How to setup a VPN in SOHO & What Router?

[UKEZ]

Hello All...

I wonder if any of you folks can suggest the best way to set up a VPN tunnel to my network from a couple of mobile devices.

1x Windows 7 Laptop
1x Mac Laptop

My existing router which is pretty unreliable Netgear DNG1000 and doesn't have gigabit connectivity; also doesn't support VPN, so I'm going to need to change that to one that does.

I've been looking around and seeing VPN routers ranging from very cheap to super expensive; anyway I get how VPN's work and I've been using them as a user for years but I've just never actually had to set one up.

If I buy a random VPN router is it just a matter of configuring it and then using the on board Windows 7 / Mac VPN connection wizard to set up the mobile user end?

As I have some fairly confidential documents that will be transferring back and forth between my mobile users and my SOHO network, like everyone else I have some concerns with how the encryption works.

Ref the encryption, am i required to buy some form of secure encryption certificate (like SSL) or do VPN's enable you to just invent your own similar to the way we do on wireless routers etc? I don't really want to pay for encryption If I can help it!

I need some suggestions on which ADSL2+ VPN routers I should buy; my only requirement is that they support gigabit connectivity, have dyndns, Wireless N and can also stream IPTV/ HD content too.

Oh, and be reliable...

Someone suggested that I look at this one yesterday (Billion 7402NX BiPAC)

Its £156.08 / $254.28 (Is that too much)?? Its allot more than I would normally spend on a router lol.


I would really appreciate it if someone could help me as currently im running around forum after forum asking the same questions and not getting anywhere, I've been wanting to buy one since last week but I didnt want to risk buying the wrong thing.

Help!!

 

[YeOldeStonecat]

SOHO/smaller biz grade routers that support being a VPN server vary in what they support. Some support standard IPSec...some only support their own special IPSec VPN client, some support the old standard PPTP (the basic client built into Windows since Windows 95 with DUN1.2 or 1.3, others support a web browser based SSL VPN.....and some support various mixtures of the above at the same time. More confused now? heh!

You'll find as you get into biz grade...you are often stuck with 100 meg LAN sides....as usually the router will uplink to a main switch for a business network...and nobody is concerned with if it has a built in 4 port gigabit switch. I wouldn't let that be a show stopper for you if you need gigabit for your LAN, just get a gigabit switch to uplink to.

For web based ones, you don't need an SSL cert, the self signed ones will work...the client just sees the browser cert warning and has to click "continue anyways"....or when setting up a smart phone, there's usually a toggle switch to ignore the cert warning when setting it up the first time.

However, rather than trying to go down a rather clunky road that can make things cumbersome for your road warriors...why not re-examine the approach in how you securely transmit files from them to you and visa versa. Are they just smart phone users? Or laptop users? Perhaps using a secure e-mail setup would be a much easier and smoother approach.

 

[UKEZ]

Thanks YeOldeStonecat

Hiya YeOldeStonecat.. (thanks for your response)

Ref the road warriors, its just two key users for the moment that will be logging in; one that uses a MAC laptop and the other using a Windows 7 premium machine. Occasionally we might have someone logging on from a IPAD too.

The existing netgear router is really terrible over wifi so that has to be changed regardless if we go the vpn route.



I've looked at setting up webdav as a solution, but I was told that webdav isn't particularly secure when transferring content over the net. How true that is, I'm not sure; perhaps you one of the other guys could shed some light on that?

For simplicity side of things for my users do you not think the VPN would be the way forward, especially where securing confidential documents are concerned and for cross platform compatibility with Windows 7, mac and possibly IPAD?

I'm so confused which Is more secure and reliable, VPN or webdav? I know the connection etc plays a biggest part, but in general what do you personally think?

If webdav is going to be enough for my users to operate their work as if they were in the office, then cool providing its reasonably secure.


Im still confused LOL.. Im determined to get my head around this though!

I liked that webdav locked down your files while they were being used by the webdav sharer to prevent anyone from editing the same file thats in use, i dont suppose you would get that with VPN sharers.


Any chance you can have a look at that link in my first post and give me your opinion on that router, has it been reviewed on this site?

Also can you tell me any tried and tested cheap VPN routers that will work okay and be usable via windows 7 and mac if third party software is required.

If third party software is required do you know any free ones that can be configure on windows 7 and mac too..



I'm really sorry if what I've written is jumbled im a bit tired and probably not making much sense; only had 1hr sleep in the last 48hrs, im shattered..zzzZZ





Many thanks so far...

 

[YeOldeStonecat]

I've not played with WebDav...but I've setup and worked with Microsofts web based collaboration portal, "Sharepoint".

OK so you'll be working with more laptop users...and *cough* an iPad. And not smart phones. So that narrows things down.

What is the frequency of exchanging documents?

I've never worked with that "Billion" brand. For SOHO/SMB use, I've worked with Juniper, Sonicwall, many *nix router distros, and I very frequently work with the Linksys/Cisco RV0 series..like the RV082, RV016, and the RV042 models such as you've seen Tim recently review here. I do like those RV units ...for our standard entry level SMB grade router.

As for security, the old PPTP VPN is said to be old and insecure. However in the real world...for part time connections to a dynamic host..it's fine. It's really only for connections running 24x7 that someone may find and try to hack into. That said though, SSL VPN is really the way things are going, and you have no clunky "dialer" to work with..for end users to get confused with.

Are these large files? Since you appear to have smaller amounts of users at the main office, and a couple out in the field.....I would think that a "cloud based hosting" product would fit you well. Secure web based storage out in the cloud. Like from RackSpaceCloud.com, or even Google Apps, or hosted Sharepoint. We do a lot of stuff with RackSpace..they're one of the golden oldie originals of "hosted" servers..and very good.