VPN over ADSL?
Discussion
Okay this is the scenerio......
Getting ADSL installed at home while i'm back from uni over xmas. Dad needs it for work and i'm assuming to get into his servers at work he'll need some sort of VPN software.
Dad has a laptop from work
Mum has a laptop from the school she works at.
Mum wants to buy another PC for home.
My Brother has a PC at uni.
I've good a PC at uni with a wireless card which i use to access our home network here.
If the ADSL line has to be configured for the VPN will all the other PC's be able to access the net? or is just the laptop that is configured? (Thinking about it i'm sure it is - doh)
What i'm planning to do is buy a Wireless Router.
The two PC's upstairs will have wireless cards (Mine and my brothers)
The two laptops will have PCMIA cards.
The new PC will use the ethernet port and just be cabled with CAT5 cable as it will next to the router.
Also would supplier would you use? At uni I use NTL which i'm quite happy with but my Dads not so keen.
I want to use a supplier that offers a modem with a ethernet port as it is easier to connect upto the wireless router
Cheers,
Phill
Edited cos i'm a muppet sometimes
>>> Edited by pmanson on Thursday 11th December 16:10
Getting ADSL installed at home while i'm back from uni over xmas. Dad needs it for work and i'm assuming to get into his servers at work he'll need some sort of VPN software.
Dad has a laptop from work
Mum has a laptop from the school she works at.
Mum wants to buy another PC for home.
My Brother has a PC at uni.
I've good a PC at uni with a wireless card which i use to access our home network here.
If the ADSL line has to be configured for the VPN will all the other PC's be able to access the net? or is just the laptop that is configured? (Thinking about it i'm sure it is - doh)
What i'm planning to do is buy a Wireless Router.
The two PC's upstairs will have wireless cards (Mine and my brothers)
The two laptops will have PCMIA cards.
The new PC will use the ethernet port and just be cabled with CAT5 cable as it will next to the router.
Also would supplier would you use? At uni I use NTL which i'm quite happy with but my Dads not so keen.
I want to use a supplier that offers a modem with a ethernet port as it is easier to connect upto the wireless router
Cheers,
Phill
Edited cos i'm a muppet sometimes
>>> Edited by pmanson on Thursday 11th December 16:10
Works fine.
Just ensure the internet connection is working on whatever PC you want to use.
Then, on Win2k/WinXP just use the internet connection wizard and choose the option to connect to a private network over the internet. Use the IP address of the VPN server in the office instead of a phone number.
Obviously the network at the office needs to be set up to allow you dial-in access.
If you're using a firewall (which I hope you are) you'll probably need to set it up to trust traffic coming from the office network. (In ZoneAlarm, this means add your office VPN server's IP address and internal network addresses to the trusted zone).
Just ensure the internet connection is working on whatever PC you want to use.
Then, on Win2k/WinXP just use the internet connection wizard and choose the option to connect to a private network over the internet. Use the IP address of the VPN server in the office instead of a phone number.
Obviously the network at the office needs to be set up to allow you dial-in access.
If you're using a firewall (which I hope you are) you'll probably need to set it up to trust traffic coming from the office network. (In ZoneAlarm, this means add your office VPN server's IP address and internal network addresses to the trusted zone).
pmanson said:
Also would supplier would you use? At uni I use NTL which i'm quite happy with but my Dads not so keen.
I want to use a supplier that offers a modem with a ethernet port as it is easier to connect upto the wireless router
>>> Edited by pmanson on Thursday 11th December 16:10
Also be careful with the suppliers small print - NTL specificly doesn't allow VPN usage, and/or any business usage - I'm sure others do too...
Not to say you couldn't 'just' do it...

I use vpn over both cable and adsl lines with no probs.
provided the server end with static ip is set up correctly you can come in from a dynamic ip address ( usually best to atleast limit the allwed range on your login though)
at home i use the win xp client through a wireless lan through a cisco 837 router/firewall/modem to multiple vpn servers with no problems at all.
the only time i've had a problem is trying to use vpn over gprs on my treo phone. carnt do it due to the ip setup but it works fine through hispeed data..
G
provided the server end with static ip is set up correctly you can come in from a dynamic ip address ( usually best to atleast limit the allwed range on your login though)
at home i use the win xp client through a wireless lan through a cisco 837 router/firewall/modem to multiple vpn servers with no problems at all.
the only time i've had a problem is trying to use vpn over gprs on my treo phone. carnt do it due to the ip setup but it works fine through hispeed data..
G
If the client at the ADSL/CM end is NAT'd then, yes, there may be problems. Depends how well the thing doing the NATing handles IPSEC/IKE.
Linux with the IPSEC masquerading doesn't break IPSEC/IKE VPNs *if* the remote peer's ID is something other than its IP address. I believe some of the broadband router products on the market can do this sort of IPSEC masquerading.
Other VPN products (i.e. Firewalls and their respective client VPN software) do NAT traversal by futher encapsulating the IPSEC/IKE traffic in UDP.
