Re: WRT54GL with DD-WRT VPN firmware - where's the beef?

"JM" <jake@xxxxxxxxx> hath wroth:

What I'm trying to accomplish is access to a shared file in the main office.

Secure file sharing does not require that the VPN be terminated at the
wireless access point. It can also be terminated by whatever you're
using for a server. If you're concerned about someone sniffing the
*WIRED* part of your network, then end to end VPN is the right
solution. If only the wireless part is a problem, methinks you have
everything you need. Unfortunately, the TZ170 is a series of models
with various fallback, VPN, wireless, "enhanced" SonicOS, etc features
added (or missing).
<http://www.sonicwall.com/downloads/TZ_170_US.pdf>
I think one of these versions supports router to router VPN (2 nodes
or 10 clients) without additional software upgrades. However, that's
for IPSec and not for PPTP.

The remote office has two PCs that need access to an inventory spread***
on a workgroup PC in the main office. The home office has 12 channels of T1
for internet, and the remote office has business DSL from Bell.

Where does the wireless come into the picture? This sounds like a
wired solution?

The Sonicwall model in the main office is TZ 170, not sure of the hardware
or firmware release (will get that later).

Given this relatively modest need (?), what solution would you recommend? I
even have access to another Sonicwall (SOHO3), for a couple hundred bucks.
It's just that they already have the Linksys in the remote office.

Well, there are many options depending on how much money you want to
spend. I was going to suggest that you simply purchase another $600
Sonicwall TZ170 and build a VPN network, but that might be a bit
pricy. It would follow your original plan of router to router VPN
essentially creating one big network out of the two offices.

However, for just two clients and perhaps a few printers, this is
overkill. The easiest way is to setup the TZ170 for IPSec VPN
termination, and use a Windoze (or 3rd party) IPSec client on the two
computahs. Sonicwall VPN client:
<http://help.mysonicwall.com/applications/vpnclient/>
You can also use open source VPN clients or get the Sonicwall client
from other sources (SafeNet). I also use the Checkpoint and Cisco VPN
client without much difficulty. (Note: Neither currently works with
Vista). Also, PoPToP for PPTP under Linux.

I should warn you that the Sonicwall client is a bit feature infested
and will take some documentation reading or trial an error to
untangle. Also, if security is the prime concern, then try setting up
Sonicwall "Zones" to isolate casual users from the main server.

If this VPN arrangement is going over DSL, you may have a performance
problem, especially if your DSL upload speed is slothish. Basically,
the VPN runs at the speed of the slowest connection. I'm not sure
what you mean by "12 channels of T1". Is that 12ea 128Kbit/sec bonded
DS0 channels, a PRI (primary rate inteface), or 12 individual T1
lines? At 128Kbits/sec, it's gonna be really slow. At T1 speeds, no
problem.

Another possibility is to terminate the VPN in a Windoze or Linux
server. That could be the unspecified machine that is doing the
serving. PPTP server comes with W2K Server. IPSec, L2TP, and IPSec
servers come with Windoze Server 2003. The big advantage to
terminating at the server is additional security on the wired part of
the network, and the ability to use the very simple PPTP client
supplied on every Windoze client installation.

Anyway, you have several options depending on how you want to organize
this system. However, before you proclaim anything to be a solution,
I suggest you try running a VPN through your DSL/T1 connection, and
evaluate the performance issues. Many applications just don't like to
run this way and many data connections just aren't fast enough to be
useful. You may find that a remote desktop solution (PC Anywhere,
VNC, Windoze remote Desktop) to be faster or better. Once you
determine if the datacomm part of the puzzle is suitable, then
continue with the project.

--
Jeff Liebermann jeffl@xxxxxxxxxxxxxxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.

Quantcast