Results 1 to 10 of 10

Thread: Need to VPN into a VPN server or endpoint - new Linksys or old sonicwall

  1. #1
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Question Need to VPN into a VPN server or endpoint - new Linksys or old sonicwall

    Hi. I've been reading quite a bit here and have found lots of information. I'm still not sure how to go about solving my problem from where I stand. I'm sure I'll get some good advice here from you guys. I understand networking fairly well since I have taken (and passed) all CCNA courses and half of the CCNP ones. Though, I have never setup VPN and especially with devices this small and cheap. Here is the rundown.

    This is what I need to do:
    The manager needs to be able to securely remote desktop to his computer at work from his personal computer at home. Both are running Windows XP Pro.

    This is my current situation:
    The customer already has a Sonicwall SOHO3 running as the router and firewall at his office. I understand that this device is capable of accepting at least one incoming VPN connection from client software, is this correct? Nobody there in the office knows the password so I will have to reset and reflash the router just to take a peek at the router's config options. I've never worked with sonicwall equipment and don't know it's capabilities are. He is willing to buy new equipment if needed but would obviously like to limit the cost to as little as possible.

    My options:
    This is where I'm stuck (and possibly with the configuration once I get that far). Is the SOHO3 capable of accepting a VPN connection? What client software can I get (free or as cheap as possible) to install on his home computer to be able to connect to the office network? Does sonicwall provide one? Anyone else set this up before that can give me a few pointers? Is it worth doing or just starting over with new equipment?

    Next option is to buy another device. I've been looking at some of the linksys VPN products ( such as the BEFSX41 ). I've read that sometimes Linksys QuickVPN (Quick VPN) client software is needed and sometimes it isn't; I guess that depends on the router purchased. Does QuickVPN only come in 50 user packs? If SOHO3 is not capable or not worth the effort or cost, which linksys router (also functioning as VPN concentrator/server/endpoint) should I get? Wireless capability is not necessary. Only one user will use the VPN capability. In addition to the device, do I need to purchase (or comes bundled with the device or get for free) VPN client software and which one?

    My last option (that I know of) is what I did for myself but is not user friendly for the manager who doesn't know computers much at all (funny how that always is). I installed OpenSSH on one of my windows XP computers and configured my router to forward my SSH port to the computer. I then use an SSH client (such as putty) to tunnel the remote desktop port through and it works just fine. The 3 downfalls to this for my customer is: 1) Not user friendly 2) I have to open and leave open a port on the firewall 3) I will have to reset the SOHO3 anyways or buy another simple router (not VPN capable) just to be able to forward the port since I cannot log into the SOHO3 to configure it to do such.

    Any help, advice, links to tutorials (how to's), or guidance is greatly appreciated. Thanks for your help in advance!

  2. #2
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,859
    Options...

    *Port forward to your bosses PC to open up the port for Remote Desktop Connection. By default it's port 3389. You can customize this port if you wish for a little more security by obscurity. However...remote desktop connections are secure..make a good Administrator password, and password for your bosses login. You can also set the host to stop accepting connections after 3x failed attempts. This will pretty much make a dictionary/brute force attack take literally centuries to break in.

    *Sonicwall SOHO3...yes it accepts VPN clients, Sonicwall has their own proprietary client, GlobalVPN...perhaps the current name is different by now. The CD that came with your router I'm sure has a very outdated version, I believe you need a current support contract with Sonicwall to be able to download their current version, which probably means your routers firmware would need to be current also. I'll let another member here, TWW, answer more accurately, he's our resident Sonicwall guru.

    *Other routers like Linksys...although I loved the befsx41 models...they were designed for "router to router" VPN tunnels, not client connections to them. Linksys does have quite a few models now in their business model section of the website, my favorite is their RV0 series....I've setup several dozen of them, love 'em. The RV0 series accepts both up to 5x PPTP VPN connections (native Windows VPN client), and their own QuickVPN client (up to 15 by default, can add to it in lumps of 50..licensing)..which is their IPSec client.

    If cost is of concern..can always build an open source router based on Linux, like IPCop, or Endian, and use SSL VPN.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  3. #3
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Need to VPN into a VPN server or endpoint -> cont.

    WOW, quick response! Thanks.

    Quote Originally Posted by YeOldeStonecat
    You can also set the host to stop accepting connections after 3x failed attempts.
    Where is this done? "IP Security Policy Management" snap-in?

    Quote Originally Posted by YeOldeStonecat
    I believe you need a current support contract with Sonicwall to be able to download their current version, which probably means your routers firmware would need to be current also. I'll let another member here, TWW, answer more accurately, he's our resident Sonicwall guru.
    Yeah, I tried using the serial number of the router to register it and get some updates but it's already been registered and nobody knows with what username, e-mail, or password. Bad managment I think. I'll wait for the guru's feedback before I make my final decision.

    Quote Originally Posted by YeOldeStonecat
    Linksys does have quite a few models now in their business model section of the website, my favorite is their RV0 series.... cut The RV0 series accepts both up to 5x PPTP VPN connections (native Windows VPN client), and their own QuickVPN client (up to 15 by default, cut)..which is their IPSec client.
    Like the RV042, correct? Does the purchase of the router include the QuickVPN software or free to download? Or is the licensing for this purchased separatley?

    Another question:
    Does USBVPN1 allow a user to VPN directly into the BEFSX41?

  4. #4
    SG Enthusiast twwabw's Avatar
    Join Date
    Nov 2000
    Location
    LeRoy, NY, USA
    Posts
    2,472
    Unfortunately, the old SOHOs did not provide any VPN capability by default- you had to option them at purchase for VPN, or buy it as an add-on later. YOSC is right about one license, but only on new units. TZW's; TZ-170's, etc. are all VPN enabled now by default, and include a single client access license for the VPN. You can buy additional licenses for about $50 ea. They are for concurrent access. And all units accept site-to-site VPN connections now by default- the difference being how many SA's per unit (10 user-2; 25 user-10, etc.).

