What's new
By:
SNBForums

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

IPSec question

R

ryarber

Occasional Visitor
As a newbie here and at the risk of inflaming the ire of the flame merchants that abound on this board I ask a question...

As a business owner, I want a router that will allow me to access my cisco routers via an IPSec client that will maintain a tunnel between my private home network and my work network. As a parent, I want a full featured consumer router with micro control of my children's internet access.

As I understand IPSec clients, the principle reason that consumer grade routers haven't done IPSec client duties in the past is that they aren't capable of performing the encryption/deencryption duties necessary of a true IPSec client. With the capabilities of the new routers such as the RT-AC68U from ASUS, these consumer grade routers have dramatically increased their processing capabilities. Is it in the foreseeable future that these devices may take on the IPSec client role that the business class devices have done in the past?
 
If you load optware, and load strongSwan you should be able to run IPsec no problem on the Asus RT-AC68U with Merlin's firmware as I believe he has had this since 374.34...I will load it up today, and see if I can run IPSec back to my office but I am pretty sure it will work just fine.

A question I have is why not use OpenVPN -- I feel it is a great mix of reliability and performance.
https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn

Gives a nice overview. I am running openvpn with no issues with two of my AC68U's -- merlin's firmware really has a nice mix of performance and features...
 
Last edited:
I'm not knowledgeable about these issues and I was told IPSec is the way to go as far as maintaining a static tunnel. I'll get my network guy to look at OpenVPN to see if it is a viable alternative.

Thanks.
 
I include the necessary kernel level support for IPSec, but you will have to install and configure Strongswan to handle the userspace part.

I have never looked at IPSec under Linux, so I have no idea what type of configuration is involved.
 
It looks like OpenVPN will do everything IPSec will do. But my Cisco firewall doesn't do OpenVPN, does it?

I talked to my IT guy about it and he isn't sure how to make it work on the front end.
 
ryarber said:
It looks like OpenVPN will do everything IPSec will do. But my Cisco firewall doesn't do OpenVPN, does it?

I talked to my IT guy about it and he isn't sure how to make it work on the front end.
Click to expand...

If the goal is to connect back to your home network while at work, install the OpenVPN client on your work computer. The Asus router at home will act as your server.
 
ryarber said:
No. The goal is to connect to work from home. To a Cisco ASA appliance.
Click to expand...

Then you would have to either run an OpenVPN server at work, or have your client at work automatically connect to your server to have a permanent tunnel in place.

Cisco does not support SSL VPNs on their devices, only IPSec and their own cooked variant.
 
ryarber said:
As a business owner, I want a router that will allow me to access my cisco routers via an IPSec client that will maintain a tunnel between my private home network and my work network. As a parent, I want a full featured consumer router with micro control of my children's internet access.
Click to expand...
It sounds like you want to create a LAN to LAN connection between your home and work networks. If this is the case then I'd have to ask you why? Do you really need to have multiple hosts permanently connected to your work network with all of the security implications that has? If you're talking about 1 or 2 PC's why not just use the Cisco VPN client?
 
ColinTaylor said:
It sounds like you want to create a LAN to LAN connection between your home and work networks. If this is the case then I'd have to ask you why? Do you really need to have multiple hosts permanently connected to your work network with all of the security implications that has? If you're talking about 1 or 2 PC's why not just use the Cisco VPN client?
Click to expand...


Because I use Macs at home. Last time I checked, Cisco didn't have a Mac VPN client. After your suggestion, I looked and apparently they have one now. That'd probably be a better option for me. Thanks.

I had used a small biz router at home in the past and had a static tunnel in place for a couple years. But I wanted to manage my kids' access more as well as have a separate guest access, so I decided to go with the asus.

I guess I was just stuck in my old way of thinking and had forgotten about the simple approach. I appreciate you guys' help.
 
ryarber said:
Because I use Macs at home. Last time I checked, Cisco didn't have a Mac VPN client. After your suggestion, I looked and apparently they have one now. That'd probably be a better option for me. Thanks.
Click to expand...

Actually you don't need a client. You can use the built-in IPSEC support in recent Mac OSX releases. I configured a customer's Mac a few months ago so she could connect back to their Cisco VPN at work.
 
RMerlin said:
Actually you don't need a client. You can use the built-in IPSEC support in recent Mac OSX releases. I configured a customer's Mac a few months ago so she could connect back to their Cisco VPN at work.
Click to expand...
That reminds me, I was totally surprised to see that the Apple iPhone & iPad also have built in support for connecting to my work's Cisco VPN.
 
You must log in or register to reply here.

Similar threads

C
Does Asus' IPsec implementation allow LAN access?
Replies
7
Views
2K
aex.perez
aex.perez
C
Tutorial Change Strongswan ciphersuite and enable MOBIKE to get rid of terrible VPN speeds
Replies
1
Views
228
CB7
C
lluke
IPSec VPN Server and Internet routing
Replies
5
Views
1K
drinkingbird
drinkingbird
escape75
RT-AX68U Merlin vs. 3.0.0.4.388_24646
Replies
0
Views
1K
escape75
escape75
Tom Jo-Jo Junior Shabadoo
VPN as server - ipv4 over ipv6
Replies
1
Views
992
Tom Jo-Jo Junior Shabadoo
Tom Jo-Jo Junior Shabadoo
Similar threads
Thread starter Title Forum Replies Date
I Merlin WRT IPSec VPN Server - IKEv2 only Asuswrt-Merlin 1
K IPSec VPN connects but no internet Asuswrt-Merlin 1
XIII AdGuard VPN (IPSec/IKEv2) not possible as VPN client on Asuswrt-Merlin? Asuswrt-Merlin 1
O Establishment of an IPsec client on an ASUS router to a fritz box Asuswrt-Merlin 2
L IPSec VPN Server with VNC connection causes ASUS RT-AC3100 to Reboot Asuswrt-Merlin 0
W3Wilkes RT-AX86U IoT (guest network) Intranet Question Asuswrt-Merlin 7
CaptnDanLKW Not Another One! But yes, AX or BE Question Asuswrt-Merlin 5
adri Firewall, Port Forwarding, and DoS Question Asuswrt-Merlin 8
P Basic question on usericon files Asuswrt-Merlin 0
E Question about DDNS forced update interval RT-AX86U Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 443 (members: 17, guests: 426)
Back
Top