VPN Router to access existing internal network

A

a104375

Limp Gawd
Joined
May 8, 2008
Messages
165
Got a new server in order to run the non-cloud version of a church management software and obviously the main downside is I have to get a remote access system working.

The server is a Mac Mini running Mavericks with Server 3.1.1 which has a vpn features however it doesn't work nicely with windows 7 and recently stopped authenticating on macs. Even tried NeoRouter however there is no way to authenticate in order to access the locked folder the files are stored in, so I've pretty much given up on a software solution.

I've been looking at the Cisco RV180 in order to get network side VPN. Currently we have 2x WNDR3700v3's that each respectively connect to a WN2500RP over the 5ghz network. With the main router running all the dhcp for the network.

In the future when funding frees up I'm planning to replace all these with Ubiquity Unifi access points, but at this point I have to keep those in place.

With the Cisco RV180 I should be able to have it run all the DHCP as well as then provide the VPN capabilities that I need? Then when I VPN into the network I'll be able to the access the server and map network drives?

Thanks for the help, I just want to make sure that this should work well before purchasing more things!
 
Yes it will work.

But I would never buy another Cisco RV anything.

Short story...they work in some configurations , but in a I hate you and I hate myself for buying this POS and spending this much money to get the name CISCO kind of way.

ASA or IAS units are fine. The RV series are the stinkers.

So I'll suggest a alternative or two.

Start looking at Zyxel USGs "with the UTM features manually turned off", or Ubiquiti Edgerouter, if you are ok with figuring out the CLI.

For Zyxel USG 50 would work but you'd be limited to 10 concurrent IPsec users at a time. $210.00 ( you get 2 web based SSL VPN licenses.)

The "Zywall 110" is almost in another class even compared to the RV320, but is closer to $400.00 With the Zywall you get 100 concurrent IPsec tunnels and 25 web based SSL VPN licenses. No client to purchase you log in via web portal from your browser and the client installs from there.

What is important to know about the Zyxel USG and Zywalls are that they run a custom BSD OS. They're well known for running for years without a reboot. The VPN is ironclad stable and compatible with almost every std client on the market. They will easily connect to Cisco ASAs Junper netscreen, Alcatel-lucent and pretty much anyone and anything that adheres to the std.

They can also do L3 routing (abit in software) have AD integration or onboard user database, multiple DHCP and DNS and piles more features. You get excellent free support for the first 90 days, they will even configure it for you if you ask and work with them.

If you are considering the Edgerouter you'd probably use the OpenVPN client or shrew. When equipped with the latest 1.4 firmware there's no risk of the Heatbleed bug. A nicer VPN gui is expected later this year, in the meantime you'd have to configure some VPN settings via CLI.
 
Thanks for the information I'll keep that in mind. I got a good deal on the rv180 (72.50) and it's been used previously by someone upgrading to the wireless version so I'm hoping that means this is a quirk free unit!

I'm not that knowledgeable when it comes to networking but I'll look into these options, worst case scenario if I run into problems I buy one of the models you suggested and throw this back up on eBay. Heck I might even try out a few before I submit it for reimbursement!

Any tips to keeping the RV happy, I'm doing very basic setup, dhcp, several ip reservations, port forwarding, and the vpn.

We don't need many VPN users really only going to have one person needing it frequently and I may use it from time to time but I don't see more than 10 users needing it let alone simultaneously.

Edit: Just went checking and found a ZyXel USG 20 for $65 on eBay, so I grabbed that too. That way worst case scenario I have two options now, kinda like a demo almost!
 
Last edited:
I would not buy a rv series for vpn.

For routing packets and acting as a firewall they rock.
I use them in front of web servers and networks with voip which eat routers for lunch that cost 3 times as much.

For vpn and other uses not so much.
 
looks like dell killed off the sonicwall sra1200 which used to be my go to vpn appliance.
The sra 1600 is way expensive for what it is.
 
The Zyxel USG has hardware AES VPN accellation. As long as you don't use it as a UTM, they rock, but they are getting old in the teeth.

The Zyxel Zywalls (as supposed to be the same as the USG series without the UTM features but were recently updated and are not 50 times faster but the entry model Zywall 110 is now starting at $380. But I know of nothing else on the market that has 800Mbps of IPsec throughput with 100 clients AND offers web based SSL VPN (25 licenses free)

Oh BTW... Did I mention that there no reoccurring charges and forever firmware updates?

