Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User patonar
(newbie) Wed 19-Feb-14 10:16:34
Print Post

General ADSL Router Hardware Question - IPSEC Corporate VPN


[link to this post]
 
All,

I am working on a project at work that is deploying IPSEC (IKEv1 currently but IKEv2 soon) VPN to our employees.

We have been having a hit and miss time with home ADSL routers not allowing the IPSEC traffic. A connection may be established to the VPN but the inbound traffic is getting blocked - some routers e.g. Netgear DGN1000sp even if the inbound firewall is opened dont seem to work.

With that in mind we are trying to draw up a list of ADSL routers that allow IPSEC Corporate VPN Passthrough. I thought here may be a good place to come to get a start of a list - we can then advise employees to submit an expense claim to buy one that works.

Working list so far:
Talk Talk Router (not sure of the model)
Virgin Media Super Hub & Super Hub 2 (Cable)
BT Infinity Routers
Sky Provided Router
Standard User MHC
(sensei) Wed 19-Feb-14 10:42:06
Print Post

Re: General ADSL Router Hardware Question - IPSEC Corporate


[re: patonar] [link to this post]
 
Which BT Infinity Routers though?

Currently they will supply: Home Hub5, Business Hub (similar to HH5) but with different firmware, 2Wire2701 - still supplied in some cases.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M H C


taurus excreta cerebrum vincit
Standard User patonar
(newbie) Wed 19-Feb-14 10:44:55
Print Post

Re: General ADSL Router Hardware Question - IPSEC Corporate


[re: MHC] [link to this post]
 
Not sure - this was just an employee saying my "Infinity router works"....

Basically - i am assuming that Infinity is going to work on the supplied hardware (most modern routers seem to work fine)...

I am just looking to draw up a list of routers that definately work with IPSEC passthrough - so:

a) I can buy the senior management a new router (keep them happy)
b) I can have a list that employees can go and buy from and expense back.


Register (or login) on our website and you will not see this ad.

Administrator MrSaffron
(staff) Wed 19-Feb-14 10:58:12
Print Post

Re: General ADSL Router Hardware Question - IPSEC Corporate


[re: patonar] [link to this post]
 
Need to get router specifics, i.e. model and firmware used to make the list useful.

Same hardware but different firmware can be a big factor.

Also have you looked at running the VPN Alg that some firmwares have.

Another gotcha is that for example with Sky, people need to extract the Sky username and password from the existing router if they are going to replace it.

Turning off the firewall does not usually remove the basic NAT functionality by the way, and doing so would be a very dangerous thing to do i.e. no NAT puts the computer directly onto the internet.

Also have you looked at the issues that may be thrown up by varying software firewalls running on the computers.

Andrew Ferguson, andrew@thinkbroadband.com
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User billford
(elder) Wed 19-Feb-14 11:10:27
Print Post

Re: General ADSL Router Hardware Question - IPSEC Corporate


[re: patonar] [link to this post]
 
FWIW my Asus RT-N66U has the following options for NAT passthrough:

PPTP Passthrough
L2TP Passthrough
IPSec Passthrough
RTSP Passthrough
Enable PPPoE Relay

Caveats:

a) I've never used them so I don't know if they work (or what they do in most cases!)
b) I'm not using the latest firmware, but I doubt they've taken them out.

Bill
A level playing field is level in both directions.

__________Fold at Home_________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Standard User patonar
(newbie) Wed 19-Feb-14 11:12:46
Print Post

Re: General ADSL Router Hardware Question - IPSEC Corporate


[re: MrSaffron] [link to this post]
 
Hi,

Probably should have mentioned that the EUD's are not computers but Android Tablets. So factors around device firewalls are not an issue.

And yes - where possible we have solved some employees settings by helping them look at their router settings / passthrough options... however supporting over 50,000 employees home broadband is not viable.
Administrator MrSaffron
(staff) Wed 19-Feb-14 11:33:39
Print Post

Re: General ADSL Router Hardware Question - IPSEC Corporate


[re: patonar] [link to this post]
 
Ok now have an idea of the scale...

A further thing to consider, some Infinity customers will have BT TV so changing out the Home Hub (be it a 3, 4 or 5 version) is not simple, as the IPTV QoS needs the HomeHub. So figuring out which of the exact home hubs works is key.

Also with the HomeHub 5 it has an integrated VDSL2 modem, as does the EE Brightbox2 and Sky SR102 so swapping them out is more complex.

In short someone in the firm is going to be busy running some tests and the permutations.

For the key employees, it may be easier to find a broadband provider that lets you supply your own known working router and install a dedicated line.

Andrew Ferguson, andrew@thinkbroadband.com
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User patonar
(newbie) Wed 19-Feb-14 11:46:35
Print Post

Re: General ADSL Router Hardware Question - IPSEC Corporate


[re: MrSaffron] [link to this post]
 
Ok - so we are pretty sure that all of our employees using BT Broadband / Infinity etc do not have an issue.

Its the others - mainly Virgin Media National (who supply the DGN100sp) that are the issue. Hence why i just need a list of routers that are known to work with IPSEC passthrough.
Administrator MrSaffron
(staff) Wed 19-Feb-14 13:58:42
Print Post

Re: General ADSL Router Hardware Question - IPSEC Corporate


[re: patonar] [link to this post]
 
Would advise that people switch off of Virgin Media national, generally a poor product and is no longer sold so improvements/changes are unlikely.

Andrew Ferguson, andrew@thinkbroadband.com
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User vimto_girl
(member) Wed 19-Feb-14 14:30:51
Print Post

Re: General ADSL Router Hardware Question - IPSEC Corporate


[re: patonar] [link to this post]
 
It's not clear why you need a list, and whether you mean all routers in the world or just those supplied by major UK ISPs.

What do you want a list of exactly, and then what do you plan to do with that list exactly?
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to