Netgear FVS318N

[PacketRider]

In a recent review for this SMB wireless router, it is mentioned that IPSec and SSL VPN work fine. Do any of you have first hand knowledge that the VPN tunnel can still be established with a WAN connection that has dynamic IP with DDNS? Or does the router require static public WAN IP for the VPN to work? I would like to use this router for my business that has a ATT DSL Internet connection but it is dynamic IP.

 

[stevech]

I and many others use VPN where the WAN address changes,. But of course, the VPN fails if the WAN address changes for whatever reason while the VPN (TCP) connection is active- and you must reestablish the VPN connections. I think some VPN appliances will automate this.

 

[PacketRider]

I and many others use VPN where the WAN address changes,. But of course, the VPN fails if the WAN address changes for whatever reason while the VPN (TCP) connection is active- and you must reestablish the VPN connections. I think some VPN appliances will automate this.

Does this apply to the Netgear FVS318N specifically? How about setting up a site-to-site connection? The same applies to the dynamic WAN IP?

 

[stevech]

No, my comment is generic.

Site-to-site unattended? You need to make sure the products will auto-reconnect if the dynamic IP changes. But the IP won't change unless your gear disconnects/powers down or the IP forces a disconnect. In either case, the reconnection would occur irrespective of the IP address change, assuming the far-end has no security-based policy restrictions on which IP addresses it accepts VPN connection attempts from.

On Netgear: Beware- VPN setup can be complex and my own experience with Netgear's tech support for Pro models is that they could not be worse.

 

[PacketRider]

No, my comment is generic.

Site-to-site unattended? You need to make sure the products will auto-reconnect if the dynamic IP changes. But the IP won't change unless your gear disconnects/powers down or the IP forces a disconnect. In either case, the reconnection would occur irrespective of the IP address change, assuming the far-end has no security-based policy restrictions on which IP addresses it accepts VPN connection attempts from.

On Netgear: Beware- VPN setup can be complex and my own experience with Netgear's tech support for Pro models is that they could not be worse.

What role does DDNS like dyndns.com play in this? Do you know of any VPN gear personally that does the reconnect consistently based on the WAN IP change detection and then auto-correction to the DDNS host?

The Netgear FVS318N has a lot of good reviews, but nowhere I can find where people with first hand experience in using this device in terms of dynamic WAN IP and DDNS. The Netgear FVS318N is rather expensive. If I want to do a site-to-site connection unattended, that's $180x2=$360 for a pair of the FVS318N. I am trying to avoid buyer remorse here given that the only reason I want to do is a site-to-site IPSec unattended and perpetual connection.

 

[stevech]

What role does DDNS like dyndns.com play in this? Do you know of any VPN gear personally that does the reconnect consistently based on the WAN IP change detection and then auto-correction to the DDNS host?

Not first-hand. But as with any use of Dynamic DNS, so long as the router has a DDNS client that works, seems like it would be fine. I will say that when the IP address does (infrequently) change, it may take time (tens of minutes to a few hours), for the change to propagate around the DNS systems. Fast reaction comes from choosing a DNS server that works well. I use 4.2.2.2 and 8.8.8.8 rather than my ISP's poorly managed DNS.

 

[scruffidog]

I have this box since Feb and I have to say it has not been the greatest of experiences. I was originally attracted to the featureset as it was the only box in its price point that incorporated the high number of LAN ports.

Unfortunately it appears that this platform needs significantly more bake time as it is very glitchy and prone to crashing. I have gone through 3 RMAs plus 1 initial replacement at the brick&mortar due to inexplicable crashes that support attributes to hardware issues. Not sure if it is the newness of the Cavium CPU, the software, the general manufacturing quality or a combination thereof, but I am ready to chuck it out the window. The current box is now hard locking at least 3 times a day now, requiring a hard reset. This is not so bad if the recovery time is reasonable, but 15-20min before LAN-WAN traffic can pass is rediculous.

What is most disappointing personally is that this is part of their Prosafe line, which is more geared for the non-residential segment and which I had great success with in the past in terms of quality. Of course not helping matters is the fact that there appears to be a problem now with the Netgear support portal (support.netgear.com/kb.netgear.com) throwing up SQL erros whenever I try to pull up my open tickets to update for the past 2+ days. this is not inspiring any confidence in the company.

To be fair, when it works, it does what it is supposed to, although in a somewhat clunky way. At that price point, the slow interface and non-optimized layout is something I can live with. More problematic is the lack of what I perceive to be certain commonsense features and gaping non-configureable or misleading security settings. Again, for the price point and the use in smaller environment is one of those things that you hold your nose and deal with.

Features don't matter if the platform is not stable enough for the features to actually be used. I would be willing to forgo all of the VPN stuff (what good is a secure pipe if it keeps collapsing due to endpoint failure ?) if the hardware can stay up and just perform the dumb wire transport stuff. All of my services is already secured point to point anyway so that aspect is not as important to me. Understand that the last statement is only applicable to me and other people's mileage may vary.