VPN from internal LAN to WAN on RV042?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by edraven, Sep 16, 2005.

  1. edraven

    edraven Network Guru Member

    I'd like to know if it's possible to do this, I asked linksys tech support, and the clueless guy said no, but he may still be right...

    I want to create a vpn tunnel to encrypt traffic going over an open wireless ap, as so:

    laptop --- ap --- rv042 --- internet

    So i'd like to create a VPN from the laptop to the rv042 so the internet traffic going to and from the laptop cannot be sniffed. (no i don't want to use wep on the ap)

  2. russwmc

    russwmc Network Guru Member

    I don't think you can do it either. If you had another RV042 you could do this:

    laptop --- ap --- (Internet)rv042 --- secure subnet --- rv042 --- Internet

    I know this is NOT what you want to do but it does show the basic problem, no QuickVPN on the trusted side, in fact no VPN.

    An alternative is to put your ap and rv042 behind a cheap router on a NAT subnet. The cheap router would be connected to the Internet. Use QuickVPN on the laptop to connect to the rv042. Here is a bad picture since the posting software won't let me use spaces. I do not recommend this solution.

    laptop --- ap --- cheap router --- rv042 --- secure subnet
    Internet ------------/

    I recommend using WPA-PSK on the AP to laptop wireless link. It's better than WEP. Just change the PSK every once in a while for more security.

    good luck,

  3. edraven

    edraven Network Guru Member

    what purpose would placing a cheap router inbetween the ap and the rv042 have?

    I don't want to run WPA or anything else on the AP, it's an open public network on purpose. ;)
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    If I'm reading this right, you won't be able to pull this off because quickvpn doesn't support piping internet traffic through its vpn connection.

    There's nothing else you really need to do if you're going to be using vpn over a public internet connection to connect to a remote system, however. By it's virtue, quickvpn uses 3DES and MD5, so, you're traffic is already encrypted with a "strong enough" encryption and algorithm (SHA1 or AES would be better algorithm choices in my opinion). Still, anyone sniffing isn't going to be able to interprete much traffic (or any at all) going through the tunnel, unless they've been home studying boolean math, or some other outer space "George Jetson" shit... :)

    From looking at what you want to do, there's really nothing else you can do other than using WPA-PSK (as Russ stated) to give you "end-to-end" encryption.

  5. edraven

    edraven Network Guru Member

    What if I use a vpn client other than quickvpn?
  6. DocLarge

    DocLarge Super Moderator Staff Member Member

    Yes, that's an option. There's always SSH Sentinel (Tazuk's favorite) or my personal favorite, greenbow vpn client. If you do a search, you'll find means to download the two. Currently, there's an older version of SSH Sentinel that's still available in some places that does not support Netbios, otherwise, it's a good vpn client (I'm told). Greenbow (if downloaded) allows you 30 days to use until it's time to "pay to play."

    Another option "if you're company is using 2000 server is to configure a vpn server. The setup is actually not that bad and you can do it with a single NIC, as long as port 1723 is forwarded to that particular node from the router. I'm in the process of trying to draw out some instructions to post on DSL reports to show how to configure a microsoft vpn server for those who don't have access to a hardware solution vpn.

    You can look at that as another option :D

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice