Here is a side note about the Netgear Wireless N SSL VPN Firewall router, (eg srxn3205). It's a fine router/gateway and works great with my all Linux network, but there is one problem; its VPN. The Netgear Prosafe VPN client is a windows only piece of software. It has not been ported to Linux, Unix, or Mac, nor does there appear to be any plans to do so.
This mean I can only join a local network as a windows node, if connecting to any of Netgear's Prosafe routers, including my srxn3205. This doesn't make sense in an otherwise all Linux network. I have windows XP Pro running as a guest OS in Vbox hosted in Fedora. I can connect to the srxn3205 Prosafe router just fine, but only from the window XP virtual machine, and I suspose I could VNC a Linux desktop from there, but that about it. So far as I know, all the Netgear Prosafe router would only support Window connection to the local network via Netgear's Prosafe VPN client, which is great if you are running an all Microsoft network. Next time I buy a router, I'm going with Cisco. The Cisco VPN client software runs on windows, but it has also been ported to Linux, Unix, and Mac OS(s), its better supported by Cisco, its better supported within the open source community, and its free, even from Cisco. Regards, LelandJ On 12/02/2010 04:53 PM, Leland Jackson wrote: > On 12/02/2010 04:35 PM, Leland Jackson wrote: >> On 12/02/2010 03:09 PM, Paul McNett wrote: >>> On 12/2/10 12:16 PM, Leland Jackson wrote: >>>>> No, the perimeter firewall should still control traffic in and out, >>>>> whether or not it >>>>>> is over the vpn. >>>> This is true, but only from the standpoint of computers in the local >>>> network, of which the vpn connected computer is a part. I'm looking at >>>> it from that point of view. >>> I seem to have a unique point of view, judging from the responses from you >>> and Paul >>> Hill at least. In my opinion, you can't really run a secure firewall if you >>> can't >>> control what is coming in and out of the true local area network. So if >>> your firewall >>> can't inspect the VPN traffic, you've effectively drilled a security hole >>> right >>> through your firewall. >> The security is there; it is just is a little different from firewall >> like security. When setting up the vpn connection on the router side, >> the vpn connection is given a name, which is mostly for people; since, >> the connection name is not used in making the actual connection. Then I >> can specify using Netgear's Prosafe VPN wizard: >> >> This VPN tunnel will connect to the following peers: either "gateway" >> or "VPN Client" I select VPN Client. >> >> What is the Remote Identifier Information: "srxn_remote.com" >> >> What is the Local Identifier Information: "srxn_local.com" >> >> What is the pre-shared key: _________________________________ (Key >> Length 8 - 49 Char) >> >> Upon clicking "Apply" the IKE and VPN policies are created. >> >> The Netgear Prosafe VPN client software must be used to make the vpn >> connection, (eg an encryption thing I suspect). In order for the remote >> client to connect to the router, the Netgear Prosafe VPN client entries >> must mirror the entries applied in the router, including remote and >> local identifiers and pre-shared key. I suspect that the pre-shared key >> in addition to being used as a kind of password, is also used as the >> seed for encryption as well, but I could be wrong. >> >> Also the Netgear Prosafe VPN client must have the WAN address of the >> router, so the client software can find the vpn router. If the VPN >> connection is between two gateways, then both gateway's WAN address come >> into play. VPN connections can be viewed in a browser under the Netgear >> Prosafe VPN software "VPN Connection Status" section. All VPN >> connections appear by IP address. >> >> This reminds me a little of the security of a wireless connection. LOL >> >> Regards, >> >> LelandJ >> >> >> > Also, if the network was not trusted you would probably want to run a > firewall on each of the local computers to isolate any security risks. > > http://www.netgear.com/products/business/software/VPN-client-software/VPNG05L.aspx > > http://www.newegg.com/Product/Product.aspx?Item=N82E16833122236 > > Regards, > > LelandJ > > > > > >> >> >> >> >>> I don't think I'd ever set up such a thing, but I acknowledge that there >>> are probably >>> lots of such setups in the wild. >>> >>> The VPN/Firewall combo I've been using for years is OpenVPN and Shorewall, >>> where both >>> are running on the same Linux box acting as perimeter firewall. Shorewall >>> is really >>> just a front end to iptables. Anyway, with this combo I can define firewall >>> rules >>> that can apply equally well to vpn traffic. >>> >>> Paul >>> >>> [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
