General ADSL Router Hardware Question - IPSEC Corporate VPN

All,

I am working on a project at work that is deploying IPSEC (IKEv1 currently but IKEv2 soon) VPN to our employees.

We have been having a hit and miss time with home ADSL routers not allowing the IPSEC traffic. A connection may be established to the VPN but the inbound traffic is getting blocked - some routers e.g. Netgear DGN1000sp even if the inbound firewall is opened dont seem to work.

With that in mind we are trying to draw up a list of ADSL routers that allow IPSEC Corporate VPN Passthrough. I thought here may be a good place to come to get a start of a list - we can then advise employees to submit an expense claim to buy one that works.

Working list so far:
Talk Talk Router (not sure of the model)
Virgin Media Super Hub & Super Hub 2 (Cable)
BT Infinity Routers
Sky Provided Router

Which BT Infinity Routers though?

Currently they will supply: Home Hub5, Business Hub (similar to HH5) but with different firmware, 2Wire2701 - still supplied in some cases.

Not sure - this was just an employee saying my "Infinity router works"....

Basically - i am assuming that Infinity is going to work on the supplied hardware (most modern routers seem to work fine)...

I am just looking to draw up a list of routers that definately work with IPSEC passthrough - so:

a) I can buy the senior management a new router (keep them happy)
b) I can have a list that employees can go and buy from and expense back.

Need to get router specifics, i.e. model and firmware used to make the list useful.

Same hardware but different firmware can be a big factor.

Also have you looked at running the VPN Alg that some firmwares have.

Another gotcha is that for example with Sky, people need to extract the Sky username and password from the existing router if they are going to replace it.

Turning off the firewall does not usually remove the basic NAT functionality by the way, and doing so would be a very dangerous thing to do i.e. no NAT puts the computer directly onto the internet.

Also have you looked at the issues that may be thrown up by varying software firewalls running on the computers.

FWIW my Asus RT-N66U has the following options for NAT passthrough:

PPTP Passthrough
L2TP Passthrough
IPSec Passthrough
RTSP Passthrough
Enable PPPoE Relay

Caveats:

a) I've never used them so I don't know if they work (or what they do in most cases!)
b) I'm not using the latest firmware, but I doubt they've taken them out.

Hi,

Probably should have mentioned that the EUD's are not computers but Android Tablets. So factors around device firewalls are not an issue.

And yes - where possible we have solved some employees settings by helping them look at their router settings / passthrough options... however supporting over 50,000 employees home broadband is not viable.

Ok now have an idea of the scale...

A further thing to consider, some Infinity customers will have BT TV so changing out the Home Hub (be it a 3, 4 or 5 version) is not simple, as the IPTV QoS needs the HomeHub. So figuring out which of the exact home hubs works is key.

Also with the HomeHub 5 it has an integrated VDSL2 modem, as does the EE Brightbox2 and Sky SR102 so swapping them out is more complex.

In short someone in the firm is going to be busy running some tests and the permutations.

For the key employees, it may be easier to find a broadband provider that lets you supply your own known working router and install a dedicated line.

Ok - so we are pretty sure that all of our employees using BT Broadband / Infinity etc do not have an issue.

Its the others - mainly Virgin Media National (who supply the DGN100sp) that are the issue. Hence why i just need a list of routers that are known to work with IPSEC passthrough.

Would advise that people switch off of Virgin Media national, generally a poor product and is no longer sold so improvements/changes are unlikely.

It's not clear why you need a list, and whether you mean all routers in the world or just those supplied by major UK ISPs.

What do you want a list of exactly, and then what do you plan to do with that list exactly?

I thought it was clear - never mind..

I would like a list of routers, that people on here - through first hand experience (ADSL) have used IPSEC Passthrough successfully.

This list doesn't need to be hundreds or even tens. I just need one or two ADSL routers that will be able to support what i need to do.

I will be buying a couple of routers for Senior members of staff, and sharing compatible routers with staff so they can get their own if they need to and expense back.

I can only speak for myself, but in that case - do your job yourself.

Ok - I think i have maybe annoyed you? If so sorry.

I am not looking for someone to do my job for me - however short of buying a whole host of routers and manually testing I thought i would ask here for some help...

I know i can read the "manuals" - and for some I have done - even some routers that say they support it dont.

Manuals are the last place to look, most router manuals conform to version 1 of the firmware and many features are added over time.

Also a good many devices list IPv6 compatibility but still almost impossible to get them to work

Good luck on the list