Travel Technology - Recommendations sought for VPN Router for home network

I have a small combo wired/wireless (only 802.11b) home network using and an old Linksys four port wireless BEFW11S4 router that supports only 802.11b. Two printers are wirelessly connected to it via two Linksys bridges (bridges are WET11B), two desktops (Windows XP Professional) and a network printer are connected to the router via three of the four Ethernet ports and two laptops and another desktop use the 802.11b wireless capability of the router. None of the laptops or desktops can support any VPN endpoints and so I'm not interested in just VPN pass thru routers.

I travel quite a bit and have need to frequently access most if not all the devices while on the road like I do while at home. So I'm looking for recommendations for a small VPN router (VPN endpoint) with at least four Ethernet ports for my home network to give me the same flexibility I have at home while VPN-ing into my network when I travel. The VPN router need not have wireless 802.11b/g capability as I can connect a new 802.11 b/g wireless accesspoint to it to provided me faster wifi access at home than my existing 802.11b network.

I'm looking for recommendations on a small and inexpensive four port VPN router that has good security for use with my home network.

I do have a static IP address and so connecting to my network while traveling will not be a problem.

Get yourself a nice cheap WRT54G Linksys and install openWRT or Sveasoft on it. Gives a pretty decent VPN featureset. Can't go wrong for $50...

Get yourself a nice cheap WRT54G Linksys and install openWRT or Sveasoft on it. Gives a pretty decent VPN featureset. Can't go wrong for $50...

The WRT54G has only VPN pass thru and no VPN endpoint otherwise it'd have been a good inexpensive choice. I don't have a VPN server in my home network and so the router needs to be a VPN endpoint.

Will the software you suggest provide this VPN endpoint functionality?

The WRT54G has only VPN pass thru and no VPN endpoint otherwise it'd have been a good inexpensive choice. I don't have a VPN server in my home network and so the router needs to be a VPN endpoint.

Will the software you suggest provide this VPN endpoint functionality?
I think Scott is referring to the Linksys's ability to pwned (http://www.lifehacker.com/software/router/hack-attack-turn-your-60-router-into-a-600-router-178132.php) like one of those roaches that the predator makes into its zombie (somebody help me out here).

My recommendation would be the Netgear ProSafe 802.11g Wireless VPN Firewall 8, Model FVG318.

http://www.netgear.com/products/details/FVG318.php

I prefer NetGear products to Linksys. This router is about $120.

http://froogle.google.com/froogle?q=FVG318&btnG=Search

My recommendation would be the Netgear ProSafe 802.11g Wireless VPN Firewall 8, Model FVG318....<rest snipped>...

Your recommendation is appreciated very much. I just went out and got the Netgear FVG318 and got it installed and running in less than 5 minutes. It was fairly easy to set up and configure for VPN access.

Thanks!

As has been mentioned, most of the 'off the shelf' VPN routers are just end points. Meaning you can get to your home LAN but not back out on the internet.

I'm a big fan of 'roll your own' routers. Get a $40 PC off ebay and load IPcop (www.ipcop.org). It includes OpenVPN which is a great product.
I am uploading my step by step on installing IPcop tomorrow (6/9) at the site in my signature....shamless plug, I know. But I really think this will give you what you are after. Plus, you get a LOT more than you ever get with a Linksys or Netgear (BLAH! they restrict ports above 10000 meaning RTP packets for VoIP are a no-go).

Another option is to OpenVNP or Himachi (http://www.hamachi.cc/) on a spare XP box. Then connect (you could do this with a linksys VPN router too) to Remote Deskop or VNC on that box and surft from there. Kind of a pain if you ask me.

I've gone the ubernerd route and used a windows 2003 domain cotroller with RADIUS and IPsec for my VPN...I had too much time on my hands a few years ago :D .

too late, but with firewall
http://dealmac.com/deals/D-Link-DFL-200-Firewall-w-VPN-from-191-shipped-after-rebate/121660.html

I'm a huge fan of SnapGear/Cyberguard's router/firewall/VPN boxes (http://www.esecuritytogo.com/ProductInfo.aspx?productid=SNAPGEAR-SG300-12-US). They're linux based, extremely stable and offer VPN configuration options far more flexible than the more commercial boxes (D-link/Linksys/Netgear).

Unfortunately they do cost more but IMO are very worth it. I've never seen Sveasoft so that may be competitive. One major benefit to the Snapgear is that you can use it for internet access over the VPN so when on a public WiFi hotspot you simply fire up the VPN client and all traffic is directed through the tunnel so nothing is sent out unencrypted. Also, unlike SonicWall, these do not limit you to a certain number of clients on your LAN.

What exactly is the advantage of a VPN router?

So that you can access your home network remotely through a secure tunnel?

Is there some authentication scheme other than one of those secure ID cards which generate random numbers?

My work's VPN scheme is a client, unique ID and a secure ID card.

I'm guessing these routers don't come with such an authentication scheme. So if you use some screen-sharing program, does it automatically set up a tunnel? If you use VNC to connect to your home IP from let's say a cybercafe, how is the VPN tunnel set up? Or is there some separate VPN client?

What exactly is the advantage of a VPN router?

So that you can access your home network remotely through a secure tunnel?

Is there some authentication scheme other than one of those secure ID cards which generate random numbers?

My work's VPN scheme is a client, unique ID and a secure ID card.

I'm guessing these routers don't come with such an authentication scheme. So if you use some screen-sharing program, does it automatically set up a tunnel? If you use VNC to connect to your home IP from let's say a cybercafe, how is the VPN tunnel set up? Or is there some separate VPN client?

your talking about a couple of different things here.

