|
|
Hi all,
When placing a VPN router/server inside a firewalled network, I assume
it will be fine to just attach one LAN-side port to the local LAN, and
not have a connection to the vpn router's WAN port. Yes?
My firewall router is a Linksys WRT54G v3.0 running HyperWRT v15c. I'm
using this setup because I need lots of ports forwarded (more than
what's available with the standard firmware), and I need to be able to
forward GRE using iptables. And I'd like to keep the firewall separate
from the vpn endpoint.
For the vpn endpoint I'll be using a Netscreen, Netgear, D-Link, or
Linksys. The client will be an XP laptop running a clinet that's IPsec
-- either the vpn device's proprietary client or TheGreenBow, etc.
Alternately, I could move the WRT54G to the inside and use it as just
a wireless access point, but I'd need to port-forward 30+ ports.
(usually soho routers only allow 10 or so.)
I've had trouble setting up various software VPN servers:
A) XP host inside private network listening for VPN conections:
-- I forwarded nececary ports, plus used IP tables to be sure the
GRE is forwarded.
-- Got 721 error. Tried & tried & tried. No joy.
B) OpenVPN running on same XP box:
-- Bridged network and Tapi interfaces.
-- On laptop, worked okay, but soon stopped.
-- Note, when switching from Ethernet to Wireless must delete
bridege, recreate & rename bridge on new interface. PITA.
So, what's the popular physical arrangement for a soho VPN box inside
the firewalled home LAN?
Thanks in advance.
|
|