dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
6
share rss forum feed

HELLFIRE
Premium
join:2009-11-25
kudos:18

1 recommendation

reply to PBateman

Re: VPN router recommendations for whole house VPN

First off, which VPN service are you looking to obtain? Most services -- BTGuard, ipvanish, et al, are geared for PPTP
(avoid like the plague due to weak encryption) or L2TP VPN, but I've found VERY LITTLE support for non-DDWRT /
Tomato / et al configurations for these services. IIRC, DDWRT, Tomato, et al will support remote-access VPNs, so for
minimal hassle, I'd check into wrt320n's compatibility with being loaded with alternate firmware and go from there.

For security, as I said, avoid a PPTP setup -- see »www.schneier.com/paper-pptpv2.html for a full explanation.
AES-128 / SHA1 is considered a baseline... thought AES-256 / SHA2+ is more ideal. To hit 50Mbps with AES-256 / SHA2,
scale your hardware accordingly. Generally speaking, home routers' CPUs are scaled for cost, NOT high encryption
throughput.

For remote access solutions, there's appliance-based and DIY -- key things is your budget, and level of comfort in DIY.
Also, keep in mind that you'll need a compatible remote-access client, of which appliance solutions typically charge
you on purchase of the device, or on a "per-seat / device-installed-on" basis. There's a "free" VPN client Shrewsoft,
but I can't claim much personal experience with it -- YMMV with it.

Alternatively, there's SSL-VPNs -- of which I THINK OpenVPN supports, but again, keep in mind of your budget and
level of DIY comfort.

My 00000010bits

Regards



PBateman

@sbcglobal.net

I have not confirmed which service yes but one of my requirements is tight security; no pptp.

My wrt320n does have ddwrt, I tried setting up basic pptp to VPN in remotely just to try out but it was too slow, could connect but not do anything.

Diy is my thing, so looking forward to a new project. One thing I do not want is VPN software on my PCs, we just have too many and tablets and phones. For hardware, whatever would suit the beat security with no speed hickups is fine with me.

In fact, this leads me to another question...would it be more cost effective to get cheap dated x86 hardware with 2 nics and place that between my ISP gateway and my router?