Does anyone use a firewall box for Broadband that allows incoming VPNs to terminate on it? If so, got any suggestions? I was looking at a Dlink DI-824VUP, but not sure if that's capable of accepting incoming vpns.. any ideas would be mucho appreciated..

Funnily enough I'm about to setup a VPN much like this. I haven't spent enough time on it to reach a definitive conclusion, but I ended up thinking the D-Link DFL-200 was the one for me. It has hardware VPN acceleration and what looks like a very good firewall. One of my requirements is that I need to support roaming laptop users and the DFL-200 also supports Windows VPN out of the box. I think the DFL-200 is a stronger product than the one you're mentioning. I also have the requirement to connect up remote locations that might want to have a wireless router doing it all for them, and the DI-824VUP sounds like a good choice for that, having looked at it briefly. Linksys does a bunch of products like that too, but I would prefer to stick with the same manufacturer to avoid any compatibility issues.

Let me know how you get on. I will probably get around to do more definitive research on this towards the end of the week so we can swap notes maybe.

It's for a similar scenario as you described. I discounted Netgear as they don't get good reviews at all. I've used other D-link stuff and it looks good. One of my requirements was wireless, but I think I might just ignore this and go for a DFL. I'll let you know how I get on..

Yis nerds...

hey it pays the bills.... :D

Connecting a roaming Windows VPN client, bundle of joy. My thoughts to date.

D-Link gives an example of how to setup IPsec with a Windows VPN client and a DFL-200/700. That's of practically no use as IPsec is not designed to handle DHCP or NAT. It's for static office-to-office configurations.

Microsoft recommends using L2TP/IPsec instead. According to them, this solves most of the problems. It seems from the DFL-200 documentation that it supports an L2TP server and that IPsec security is an option. However, the screen shots in the documentation don't show how you setup username/password stuff on the L2TP server, which is pretty much a requirement from what I understand. The Microsoft documentation is pretty useless as it assumes a Win2003 VPN server with Active Directory etc.

I'm thinking the only way to do this is to try it out. If it's not possible to get this to work with Windows VPN out of the box, there are generic VPN clients for Windows.

It should be noted that another way of doing this is to use PPTP. But it doesn't use PKI, which significantly lowers the security. Passwords can be hacked. It is extremely difficult to crack certificates in comparison.

I've added a few more requirements to my installation so it's looking like I'm heading for Cisco-land. I've unleashed my Cisco-certified buddy to find me a solution... While I may go for a Cisco clone, Cisco does at least do a Windows VPN client that definitely works...

You need either a netscreen or a fortigate box. Also check out checkpoint.

I'm opting for a dlink because it's for small scale stuff. But you should look at a dedicated FW/VPN box.. the ones above are as good as the rest.

Cisco are good, but you pay for them.. they own linksys, so might be worth looking at those..

As an aside to this, lads, can someone tell me what it means when my Laptop shows the presence of a Wireless Network called "WEST"?

Is this a spurious wireless network? Could a neighbours wireless router be showing up?

As an aside to this, lads, can someone tell me what it means when my Laptop shows the presence of a Wireless Network called "WEST"?

Is this a spurious wireless network? Could a neighbours wireless router be showing up?

yep, so ya got surfing for free then PG.. :)

As an aside to this, lads, can someone tell me what it means when my Laptop shows the presence of a Wireless Network called "WEST"?

Is this a spurious wireless network? Could a neighbours wireless router be showing up?
It's the Westies gang.
You must have pissed them off, so they are using your laptop to surf for porn.

I get the message that it's an unsecured network but I cannot get access on it.


My connection is free, anyweay, so no savings to be made there.

I have a BELKIN setup, including H/W firewall so I doubt I'm being accessed. I had a service engineer from DIGIWEB yesterday who had to reset my Wireless broadband because of interference from a nearby network.

The Netscreen 5GT it is. It is in fact so good I just realised we already have one... Not bad at about €400 a shot either.

I don't think it does one thing that I would dearly love, and that is a firewall that can filter on arbitrary HTTP headers, eg only allow incoming traffic from IP address X where HTTP header Y is set to Z. That would be the icing on the cake, but I can live without it.

We have a few Netscreens in work, good boxes, but pricey for home use.

I settled on a Netgear FVL328... now to get the friggin thing set up.. finally got a copy of Sentinel SSH.. so now the fun begins..

Ever used either before?