    I can get you firmware, but you still need a registration key to activate the unit. If the unit was purchased new, for your company; SonicWall will let you re-register it if you call. But, if it is not VPN enabled- I don't think I'd bother. Too old; too slow; too expensive to VPN provision. I'd go buy a used TZW on E-Bay for about 75 bucks!
    Observe everything...focus on nothing..

  5. #5
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,859
    The purchase of the router includes the QuickVPN software. And just like their firmware...anytime there's a new version...it's free for download.

    "Out of the box".....by default, they will all accept 5x PPTP VPN connections.
    "Out of the box".....by default, the RV042 supports 10x QuickVPN clients, upgradeable to 50. The RV082 and RV016 by default support 15 QuickVPN clients....upgradeable to 100.

    So far my experience has just been with the 082 and 016 models...can't comment on the 042 yet. Over the next two weeks I'm deploying a trunkload of 042 models on a private rlan over DSL, will be single user offices in various courthouses and police stations. I'll be using them in true router mode in this setup though, not gateways.

    I've not used that USB router....as I understand it's the same chipset as the BEFSX41...just in a small portable package. Suppose it's good for road warriers...but for a full time worker from home, why not get a full blown router to do that job. As much as I loved the befsx41 over the years...it's been eclipsed by much more feature rich products for the small business....such as the RV0 series. The sx41 was really meant just for single router to router VPN tunnels..not for software clients to connect. Yeah you can find articles on the 'net about someone who managed to coax the native Windows IPSec client to connect, I think I saw someone do it with Greenbow once. But I try to stick with what's officially supported.

    *edit*
    Oops..forgot...locking down Remote Desktop Connections, lockout after 3x failed attempts, that's enforced via local security policy....under admin tools.



    Quote Originally Posted by gwolfman

    Like the RV042, correct? Does the purchase of the router include the QuickVPN software or free to download? Or is the licensing for this purchased separatley?

    Another question:
    Does USBVPN1 allow a user to VPN directly into the BEFSX41?
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  6. #6
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Drawing conclusions...

    First off it sounds like I should just bag the SOHO3 and start with new equipment...

    First option:
    Go do what twwaba said and go buy a TZW from e-bay which includes one license to Sonicwall's Global VPN client and configure that correctly.

    Second option:
    Go buy a more expensive Linksys RV042, RV016, or RV082 router which comes bundled with Linksys's QuickVPN client with a variety of licenses starting at atleast 5 and configuring that correctly.

    Last option:
    Go buy a plain ol' router of any sort and just forward port 3389 to the manager's work computer so he can connect directly to it using Remote Desktop. Configure it to deny connections after 3 wrong logon attempts. Any recommendations on a router that will flawlisly handle 6-10 users with good throughput?

    I think I might go with the last option since it's the most basic and I've done that type of setup a bunch of times. If the manager insists on VPN, then I'll go with option two.

    Any final thoughts?

  7. #7
    Junior Member
    Join Date
    Nov 2006
    Posts
    5
    *bump*

    Any final thoughts?

  8. #8
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,859
    Sorta up to your budget....all 3 will work. Other less expensive options of you're more adventurous....

    Pickup an older wrt54g router and reflash with 3rd party DD-WRT firmware..which supports VPN

    Take a slightly older PC and install a free linux distro based router like IPCop or Endian..or m0n0wall or Smoothwall...make yourself an awesomely powerful router with robust enterprise features.

    Built an SSL VPN box..something like SSL Explorer from Sourceforge...those are sweet. Secure VPN through a web browser.

    Also the easy way out.....sign up at GoToMyPC.com No VPN or firewall to deal with at all. Easiest setup of all.

    Many many options that will work..just gotta hunker down and make a decision.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  9. #9
    Junior Member
    Join Date
    Nov 2006
    Posts
    5
    Thanks again. Your input is extraordinary!

    I'll be sure to look to you for future problems when I run into them.

  10. #10
    Junior Member
    Join Date
    Jul 2007
    Location
    Indianapolis, IN
    Posts
    2
    First, Sonicwall is retiring all Generation 3 equipment. I just had to upgrade to continue to obtain support. The Sonicwall CD has the client setup on it, so if you have that you only need to put it on the remote computer. You will need to know the setting for the "Sonicwall Firewall IP Address" and the "VPN Client Key" as well as the "VPN Shared Key". Once you have the Client software loaded, you use your browser to access the internet and then you run the Sonic Client software. It will advise you that it will not allow you to surf the internet as long as it is running. If you have done everything right, you will receive a "Connected" message on the browser page.

    I hope this helps. You do not have to upgrade unless you need to maintain support from Sonicwall. The Generation 3 equipment still works fine.

Similar Threads

  1. Linksys RV082 VPN Setup
    By alchemist141 in forum Wireless Networks & Routers
    Replies: 2
    Last Post: 01-28-06, 07:21 AM
  2. VPN over Linksys over Thomson
    By blommaep in forum Wireless Networks & Routers
    Replies: 2
    Last Post: 06-29-05, 02:27 PM
  3. BF2 Read Me File
    By Illini25 in forum Gaming
    Replies: 10
    Last Post: 06-18-05, 07:58 PM
  4. BF2 demo readme file
    By Tpofa in forum Gaming
    Replies: 1
    Last Post: 06-10-05, 05:46 PM
  5. I see they still haven't fixed it yet
    By Sid in forum Distributed Computing
    Replies: 20
    Last Post: 03-20-05, 07:30 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •