-2

I need to create a VPN, so that remote users can dial in to our company network, to access resources on the network. I do not need a branch-to-branch VPN.

I have the following:

  • Netgear DG834 ADSL modem/router
  • ADSL line to be used only for the VPN. No static public IP address on this line, but a DynDNS hostname can be set up easily.
  • Windows Server 2003 Standard license
  • Intel server with 2 network cards (I assume one will point to the internal network, and one to the router's "network")
  • Existing network with +- 40 PCs, devices, servers, etc that we need access to
  • No Windows Domain or Active directory

I've been playing around with Routing and Remote Access (RRAS) on the server and the VPN Wizard on the DG834 router, but haven't been successful.

I really don't think I can progress until I have answers to the following:

  1. Can I set up the VPN only on the DG834, without needing the server?
  2. Can I set up the VPN only on the server, without need the VPN features of the router?
  3. If I use RRAS, do I need to open ports on the Windows server firewall, or will RRAS handle this automatically? When RRAS is enabled, I can't access the Windows Firewall to set up any inbound or outbound rules.
  4. How do I know which VPN protocol to use, that is supported by both the router and the server.
  5. What VPN client do I use to dial the VPN connection? Can I use the built in VPN client provided by windows ("Connect to workplace")? I would prefer to set the VPN up without needing to pay for any softare or licenses.

Are there any guides out there that can assist with creating a VPN for the environment I've described above? I've done quite a bit of reading already, but nothing that is comprehensive enough to help me out.

Saajid Ismail
  • 317
  • 3
  • 7
  • 18
  • [You're trying to set up a business network on an especially bad end-consumer/home DSL modem + router that's so old it's been discontinued.](http://www.netgear.com/home/products/wired-routers-and-modems/wired-routers/dg834.aspx#) And costs $19.99. Don't try to set up a branch office network on something like this. – HopelessN00b Oct 30 '12 at 14:18
  • From what I've been reading in the meantime, I don't really need to use any of the VPN features of the DG834, accept of course to connect to the DSL line. With port forwarding, Windows should be able to handle the rest. Would have been nice if somebody actually took the time to tell me this, instead of bashing the router which I know is old and consumer-grade. Seems nobody really read my question. Sigh. – Saajid Ismail Oct 30 '12 at 14:36
  • [Please read our FAQ.](http://serverfault.com/faq) Don't mistake a lack of interest in your question with not having read it. Your question is simply not a good one for this site (or StackExchange in general, I'd say), and advising you not to use a cheap, old consumer-grade router to support an office **is** good advice. FWIW, consumer grade routers have a very low limit on the number of concurrent connections, so that'll be something you'll want to keep in mind when the office starts connecting through that thing and strange network issues start popping up all over the place. – HopelessN00b Oct 30 '12 at 14:48
  • So where should I post this to? SuperUser? – Saajid Ismail Oct 30 '12 at 15:03
  • SuperUser probably won't be able to provide much help either. There are all kinds of guides for setting up RRAS and/or a Windows VPN out there, use Google for that bit. For using this router in a business environment, there probably is no good place to go for answers. You'll have that when you go far enough off the beaten path - sometimes you're just out there on your own. Personally, I think I'd discover that the PoS was defective and non-functional, and management would just have to buy a real router for me to set this up on, aww shucks. – HopelessN00b Oct 30 '12 at 15:20
  • OK thanks for the info. Guess its time to go this on my own, off the beaten track. – Saajid Ismail Oct 30 '12 at 15:22

1 Answers1

1

You'll not find expertise on a consumer-grade ADSL router on this site (read the FAQ).

None the less - Use your server as the VPN server, and get help from your ISP to make sure that the router forwards the correct protocols to the internal server. GRE is especially important.

The very (basic, not very secure) method is to use PPTP, which only requires a single TCP port and GRE forwarded.

Edit: Sorry, didn't read the entire question, basically since it was many questions in one (which is not a good format for this site).

Windows XP and upwards have a built-in VPN client for connecting against RRAS. You have to decide on your own what kind of tunneling protocol you want to use, according to your needs and your environment. Many modems say they support VPN passthrough, and then it turns out that they just support PPTP and L2TP, not IPSEC (or the other way around).

You just have to test it and see what works.

pauska
  • 19,620
  • 5
  • 57
  • 75
  • Just wanted to add this is the correct answer. – Jason Oct 30 '12 at 14:27
  • I know it's old, and sucks, but is/was also the most popular ADSL router for many years. I also know that it can be done. I believe that I should just forward the appropriate VPN ports on the router to the Windows Server, and ignore the VPN functionality in the router altogether. The router seems to allow VPN passthrough, which is the minimum requirement. I just need some help on the Windows side now. – Saajid Ismail Oct 30 '12 at 14:30