I know people who are happily working with Netgear 834s doing this, and supplying them to other people on a professional basis. That's a 50 quid ADSL router (possibly a bit more for a wireless one). The three installations I have direct experience of (me + family) all just sit there working in the way one expects this kind of device to work.
IME that's simply overkill.
cheers, clive
On Thu, 18 Jan 2007 12:16:23 -0000 someone who may be "Clive George" wrote this:-
On Thu, 18 Jan 2007 10:22:57 +0000 someone who may be Andy Hall wrote this:-
Draytek routers sit in a corner, happily terminate VPNs and do all the other things one would expect, for months on end without rebooting.
Then you are very fortunate.
Does this product actually terminate VPNs on the box rather than just offering NAT traversal to a VPN server?
It depends on whether one wants something dependable.
Well, obviously I am, but I don't think my experience is against the odds. I think the 834s had some teething problems when they first came out a few years ago, but nowadays they work entirely well, with the software and hardware changes they've implemented.
Both - I did read what you had written.
IME the solution I'm using, and others, and the one which is being recommended by somebody I've worked with as a VPN end point based on his professional experience, is dependable. I don't reckon he'd be pushing them if they didn't work reliably - he doesn't want to be sitting there mending people's systems.
I have no reservations about recommending what I use to others in a similar situation to me. It's cost effective, works well, and doesn't take extraneous power/space - it's definitely a worthwhile solution. I'd go for it over a dedicated firewall PC (space, power, cost if you don't have the box lying around), or a S/H Cisco router (unless one was being chucked out from somewhere).
clive
Really?
To give them their due, at least the manufacturers have done a few revisions of firmware. What is all too common with these types of product is that there are a couple of versions, then either the product is discontinued or the hardware revised and there is no further update for the original.
Other than with their proprietary VPN client running on Windows? I don't see support for anything else...
You'd be surprised how some people make money.
It does depend on what your expectations of functionality, support and reliability are, that's true.
On Thu, 18 Jan 2007 18:53:48 -0000 someone who may be "Clive George" wrote this:-
Netgear DG834s terminating tunnels?
The last one I looked at certainly didn't have this option on the menus and the data sheet that can be downloaded from
It's a very popular box - they've sold a hell of a lot of them. On that basis, I'd expect a few glitches, like the ones you point out. And the old cost/benefit thing applies again - they're cheap enough that it would be worth a try, and hope you're not in the >> Does this product actually terminate VPNs on the box rather than just
Where are you looking? I can see the VPN setup section on my router configuration page. It's all there, and no windows stuff. I did have to upgrade my firmware to get it - but that's supplied on current models anyway. Their website also explains it all.
Maybe - but not in this instance. It's pretty obvious that he really doesn't want to be doing that. I'm afraid you'll have to trust me on this one.
Don't worry, mine are pretty high. The fact is, the box does just sit there and work, which is what I expect it to do.
clive
Ah - your're probably looking at the same as Andy.
Try
Like I said to Andy, I did need to get hold of a more recent version of the firmware, but that was a trivial task.
cheers, clive
Except that for very little more, one could have a Cisco 850 series with none of these issues and support continuity over the next N years.
The user guide, as far as I could see does not mention anything about the use of client software other than the Netgear proprietary one - no mention of how to connect a Mac for example.
That's fine. I didn't say that it was necessarily a *good* way to make money.
Pleased to hear that.
FSVO "very little more". Somewhere around 3 times the cost (or more...)? I know you're very into paying more for a perceived better product, but personally I'd rather spend the extra elsewhere.
You're not looking at the correct version of the user guide - there are more recent ones available, to support the more recent versions of the firmware.
I accept that they don't make it immediately obvious on their website - but the people behind the scenes are doing the right thing.
clive
On Thu, 18 Jan 2007 20:41:08 -0000 someone who may be "Clive George" wrote this:-
That's their page on the routers. Interesting that they are hiding this feature from people who would be interested. How new is it?
to be very good to beat Draytek.
No idea, sorry. The topic came up a month or so ago, I went and had a look and it was there. It appears to have been around for a while though - at least a couple of firmware revisions.
Yes, no idea why they're hiding it. I wonder if they're trying to flog their more expensive boxes - or maybe they don't see it as a significant market.
cheers, clive
A Cisco 851 can be had for about £170 - the Netgear product is around £56.
Actually I am into paying for value for money and better products and sometimes risk mitigation. The reality is that Cisco's products are better than those of Netgear in a large number of ways.
I don't see it as relevant that one costs three times the other. One has to consider the application. If one is going to use a VPN client to VPN server setup it is probably for the purposes of remote access. This might be for a fixed user, but more likely these days somebody working from a home office and traveling on business. In that scenario, a VPN would be used to access data in the office for example. If the hook up fails because the router cannot be relied upon for a very high percentage of the time, the cost can very quickly exceed the difference here of £120.
I would think that someone using an arrangement like this for anything related to a business use would want to take the steps to have good data availability and resilience. The lost opportunity cost, even for a very small business would justify an extra hundred quid or so.
There is always a return on investment argument. For example, I've implemented gradually over the years means of remote access to my systems which are diversified by method of access, geography, network technology and with multiple VPN types supported (currently 3 of each). I've certainly had failure of individual components, but never a loss of access to critical data. At the scale that I have implemented, the cost is not high because I've addressed only the most critical areas and those of highest risk. Most people probably would not go to the same amount of trouble and indeed would probably not have the technical ability to put it all together either.
I was looking at version 3 which appears to be the latest.
This is one of the areas where these vendors let themselves down. Their documentation consists generally of little more than a walk through all the web menus and a 2-3 line description of each parameter. They usually have little by way of explanation or application examples. It's shame, because the products themselves are generally more capable than is suggested.
It could be all of those, or just the poor documentation syndrome. However, even their SSL VPN concentrator is only about £230 so they are not protecting much of a price range.
I did find an application note where the DG834 is used as a VPN client router to connect to some of the larger products, so it seems that that is at least their positioning. It would make sense because the small router would probably struggle supporting more than a couple of tunnels.
That might be an appropriate level of solution for a job I was looking at today (its either that or expose a Win2k3 server for RAS to do the VPN termination - which I don't fancy as a long term solution). Does it support L2TP and PPTP termination as well as IPSEC, the datashhet seems to suggest terminatioon for IPSEC but just passthrough on the others?
Do you mean the Cisco product or the Netgear?
Either way, it would be a brave and unwise man who would expose himself with the networking facilities of a Win2kX platform.
The Cisco
Indeed! The "nicest" solution would involve termination of the VPN onto the LAN, and then the user can get remote access to a terminal services session from there.
AIUI, you're right. There is passthrough for L2TP and PPTP.
However, the IPSEC is hardware assisted, even on the small models, and is the intended choice.
I would go for this rather than the Windows Remote Access stuff.
I've also had good success with OpenVPN if you were looking for a solution based around a Linux or BSD platform. In that environment, one could run this plus Samba and perhaps a mail service like Postfix and have a better solution than Win2k3 server.
May still be doable... creating a VPN client connection on an XP Pro box defaults to the former, but I beleive[1] it can use L2TP with IPSEC (with the option of a preshared key) - just takes a little tweeking of the VPN connection after creating it.
[1] Never tried in it anger with this particular confiuration before - but the options are there.This particular setup requires remote access to server running Windows terminal services (i.e. running the thin client remote desktop client at the user end, and the app on the server itself). The users will have bog standard XP laptops for the most part.
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.