>> Edited by Marshy on Friday 12th December 01:00
Linux with the IPSEC masquerading doesn't break IPSEC/IKE VPNs *if* the remote peer's ID is something other than its IP address. I believe some of the broadband router products on the market can do this sort of IPSEC masquerading.
Other VPN products (i.e. Firewalls and their respective client VPN software) do NAT traversal by futher encapsulating the IPSEC/IKE traffic in UDP.
>> Edited by Marshy on Friday 12th December 01:00
I have a netgear DG824M (ADSL Modem/Router/Switch/Firewall/Wireless Access Point) it has four ethernet ports and can handle upto 253 users (32 wireless connections).
I have one PC connected via ethernet and two laptops and a PDA connected wirelessly. The DG824M also supports VPN pass through, which I use to connect to the office network from home.
Seems to fit nicely with what you need in a one box solution. The only drawback is 11mbps.
If you want 56bmps, netgear also do a DG834G which has the same features as the DG824M, but with 56mbps.
http://uk.insight.com/apps/productpresentation/index.php?alert=categoryresults&product_id=NGEDG834G
£136.29 inc VAT........
DG834G
Combines modem, router, switch, 802.11g access point, and SPI true firewall
Up to 5 times faster than 802.11b
True Firewall with Stateful Packet Inspection (SPI) & Intrusion Control, Denial of Service (DoS), Virtual Private Network (VPN) pass-through
Smart Wizard detects/connects to your ISP
Works with both 802.11g & 802.11b
Wireless or Wired Instant Broadband Access with Internet Sharing
This 802.11g wireless router adds considerable power and flexibility to your network. Five products in one, it combines an ADSL modem, router, 10/100 LAN switch, 802.11g access point, and SPI True Firewall. It gives you untethered continuous connectivity to your network resources and the Internet, and allows you to share your broadband access with all of your networked computers wireless or with wires using Ethernet cables. Featuring high-speed 802.11g wireless capability – up to five times faster than 802.11b – it allows you to download large files, videoconference, and distribute and play high-quality digital movies, photos, and MP3s in the blink of an eye. Simple to use, it plugs directly into your ADSL line. An integrated switch lets you directly connect four computers or any combination of four computers, access points or printers. Setup couldn’t be easier – NETGEAR’s Smart Wizard install assistant and on-screen help guide you through each step. The Smart Wizard automatically detects and makes the best connection to your ISP. True Firewall protects your network with business-class security against intruders, including logs and alerts of break-in attempts, while VPN pass-through makes it safe to connect to your business network from home or office. The contemporary, sleek design of this unit suits your home or office. Future upgrades to firmware can be obtained via the Internet.
Faster Than Ever
The DG834G gives you instant connectivity with or without wires, and works with your existing 802.11b devices as well as your new 54 Mbps 802.11g devices. A built-in ADSL modem furnishes direct, always-on Internet connectivity and multi-user access sharing at speeds up to 140 times faster than dial-up. This powerful router distributes MP3s, digital movies and photos with ultra-fast 10/100 switched LAN ports capable of speeds of 200 Mbps, and shares a single IP address with up to 253 users. And, it boasts double the memory and a 50% faster CPU than many popular routers.
Hassle Free
No need for a separate modem – this connects directly into your ADSL line. Built-in Port Forwarding settings, Universal Plug and Play (UPnP™) and Virtual Private Network (VPN) pass-through make it simple to play Internet games, send instant messages, and host Internet services. User interface matches your local language (English, French, German or Italian). It supports PCs, Macintosh®, and virtually all Ethernet devices, and comes with a free Ethernet cable for connecting your first computer.
Secure
True Firewall using Stateful Packet Inspection (SPI) and Intrusion Control features Denial of Service protection from hacker attacks, while VPN (Virtual Private Network) pass-through permits secure access to your office or corporate network and enables you to host VPN services. Content filtering lets you control access to inappropriate web sites and limit usage by time of day. Logs browsing activities and provides optional e-mail alerts so you can monitor access. DMZ support allows unrestricted access from the Internet to one computer (for hosting web services).
