VPN connection through Netgear router

Posted on 2014-04-09
Medium Priority
Last Modified: 2014-04-26
Hi Guys,

I have a small private network with Netgear router to the internet.
I've subscribed to Cactus, (a public VPN service)

Up until now I've used my PC to establish a VPN connection through Windows to Cactus, by means of IP, username & password.

I'd like to setup a permanent VPN connection on the Netgear router and let the PC access the VPN tunnel through the router.

I am not sure if this is at all possible?

The Netgear router is asking for a pre-shared key, remote network settings, etc.

Cactus supplied:

VPN servers (PPTP & L2TP/IPsec)  IP's
Proxy settings (type = https)
Ports:  3129, 8080,81

What type of connection should I use in the Netgear config to accomplish this?
Question by:Rupert Eghardt
  • 2
  • 2
  • 2
LVL 28

Expert Comment

ID: 39990033
If it's asking for a pre-shared key, then it sounds like it's trying to use the IPSec protocol.  That's not compatible with PPTP.

I suggest you contact Cactus technical support and ask them if they can recommend any particular brand of router.  Failing that, ask them what capabilities your router needs in order to set up a permanent link.
LVL 35

Expert Comment

ID: 39990131
There are in general two constellations. Client to endpoint and endpoint to endpoint.
In a client to endpoint szenarion, you setip some VPN settings on a router, and you have to provide these settings on the client (via client software or Windows VPN.
In an endpoint to endpoitn szenario, the two endpoints talkin to each other and the client does not be aware about the vpn tunnel.

Nevertheless two windows servers can be involved in such a tunnel, it is more usual to use two devices in fron tof the windows network, i.e two routes. In this case, both router need the capability to allow endpoint to endpoint (or LAN to LAN) vpn tunnels. The basic setup is that each router can connect to each other router by vpn in any direction. This need a cross over setup, so router1 has a VPN endpoint, what is accessed by router2, and router2 has an endpoint what is accessed by router2. Most routers have such capabilities, at least the not most cheapest one.

If there is such a LAN to LAN possibilit,y the next step is, how the two router can secure the connection. Preshared key is the one (a key to validate and possibly encrpyt the traffic), what is something like a password, setiup on each router to connect to the other side. More secure but also more specific is to use certificates, which than have to be exchange between the two router, hat the one side knows the certificate of the other-

In practise, both endpoints (routers) should be the same to make sure, all capabilities are supported. Then you setup a LAN to LAN connection on both routes, so that tehy can connect in both directions. Than you decide, on which level (PPP, IPSEC, LT2P) they secure the connection and what is needed for this setting (i.e. preshared key or certificate).

Author Comment

by:Rupert Eghardt
ID: 39991383
Thanks Bembi,

So as far as I understand,

The router VPN option is for a router-to-router VPN tunnel, (endpoint to endpoint)
Or for a client to connect to the router from externally. (client to endpoint)

There is normally no option that I can setup / connect to a public VPN service using a router?  Thus having that public VPN service permanently available on my internal network?
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

LVL 28

Assisted Solution

asavener earned 750 total points
ID: 39991423
There is normally no option that I can setup / connect to a public VPN service using a router?  Thus having that public VPN service permanently available on my internal network?
That would  be a router-to-router connection.  I used to do that for my corporate connection when I worked from home.  Any traffic to the corporate network went through my router and then over the VPN.

The question is whether this is the service your VPN provider is offering, and whether your router is compatible with their service.

Author Comment

by:Rupert Eghardt
ID: 39991435
I think it will be a nightmare to try and get our router to talk to their router, let alone having the same or compatible router as theirs.

I've in the meantime setup a VPN connection on the local server (linking to the public VPN service), shared this connection and is working.

This is probably the best I'd be able to do ...
LVL 35

Accepted Solution

Bembi earned 750 total points
ID: 39992501
Right. As you can not really see, how a provider VPN is configured - there are a lot of options - you may run into some weird trouble. But even you can have luck.

Just to explain: a endpoint to endpoint vpn tunnel connect two endpoints together. The connection is bidirectional, so each endpoint can connect to each other endpoint, dependedn on which side the request is initiated. Typical is a router to router VPN.

A client to endpoint connection is allways initiated from the client, means unidirectional. The client requests the connection (i.e. windows build in VPN) and the endpoint connects the client.

Provider VPN connection can have different constructions. But mostly they offer a vpn endpoint to the local network, what is connecte by their routers to the internet. In this case the provider router is the endpoint or a device before the provider router. Usually a client to endpoint connection, nevertheless, if you know the correct configuration, you can build a endpoint to endpoint (connection).

Due to security reasons, it is a best practise to keep the endpoint near the local network. As you can not control the provider router, you have to trust the provider. If the endpoint is in your own network, the provider is out of scope.

The other best practise is to take two identical routers. There some interesting implementations and sometimes the preconfiguration of the routers is such different (between differenent manufacturers, that it is sometimes difficult to get them connected together. Two identical routers have the same preconfigurations and even the configurations dialog is equal, so that you do not need to fight with the understanding of differne tsoftware settings. Also some routers does not really like each other.

Most of the standard routers in the 100-200 USD class has implemented LAN to LAN VPN, so not the bigest investment. Of course you get also 2000 USD routers if you like.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question