Menu
What's new
By:
Filters Better Search

Need advice on VPN routers

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

pschmehl said:
I found an open source vpn server that runs on Windows and does IPSec and L2TP. https://www.softether.org/

That should work fine for my needs. If I add more cameras in the future, I'll consider buying a purpose built device.
Click to expand...

I never tested it personally, but what I've read about Softether sounded positive.
 
Interesting - some very bad advice though on their WWW site...

"You can setup your own VPN server behind the firewall or NAT in your company, and you can reach to that VPN server in the corporate private network from your home or mobile place, without any modification of firewall settings. Any deep-packet inspection firewalls cannot detect SoftEther VPN's transport packets as a VPN tunnel, because SoftEther VPN uses Ethernet over HTTPS for camouflage."
If you believe that, then you do deserve to lose your job... unauthorized and/or undocumented encrypted pipes these days are totally observed considering all the high profile data exfiltrations... and Deep Packet Inspection is the norm these days, not the exception on Corporate Firewalls...
 
sfx2000 said:
Interesting - some very bad advice though on their WWW site...

"You can setup your own VPN server behind the firewall or NAT in your company, and you can reach to that VPN server in the corporate private network from your home or mobile place, without any modification of firewall settings. Any deep-packet inspection firewalls cannot detect SoftEther VPN's transport packets as a VPN tunnel, because SoftEther VPN uses Ethernet over HTTPS for camouflage."
If you believe that, then you do deserve to lose your job... unauthorized and/or undocumented encrypted pipes these days are totally observed considering all the high profile data exfiltrations... and Deep Packet Inspection is the norm these days, not the exception on Corporate Firewalls...
Click to expand...
I read that and thought, really? Of course it wouldn't apply to what I'm doing, but I'd be interested to read the technical details that proves that their claims are true.
 
pschmehl said:
I read that and thought, really? Of course it wouldn't apply to what I'm doing, but I'd be interested to read the technical details that proves that their claims are true.
Click to expand...

that is not a tech issue - it's a business policy issue - and this is what get's folks in trouble, lol...
 
sfx2000 said:
that is not a tech issue - it's a business policy issue - and this is what get's folks in trouble, lol...
Click to expand...
Well, of course, but I'd like to know how they can get around NAT and a firewall without the security guys knowing about it. I doubt you could have done that where I worked and gone undetected.
 
pschmehl said:
Well, of course, but I'd like to know how they can get around NAT and a firewall without the security guys knowing about it. I doubt you could have done that where I worked and gone undetected.
Click to expand...

Behind a firewall - they still need a network admin to open a port, perhaps - if I read their docs correctly... and then it's also a discussion about the need there...
 
You should just check places that clear out and close out stuff. Sometimes you'll find $500 pieces of equipment for <$100. I'm actually using a thin client laptop I picked up for <$100. In fact, if I sold the Wyse thin clients we picked up for <$100, we'd easily double and triple our money since even refurbed they're in the hundreds.

It always amazes me the type of electronics you can find for cheap if you dig enough...
 
Samir said:
This one's not that much more and can do 800Mbps according to Cisco:
https://www.cdw.com/shop/products/Cisco-RV130-VPN-Router-4-Ports/3515740.aspx?pfm=srh#PO
Click to expand...
800Mbps.... of what though? NAT? Perhaps. VPN? I don't think so. Turn a few CPU-based services on (VPN included) and most of these Cavium-based architectures get brought to their knees after a few tens of Mb/s (at the most). That said, those metrics may actually suffice in a majority of use-cases, but for any time where 100+ Mb/s of crypto is desirable, you're going to need beefier compute power, for sure. :)
 
Trip said:
800Mbps.... of what though? NAT? Perhaps. VPN? I don't think so. Turn a few CPU-based services on (VPN included) and most of these Cavium-based architectures get brought to their knees after a few tens of Mb/s (at the most). That said, those metrics may actually suffice in a majority of use-cases, but for any time where 100+ Mb/s of crypto is desirable, you're going to need beefier compute power, for sure. :)
Click to expand...
But OP's connection is 200Mbps, so it should be fine even if it does only 1/4 of that. Besides for remote access, the ISP's upload bandwidth is going to be the limiting factor. Even my v1 rv016 does 20Mbps Ipsec tunnels, which is still higher than most of today's upload bandwidth on residential accounts. No need to have a cannon when a shotgun will do...
 
Good point. As sad as it is, looking across most of the U.S., we're still in the 5-20Mb/s range for upload on most residential and run-of-the-mill business-class ISP offerings. :confused:
 
Trip said:
Good point. As sad as it is, looking across most of the U.S., we're still in the 5-20Mb/s range for upload on most residential and run-of-the-mill business-class ISP offerings. :confused:
Click to expand...
Yep, and that's sad too. I remember when I had 25/5 and that was a good dl/ul ratio. But now with 100/7 as the fastest we can get in this area, that's pitiful. In 10 years it's moved from 5 to 7 while file sizes of everything has gone up by almost 10x.
 
I have 236.48 down and 24.04 up on my ethernet connection and 106.04 down and 23.89 up on my 5 GHz wireless connection. So upload speeds are about 10% of upload speed at the router and 25% on the wireless network.
 
pschmehl said:
I have 236.48 down and 24.04 up on my ethernet connection and 106.04 down and 23.89 up on my 5 GHz wireless connection. So upload speeds are about 10% of upload speed at the router and 25% on the wireless network.
Click to expand...
I so envy you!
 
My 2 cents, If you have an old PC laying around, add a 2nd NIC and load PFsense one it. Its a FreeBSD based router software for x86 which is very powerful and configurable. has openvpn and IPsec and will basically cost you nothing.
 
VisionxOrb said:
My 2 cents, If you have an old PC laying around, add a 2nd NIC and load PFsense one it. Its a FreeBSD based router software for x86 which is very powerful and configurable. has openvpn and IPsec and will basically cost you nothing.
Click to expand...
There's even a live cd version of 2.26 (2.3+ dropped live cd support), so you can even try it out on any computer that boots from a cd.
 
You must log in or register to reply here.

Similar threads

A
New camera wiring problem - hope someone can help!
Replies
7
Views
557
coxhaus
C
B
Single guest network where devices can interact
Replies
6
Views
400
bennor
B
D
Netgear GS305EPP Port 4 Untrusted?
Replies
5
Views
262
ds5686920
D
K
Need recommendation \ advice for VPN for TS-673
Replies
0
Views
242
kmaulsby18
K
koonthul
Home Network Plan - Where and What
2
Replies
20
Views
1K
degrub
D
Similar threads
Thread starter Title Forum Replies Date
J PLC: I need a RELIABLE 3-ethernet port unit with the British plug configuration. Switches, NICs and cabling 4
M In need of good video(s) for Cat 6a cable stripping and punch down practices Switches, NICs and cabling 8
Johno What sort of network tester do I need? Switches, NICs and cabling 6
P Need help after power surge Switches, NICs and cabling 12

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 998 (members: 33, guests: 965)
Top