One is the VPN - the VPN stands for virtual private network. So instead of having a private leased line to the Internet, you are using the Internet (a shared public medium) and then creating your own little encrypted tunnel and so you have a virtual private network. The main point is that the communication between the two endpoints is encrypted.

Second is the Authentication - This is where you present some type of credentials to the VPN gateway. These credentials can be a username password combination, one time use pin codes, a digital certificate stored on your latops, secureID codes, biometrics, etc. etc. So it comes down to whether or not the VPN gateway directly supports what autehntication scheme you are interested in using or if the VPN gateway supports pass through authentication where the VPN gateway sends the credentials on to an Authentication server which then does the checks...

Lastly regarding VNC - by default VNC doesn't use a encrypted link, but depending on how you set it up and what type of VNC software you use, you can have your VNC connection encrypted as well. As for the tunnel setup that depends again on the configuration, but it layman's terms just think about it as being the same as when you web brower sets up an encryted https link to your bank.

Right so do these VPN routers come with VPN client software which can be used to authenticate to the home network from say a cyber cafe or your laptop at a hotel? VPN software and certificates don't come for free right?

Latest versions of Timbuktu come with a "Secure" authentication option. Not sure if that only encrypts the login or the whole Timbuktu session.

Some ISPs also offer VPN, like Sonic.net.

Right so do these VPN routers come with VPN client software which can be used to authenticate to the home network from say a cyber cafe or your laptop at a hotel? VPN software and certificates don't come for free right?

Latest versions of Timbuktu come with a "Secure" authentication option. Not sure if that only encrypts the login or the whole Timbuktu session.

Some ISPs also offer VPN, like Sonic.net.
Most off-the-shelf VPN routers (linksys, etc) do not always come with software. Windows does have a VPN client built in but it takes some work to get the IPsec connection working between the router and windows XP. OS X is about the same.

The problem, as mentioned, with the off-the-shelf stuff is that it only works as point-to-point and does not route back out over the WAN connection. Great if you want to print to the printer in your home office...bad if you want to surft the web from a hotel in a secure manor.

That, frankly, is the biggest reason to use VPN. When you are on the wired/wireless network at a hotel, you are sharing it with everone else in that hotel. I dont do this but someone could...you know...maybe...download some software which is freely avaiblabe through a google search...and then watch all the traffic going on in the hotel and pull passwords or anything!
If you use a VPN then you are encrypted (at least to the end point).

I really recomend openVPN or hamachi (see above). Open VPN is included in IPcop (www.ipcop.org) and I'll have my guide to installing it posted on the site below by tomorrow mid-day.

Astaro also makes a nice (for sale) linux product.

Smoothwall is another free one.

What exactly is the advantage of a VPN router?

So that you can access your home network remotely through a secure tunnel?

Is there some authentication scheme other than one of those secure ID cards which generate random numbers?

My work's VPN scheme is a client, unique ID and a secure ID card.

I'm guessing these routers don't come with such an authentication scheme. So if you use some screen-sharing program, does it automatically set up a tunnel? If you use VNC to connect to your home IP from let's say a cybercafe, how is the VPN tunnel set up? Or is there some separate VPN client?


The real advantage is protecting your traffic b/t your laptop and the VPN gateway. See what I mentioned above about being on a public hotspot or hotel.

If you use OpenVPN, for instance, you can also use a RAIDUS server (like free radius or any of the other free ones that use LDAP) to re-create a very good authentication scheme. IF you really have to have token based stuff, then there are some lower cost alternatives to Authenx or RSA tokens, but that's more for business than home.

I have about 5 spare tokens laying around...been meaning to search for a way to use em :D

Well I'm using SSL in Mail.app for most of my email accounts and any kind of sensitive data, I try to make sure to use secure web pages.

Timbuktu sessions probably aren't encrypted but again, usually don't pass sensitive data over them.

Guess I could set up a VPN session using work's VPN authentication if I'm really paranoid.

Right so do these VPN routers come with VPN client software which can be used to authenticate to the home network from say a cyber cafe or your laptop at a hotel? VPN software and certificates don't come for free right?

Latest versions of Timbuktu come with a "Secure" authentication option. Not sure if that only encrypts the login or the whole Timbuktu session.

Some ISPs also offer VPN, like Sonic.net.

so then if you want to be really safe and be easy

there are version of VNC, that will also have a java browser client...I remember one for winbloze, but am too lazy...aw hec

http://www.realvnc.com/why.html

you can use realvnc and configure it so that if you are at java capable browser you can use the viewer without installing any software on the client machine.

so then you have an encrypted connection to your home windoze machine and everything is actually happening on that machine and the remote machine is just displaying content...so the only thing you have to worry about is keystroke loggers if you are on a public machine.

good? :D

Well I'm using SSL in Mail.app for most of my email accounts and any kind of sensitive data, I try to make sure to use secure web pages.

Timbuktu sessions probably aren't encrypted but again, usually don't pass sensitive data over them.

Guess I could set up a VPN session using work's VPN authentication if I'm really paranoid.

Thats a good start! But your laptop could still be wide open on the network.
As long as you are running a strong firewall on your latop then it should be safe at a hotspot.

Personally I dispise software firewalls so I prefer to just use a VPN when ever I'm out of the house.

As for VNC, I know TightVNC has some pretty good protection built in. But that again just protects the traffic of the VNC session. I doesnt to anything to take your laptop off the hotspot's network.