 |
 |
Hardware or software VPN?
|
|
|
|
|
Forum Regular
Join Date: Jun 2002
Location: New York
Status:
Offline
|
|
Hello,
I have two computers sitting behind a little consumer-grade wireless router/firewall. One of them is a MacBook Pro running Leopard and Windows XP Pro via Parallels. The other is a desktop running Windows XP Pro; it acts primarily as a fileserver. I want to be able to take the MBP off of this LAN and to still be able to connect to the shares on the desktop via Parallels...all because QuickBooks Premier is Windows-only. I don't think it's prudent to simply forward the necessary ports on the router.
Because of a poor experience with Hamachi--albeit several years ago when it was much less mature and when my internet connection was much slower--I'm leaning towards a hardware VPN solution. While the Linksys BEFVP41 seems to do what I need, I'm also wondering about the Cisco RV042 and the Syswan SW24-VPN, which in the scheme of things aren't prohibitively more expensive.
If I had another machine at my disposal, I'd probably be more inclined to go with something like OpenVPN. As I understand it though, the OpenVPN server must sit in a router's DMZ (or you need a router with VPN passthrough, which my current one doesn't do...I would replace it if need be), all of which makes me nervous about having the same machine act as both the OpenVPN server and the file server.
What would you do? I'm willing to spend $300 or so on hardware (or software) if it means that I'm getting a solution that will be easier to set up, easier to maintain, more reliable, or even easier to use.
Thank you.
|
|
|
| |
|
|
|
|
|
|
|
Moderator  Join Date: Jan 2001
Location: Polwaristan
Status:
Online
|
|
If you're just trying to remove it from the desktop's LAN, I'd just buy another router to create an additional subnet, then set up static routes on the routers.
Or you could also try putting it on a different subnet by inputting it into the MBP.
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Jun 2002
Location: New York
Status:
Offline
|
|
Ah, I expressed my intentions poorly. I would like to be able to connect to the LAN remotely while travelling, etc.
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Nov 2003
Location: Salzburg, Austria
Status:
Offline
|
|
Buy a Linksys WRT54GL for $50, put dd-wrt on it, replace your router with it and use it as OpenVPN endpoint.
(i typed 4 postings with all the links and more information but the forum ate all of them — and I never bothered to copy before submitting  )
|
|
"The road to success is dotted with the most tempting parking spaces."
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Jun 2002
Location: New York
Status:
Offline
|
|
moep, I got a WRT54GL for $45 and put TomatoVPN on it. Thanks for the suggestion!
The main problem that I have with dd-wrt is that it gives me too many options. When I have too many options, I get carried away and will spend way too much time putting together some elaborate configuration for my own amusement, but that I don't really need. I think that Tomato provides the same robustness as dd-wrt, but has a narrower--but by no means limited--range of configurability that handles typical routing needs without much tinkering.
Some notes on setting up TomatoVPN: - Download it from TomatoVPN.
- If you want to use TLS authentication, you'll want to download the OpenVPN source files: the easy-rsa folder contains helper scripts for generating the various keys and certificates necessary for securing the VPN. More on that here:
HOWTO
RSA Key Management
- Paste the full contents of the following files into the following fields in the VPN Tunneling Keys tab:
ca.crt - Certificate Authority
server.crt - Server Certificate
server.key - Server Key
dh{n}.pem (mine was called dh1024.pem) - Diffie Hellman parameters
- Since I signed my own certificates, I had to add "remote-cert-tls server" to my client configuration. See HOWTO for the entire scoop.
...and that was pretty much it.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
OpenVPN does need a port open, but it's a UDP port. It's authentication is via public/private keys. I think it would work out for you.
However, I'd check with Intuit on this. I've setup a QB Enterprise server running both over the WAN via VPN and via a Windows server doing Terminal Services/RemoteApp. The latter is what Intuit recommends because QB gobbles a considerable amount of bandwidth, and all of the processing of stuff is handled by the local client which needs to download all sorts of stuff. This ended up being true, the server was very very slow being accessed remotely. If the requirements of your QB product are similar, I'd hate for you to go through all of this trouble only to find out that the end product is too slow for you to use.
The setup I ended up going with was:
Connect to Linux OpenVPN server -> establish RDP/RemoteApp connection to Terminal Server over private network, firewall is setup to only accept connections from the private VPN network. Much less bandwidth is needed to simply send you the Windows GUI info than is needed to send you the Windows GUI info plus send your local client all of the info it needs to process stuff. If you are talking about a home network connection where upload bandwidth is usually quite throttled, this is a considerable bottleneck.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
