpoint connection, nevertheless, if you know the correct configuration, you can build a endpoint to endpoint (connection).

Due to security reasons, it is a best practise to keep the endpoint near the local network. As you can not control the provider router, you have to trust the provider. If the endpoint is in your own network, the provider is out of scope.

The other best practise is to take two identical routers. There some interesting implementations and sometimes the preconfiguration of the routers is such different (between differenent manufacturers, that it is sometimes difficult to get them connected together. Two identical routers have the same preconfigurations and even the configurations dialog is equal, so that you do not need to fight with the understanding of differne tsoftware settings. Also some routers does not really like each other.

Most of the standard routers in the 100-200 USD class has implemented LAN to LAN VPN, so not the bigest investment. Of course you get also 2000 USD routers if you like.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now