Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VPN For Office needed


  • Please log in to reply
56 replies to this topic

#1 tim_ver

tim_ver

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 06 August 2012 - 10:05 PM

I have a simple office network setup and I need to add a VPN connection, so my employees can access our application on the server. Here is what I have:


1.) Windows 2003 Enterprise Server
2.) Linkssys 54rt
3.) NetGear FVS318V3
4.) 3 workstations XP OS
5.) 3 Laptops - XP OS, MAC and WIN 7


The flow of is DSL to Linkssys to Netgear FW to the server and workstations. Using DHCP. I have tried to setup the VPN on the server but it is not pulling an outside IP. The Linksys is not pushing it to the Netgear. How do I fix this so the VPN will work and workers can access the server apps with the VPN?


Thanks

BC AdBot (Login to Remove)

 


#2 The_Outkast

The_Outkast

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ft. Wayne, IN
  • Local time:09:34 PM

Posted 08 August 2012 - 10:09 PM

My first question would be, is there a reason you are using 2 routers? The double NAT could be part of your problem.

#3 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:34 PM

Posted 09 August 2012 - 12:44 AM

It should be set up as home pc with VPN client software connected to Netgear router connected to broad band connection. Linksys wrt54g running dd-wrt VPN firmware with the VPN server running connected to the server. This solves the problem of Port forarding. Are you using Cisco VPN or OpenVpn? If you do not have the option of that setup make sure the router infront of the server has the correct ports and protocol forwarded to the server. The port assignments will configured when creating the server and client config file during the VPN setup.] Network A running the Netgear router is bridged to the Wrt54g Network B connected to server. What VPN protocol are you using and what software OpenVPN Guide

Edited by Sneakycyber, 09 August 2012 - 12:53 AM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#4 tim_ver

tim_ver
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 09 August 2012 - 02:32 AM

This is my first VPN setup. I am using the VPN setup in Windows 2003 enterprise. The Linksys is just used for wireless users, and the DSL mode per the ISP is in bridge mode now, using DHCP. The Netgear is used as a switch now as we need more than four ports. I could take it out of the mix and just use the Linksys WRT54G, but would still need a switch for all connections.


Please let me know what would be the best setup and solution for this. I was thinking of getting a newer Linksys router as this one is older and has old firmware on it also.


Thanks

#5 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:34 PM

Posted 09 August 2012 - 06:39 PM

Follow along in this thread I will go over it with you This evening or tomorrow. :busy:
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#6 tim_ver

tim_ver
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 09 August 2012 - 10:16 PM

I reviewed this. I only have one site location not a A and B. I am looking at removing the Linksys router from the equation, and going straight from the DSL to the Netgear unit. Then setup the Netgear unit for VPN and the Server also. For the client on the laptops I am open as to which one to use. Just need some help on configuring the Netgear unit and Server.

#7 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:34 PM

Posted 09 August 2012 - 10:39 PM

In actuality you do have two sites. The server and the client or in your case the work stations. I am a little confused why the work stations need a VPN to access the server in a private network. is the server off site, or managed by an outside provider? What is the role of he primary server (assuming your are deploying virtualized servers on the same installaton).

Edited by Sneakycyber, 09 August 2012 - 10:41 PM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#8 tim_ver

tim_ver
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 09 August 2012 - 10:46 PM

The Laptops are offsite at homes. Server is in an Office and is used to run the application program. The users need to be setup so that when they click an icon "App - offsite" on the desktop on their Laptops it will connect to the server and run the application like they were in the office.

#9 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:34 PM

Posted 10 August 2012 - 12:00 AM

Your best option is a Cisco RV180 business class router. It has built in ipsec site to site VPN, its more suited to handle your whole network routing needs. If you need more ports connect an additional switch. The reason to move the VPN gateway from the server to the router is to solve port forwarding problems and security risks envolved when you open a port in your firewall to your company server. Another option would be to upgrade your WRT54GL router firmware to dd-wrt VPN or tomoto VPN. Unless you have one of the very few WRT54g routers not supported. Setting up openvpn is very easy with dd-wrt v24 firmware. The WRT54GL is used as a business class router in many installations (my company uses them very often) as a lower cost option to a business class or enterprise class router. How many clients are onsite at the office? How many will be using the wireless? Bear in mind you can repurpose the old routers as access points. As far as VPN software you should would depend on the router you chose. The Cisco router you would use Cisco Anyconnect VPN client. THE WRT54GL Its reccomended you use OpenVpn with the DD-wrt firmware The firmware is design with support for openvpn server settings and client configuration.files.

