12-21-2010, 04:30 AM
The background:
After lots of googling, testing & cursing, I have set up an apparently stable VPN connection between a Cable ISP and a DSL ISP using two Linksys BEFSX41 routers. I say apparently stable because the tunnel has only been up for nine hours now, but that is much better than the 3 to 15 minutes I was getting before I learned of the various quirks of this model.
It turns out the model I have is buggy in SHA authentication and is particularly quirky if the phase 1 key re-negotiation time is set equal or less than the phase 2 encryption timer. The Anti-Replay packet protection is also buggy but since it is just more overhead security I turned it back off. (That was the default anyway.) Final settings are using 3DES & MD5 at the 1024 bit authentication level with the IKE (Auto) encryption to connect the initial tunnel between the specified WAN IP addresses. Then use DES & MD5 at a 768 bit level for ongoing encryption of the data transferred.
Shared drives, folders, and printers show up from each network to the other just like they would if they were all on the same local switch or router. I also installed a remote printer through the VPN and printed to it as if it were on the local network.
It took me about 12 hours to figure out that it's not so hard to do once the addresses, subnet masks, gateways, and such are entered in the right places and the anti-virus software is properly instructed to allow the connections. Anyhow, now that I have the proof of concept, I need to buy one more router with a VPN endpoint. So,
The question(s):
Should I get another BEFSX41 or is Cisco's RV042 worth the extra money? Or is there another device in a similar price range that would be better? (And that will play nice with my current routers.)
From the research I've done, the RV042 appears to be a much better device but will be slightly more difficult to set up due to differences in terminology. This itself is not a deal breaker as I'm sure it is a popular enough device that I can google up the solutions I'll need. On the other hand, if the BEFSX41 will remain stable day in and day out, month to month, then I'm thinking that is the way to go since it is less expensive and I know the ins & outs of it.
As a side note, I used ShieldsUp! as noted in kandrathe's post to test network security. Both sides of the tunnel passed with full stealth in all categories with the exception that the DSL side replies to pings. It appears the DSL modem itself is the one chatting and I don't beleive I can fix that.
After lots of googling, testing & cursing, I have set up an apparently stable VPN connection between a Cable ISP and a DSL ISP using two Linksys BEFSX41 routers. I say apparently stable because the tunnel has only been up for nine hours now, but that is much better than the 3 to 15 minutes I was getting before I learned of the various quirks of this model.
It turns out the model I have is buggy in SHA authentication and is particularly quirky if the phase 1 key re-negotiation time is set equal or less than the phase 2 encryption timer. The Anti-Replay packet protection is also buggy but since it is just more overhead security I turned it back off. (That was the default anyway.) Final settings are using 3DES & MD5 at the 1024 bit authentication level with the IKE (Auto) encryption to connect the initial tunnel between the specified WAN IP addresses. Then use DES & MD5 at a 768 bit level for ongoing encryption of the data transferred.
Shared drives, folders, and printers show up from each network to the other just like they would if they were all on the same local switch or router. I also installed a remote printer through the VPN and printed to it as if it were on the local network.
It took me about 12 hours to figure out that it's not so hard to do once the addresses, subnet masks, gateways, and such are entered in the right places and the anti-virus software is properly instructed to allow the connections. Anyhow, now that I have the proof of concept, I need to buy one more router with a VPN endpoint. So,
The question(s):
Should I get another BEFSX41 or is Cisco's RV042 worth the extra money? Or is there another device in a similar price range that would be better? (And that will play nice with my current routers.)
From the research I've done, the RV042 appears to be a much better device but will be slightly more difficult to set up due to differences in terminology. This itself is not a deal breaker as I'm sure it is a popular enough device that I can google up the solutions I'll need. On the other hand, if the BEFSX41 will remain stable day in and day out, month to month, then I'm thinking that is the way to go since it is less expensive and I know the ins & outs of it.
As a side note, I used ShieldsUp! as noted in kandrathe's post to test network security. Both sides of the tunnel passed with full stealth in all categories with the exception that the DSL side replies to pings. It appears the DSL modem itself is the one chatting and I don't beleive I can fix that.
"Nothing unreal exists."
-- Kiri-kin-tha
-- Kiri-kin-tha