Dual WAN? Proper ALG transform?

I think the SSL VPN throughput is a little over 100Mbps but still, that's pretty sick as the next competitor is the Juniper SRX series with licenses at around $3k + annual fees.

The downside is a 2-3 year warranty and only 90 days of free support. But for the price you could buy two or three compared to its competitors.


Don't get me wrong the Edgerouter is the best router for the money if we are speaking strictly on routing performance.

But the Zyxel USG and Zywall's are the VPN concentrators/endpoints I know of on the market if your looking to spend under a grand and want the most bang for your buck.
 
Awesome very helpful information, at this point I'll give both the ZyXel USG 20 and the Cisco RV180 and see which one works better for what we need.
 
Yup the RV180 is definitely them most annoying router I've ever tried setting up! Well now to sell it...
 
The Zyxel USGs are fantastic. I have ran a few for a long time with no issues at all.

I moved over to the Ubiquiti ERL and it is more powerful, but more difficult to configure if you do not know networking well.
 
Great to have another happy Zyxel USG user! Ours will be here on Tuesday, which happens to be right before our copiers get replaced, and new stuff has to be put on the network.
 
Alright got the Zyxel USG today now I'm going through guide after guide trying to get the vpn to at least connect on my local test before pushing the unit into production. Any tips?
 
One thing that used to annoy me was that they don't make their documentation all that easy to find.


This should give you a clue on how to connect up a client, in this case the client is the software "The greenbow VPN" but the basics are the same for all clients:

https://www.google.com/url?sa=t&rct...=g5dzSLEjKqoJus6cDCieCQ&bvm=bv.65177938,d.cWc


This is the 3.0 manual...which is fairly comprehensive:
ftp://ftp.zyxel.com/ZyWALL_USG_50/user_guide/ZyWALL USG 50_v3-00_Ed1.pdf


This is the 3.3 manual which is for some reason much smaller:
ftp://ftp.zyxel.com/ZyWALL_USG_50/user_guide/ZyWALL USG 50_v3-00_Ed2.pdf
 
Awesome thank you very much, I'll take a look at those when I get home hopefully I'll be able to get it working now! I wanted to get it working on my home network before I bring it in to it's permanent home where it will be more difficult to get working once installed.

I haven't really searched for this year but off hand is there information available to set the USG for remote management at least temporarily?

Thanks!
 
It's better to just quick create a L2TP VPN account and login remotely with that.

Takes all of 2 minutes to setup and is significantly safer.
 
a104375 said:
Alright, so I've got the vpn setup and working from this: http://www.dslreports.com/forum/r26985207-L2TP-VPN-on-USG-quick-how-to and I can connect to the network. However I can't do anything beyond that, when I connect and try to connect to a network device it just times out. Any ideas? Let me know if you need information!
Click to expand...

Check to see what you can ping.

Assuming you re running a default configuration see if you can ping the router at 192.168.1.1

If you can try to login to the management console that way. http:\\192.168.1.1

If you can not, most likely something is not right with your policy or firewall rules.



Once you can login by IP. you probably ARE on the internal network and should be able to access shares and various devices by IP.

TO access machines by name you need either an internal windows DNS server or WINS (gasp)....or hack your LMhosts file with names and ip addresses.

When I was running the IT for a small company it was easier to edit all 12 user's LMhosts file and add all (5) server entries than to purchase a server for internal DNS.

Also check the information and error logs, they will give you a good clue on what is or is not occurring.

If you get stuck, call Zyxel support. Do not e-mail them. They should offer to examine your config, remotely login and resolve all the issues.
 
I cannot ping 192.168.1.1 and yes running the default configuration. (On my Macbook Pro)

I've got it setup so that vpn users get 10.0.0.x addresses, and pinging that gets me successful pings, but I have no access to things internally. I tried setting the address to match the default gateway but I learned the hard way that just breaks the router!

Yeah I have no need for accessing computers by name, planned on using the IP addresses anyway, so I don't need to worry about that.

The logs showed the successful login, but I'm not sure how to decode them much more than that.

I greatly appreciate your help though!

EDIT: Interesting enough it seems I can VPN no problem on PC as well but there I can actually access the network and and access 192.168.1.1. Ideas why it doesn't work on the mac?
 
Last edited:
You must log in or register to reply here.
Back
Top