Setting up a new VPN - Using a VPN Enabled Router vs Manual Setup in Windows

ppilot

Weaksauce
Joined
Feb 1, 2003
Messages
99
I am looking to set up a VPN and I was wondering if there were any benefits to using a VPN enabled router vs a manual windows VPN server besides the ease of use factor.

Thanks!
 
Are we talking site-to-site or remote hosts? For the former, definitely let the router handle it.

For the latter, it can kinda go either way I'd say. Using a Windows server might make it easier to integrate VPN permissions/etc. for users and hosts into an existing Active Directory deployment. But most routers and firewalls can also tie into existing AD/LDAP/RADIUS setups. Also, it's one more machine to manage/secure. The router/firewall may also require an additional license(s) to support VPN, and if you have a large number that need to be supported that may get expensive.
 
Are we talking site-to-site or remote hosts? For the former, definitely let the router handle it.

For the latter, it can kinda go either way I'd say. Using a Windows server might make it easier to integrate VPN permissions/etc. for users and hosts into an existing Active Directory deployment. But most routers and firewalls can also tie into existing AD/LDAP/RADIUS setups. Also, it's one more machine to manage/secure. The router/firewall may also require an additional license(s) to support VPN, and if you have a large number that need to be supported that may get expensive.

We are talking pretty basic stuff here. Basically the small business I am working at is splitting up the company into two different locations, but the issue is that our ERP Software is local so we are trying to figure out a solution to access the database remotely. The owner read about VPN and wanted to see if it would work, so I've been messing around with creating a a windows VPN server before looking at VPN enabled router.

I've got to the point that I can connect to the VPN server on our LAN, but as soon as I try to access remotely (using my wireless hot spot) I get the following error:

Error 800: The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use L2TP/IPsec tunnel, the securityparameters required for IPsec negotiation might not be configured properly.

I've verified that all the windows firewalls are setup correctly, forward the correct port, but there appears to be something else blocking it. We have Comcast and currently have the modem setup in bridge mode, so could there be some firewall in place there?

Does a router have to specifically support VPN in order for even windows VPN server to work? Another thing I thought of was whether or not our router (Netgear WNDR4000) can even handle VPN.

UPDATE - I just tested to see if the port 1723 was open and apparently it's not despite that port being forwarded in the setup. Any ideas?
 
Last edited:
For your use, I would certainly want the router to handle the VPN endpoint. Makes the local network configuration much easier.
 
I concur with jardows. For the particular use case you are talking about here, I would say a VPN router would be the better way to go. Also port forwarding is not the same as a port being open. VPNs are very strict in their setup typically and for a point to point, it can be very finicky and not like forwarded ports. You would probably be better off writing a stateful firewall rule that limits the connection for the VPN by IP, Port and direction of traffic (only allowing traffic in the direction of the system initially requesting the connection).
 
Forgot to provide an update on this. But I ended up getting an R6400 and it made the VPN experience much less of a pain in the ass. Thanks for all the advance!
 
Back
Top