Edited by Sneakycyber, 10 August 2012 - 12:12 AM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#10 tim_ver

tim_ver
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 11 August 2012 - 12:53 AM

I looked up the Cisco router and it does not get good reviews. So the current router we have now Netgear FVS318V3 will not work? It has a VPN Setup wizard in it, so I figured it would work fine for what we are after. Can you help in using it for now? I have the DSL connected directly to the Netgear router now, and then it connects to the server and 5 workstations. Only 2 users will need to connect from home via the VPN connection. No wireless connections all wired.

#11 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:34 PM

Posted 11 August 2012 - 02:40 AM

Yes it will, I apologize for my lack of research in the product I was recommending and the equipment you already have. I was thrown off when you said the Netgear ProSafe VPN Firewall FVS318v3 ( referenced from her on as Netgear or firewall) is a switch when its a enterprise VPN firewall. 1.Has the Netgear been configured actively to secure the network yet? For this to be accurate the firewall must be the first and only device connected to the Modem's WAN port. All other devices connect to through the firewall. 2. What is serving as your DHCP server your Microsoft Server or the Linksys router. Do the remote users only need access.to your server for the sole purpose of running an aplication or.do they need access to the entire network. 3.Is your Microsoft Server functioning as a domain controller. 4.How are users authenticated (allowed to) on the network to access the server? 4. Can you request a static ip address from your ISP?

Edited by Sneakycyber, 11 August 2012 - 03:21 AM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#12 tim_ver

tim_ver
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 12 August 2012 - 03:33 AM

No problem, I appreciate all the help and assistance on this. I have answered your questions below, I am looking at doing this work Monday 8/13 "Removing the Linksys router and connecting the DSL Modem directly to the Netgear router. Then configuring and setting up the VPN connection.


1.Has the Netgear been configured actively to secure the network yet? - not 100% sure


For this to be accurate the firewall must be the first and only device connected to the Modem's WAN port. All other devices connect to through the firewall - It will be, We are removing the Linksys router. The DSL Modem will connect directly to the Netgear router.




2. What is serving as your DHCP server your Microsoft Server or the Linksys router. - Netgear router

Do the remote users only need access.to your server for the
sole purpose of running an application or.do they need access to the entire network. - Just to run two applications on the server.




3.Is your Microsoft Server functioning as a domain controller. - No




4.How are users authenticated (allowed to) on the network to access the server? - Account setup on the server "user/pw"




5. Can you request a static ip address from your ISP? - Not sure, but they said it will not change that often.

#13 tim_ver

tim_ver
  • Topic Starter

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 12 August 2012 - 04:57 AM

No problem, I appreciate all the help and assistance on this. I have answered your questions below, I am looking at doing this work Monday 8/13 "Removing the Linksys router and connecting the DSL Modem directly to the Netgear router. Then configuring and setting up the VPN connection.


1.Has the Netgear been configured actively to secure the network yet? - not 100% sure


For this to be accurate the firewall must be the first and only device connected to the Modem's WAN port. All other devices connect to through the firewall - It will be, We are removing the Linksys router. The DSL Modem will connect directly to the Netgear router.




2. What is serving as your DHCP server your Microsoft Server or the Linksys router. - Netgear router

Do the remote users only need access.to your server for the
sole purpose of running an application or.do they need access to the entire network. - Just to run two applications on the server.




3.Is your Microsoft Server functioning as a domain controller. - No




4.How are users authenticated (allowed to) on the network to access the server? - Account setup on the server "user/pw"




5. Can you request a static ip address from your ISP? - Not sure, but they said it will not change that often.

#14 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:34 PM

Posted 12 August 2012 - 07:39 PM

:wacko: I have been banging my head against the wall for the past 4 hours trying to get certificates to install on my server.. I was planning on typing up a walk through but I won't have time (unless I can't sleep again <_<). You should have no problems since you have already gotten as far as starting the VPN server.. Just follow the Installation documentation from Netgear for the initial set-up. Make note of your WAN IP address. Follow Smart Wizard to get the Router online. Next switch to the Reference Manual and down to Chapter 4. Follow each step and set each option as the default values given in the set up guide. When the VPN connection is successfull the remote use will be connected to the Network. Since the Network is not on a domain server and they are Authenticated by user names make sure the remote users are Logged on to their computer with the User name and password assigned by your network. When they join the network their username and password will be stored in their security certificate just as it would be if they were on the network locally. If they are logging in from their HOME PC that they own, their log in Username and password MUST MATCH their network username and log on( That shouldnt be a problem since you stated you will be providing the computers, Correct?). If they do not they will not have access to the network shares or the Server. You can limit the remote users access in the Server. Good luck and let me know if you have any problems. I am Setting up Terminal Service on a new Server tomorrow so I may not be able to answer. I will have someone try and watch the topic in case you run into problems.
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#15 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:34 PM

Posted 13 August 2012 - 08:56 PM

All is well??
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users