Specifications
Routing Protocols:
Static and Dynamic Routing with TCP/IP, VPN passthrough (IPSec, L2TP, PPTP), NAT, UDP, RIP, PPPoE, PPPoA, Classic IP, DNS, DHCP (client & server)
Application Support:
Works with most Internet applications including: Quake®, Half-Life®, StarCraft, Unreal Tournament®, ICQ®, AOL® Instant Messenger™, Microsoft Messenger®, NetMeeting®, RealPlayer®, Windows Media Player™, Net2Phone®, Dialpad®
Physical Interfaces:
LAN: Four (4) 10/100 Mbps auto-sensing, Auto Uplink™ RJ-45 ports (one Cat 5 UTP cable included), 802.11g access point
WAN: ADSL RJ-11, T1.413, G.DMT, G.Lite, ITU Annex A; Annex B version is DG834GB
Wireless speeds:
1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54 Mbps (auto-rate capable)
Modulation Type:
OFDM with BPSK, QPSK, 16QAM, 64QAM, DBPSK, DQPSK, CCK
Frequency:
2.412 ~ 2.462 GHz (US)
2.412 ~ 2.484 GHz (Japan)
2.412 ~ 2.472 GHz (Europe ETSI)
2.457 ~ 2.462 GHz (Spain)
2.457 ~ 2.472 GHz (France)
Security Features:
Firewall: Stateful Packet Inspection, Intrusion logging and Reporting, Denial of Service protection
VPN Functionality: NAT traversal (VPN pass-through) for IPSec, PPTP and L2TP VPNs
Mode of Operation: Network Address Translation (NAT), static routing IP Address Assignment: Static IP address assignment, internal DHCP server on LAN, DHCP client on WAN
Management Features:
Administration Interface: Web graphic user interface with protected user name and password, remotely accessible from designated IP addresses
User Support:
Up to 253 LAN users
RFC Support:
IPSec tunnel mode:
(RFC 2401) (pass through mode), IP v.4
DHCP server:
(RFC 2131)
DHCP client:
(RFC 2131)
NAT (many-to-one):
(RFC 1631)
IP Control Protocol:
(RFC 1332)
Bridged Ethernet Encapsulation:
(RFC 1483, 2684)
PPP over Ethernet (PPPoE):
(RFC 2516)
PPP over ATM (PPPoA):
(RFC 2364)
Classical IP over ATM:
(RFC 1577)
ADSL Specifications:
ADSL, Dual RJ-11, pins 2 and 3, ANSI T1.413, G.DMT, G.Lite (ITU Annex A; Annex B is DG834GB)
Antenna:
2 dBi
Standards Capability:
802.11g
Functions:
Remote Management, Port Range Forwarding, Exposed Host (DMZ), DNS Proxy, URL Content Filtering, E-mail Alerts
Maintenance:
Save/Restore Configuration, Diagnostics, Upgrades via Web Browser, Logging
Power Adapter:
15VAC 1.0A Plug is localized to country of sale for North America, Japan, UK, Europe, Australia
Physical Specifications:
Dimensions: 255 x 169 x 34 mm (10 x 6.7 x 1.3 in.)
Weight: 0.6 kg (1.3 lb)
Environmental Specifications:
Operating temperature: 0° to 40° C (32° to 104° F)
Operating humidity: 90% maximum relative humidity, noncondensing
Warranty:
NETGEAR 2-year warranty
SYSTEM REQUIREMENTS:
• ADSL Internet service
• Ethernet connection (adapter and cable) for each PC
• 2.4 GHz wireless adapter or Ethernet adapter and cable for each computer
• TCP/IP Networking software (Windows® 98,
Me, NT, 2000, XP, NetWare®, UNIX®, Linux® )
• Windows® 98, Me, NT, 2000, XP, Mac® OS,
NetWare, UNIX, or Linux
• Internet Explorer 5.0 or Netscape 4.7 or higher
PACKAGE CONTENTS:
• Wireless ADSL Firewall Router DG834G
• Power adapter
• Ethernet cable
• Phone cable
• ADSL phone line filter (most countries)
• Resource CD
• Installation guide
• Warranty/Support information card
NETGEAR RELATED PRODUCTS:
• FA120 USB 2.0 Adapter
• FA311 PCI Adapter
• FA511 Ethernet CardBus
• MA111 802.11b USB Adapter
• MA311 802.11b PCI Adapter
• MA521 802.11b PC Card
• MA701 802.11b Compact Flash Card
• ME101 802.11b Wireless Ethernet Bridge
• PS101 Mini Print Server
• WG311 54 Mbps Wireless PCI Adapter
• WG511 54 Mbps Wireless PC Card
• WGE101 54 Mbps Wireless Ethernet Bridge
• XE102 Powerline Bridge (U.S. only)
>> Edited by sybaseian on Friday 12th December 12:01
I have one PC connected via ethernet and two laptops and a PDA connected wirelessly. The DG824M also supports VPN pass through, which I use to connect to the office network from home.
Seems to fit nicely with what you need in a one box solution. The only drawback is 11mbps.
If you want 56bmps, netgear also do a DG834G which has the same features as the DG824M, but with 56mbps.
http://uk.insight.com/apps/productpresentation/index.php?alert=categoryresults&product_id=NGEDG834G
£136.29 inc VAT........
DG834G
Combines modem, router, switch, 802.11g access point, and SPI true firewall
Up to 5 times faster than 802.11b
True Firewall with Stateful Packet Inspection (SPI) & Intrusion Control, Denial of Service (DoS), Virtual Private Network (VPN) pass-through
Smart Wizard detects/connects to your ISP
Works with both 802.11g & 802.11b
Wireless or Wired Instant Broadband Access with Internet Sharing
This 802.11g wireless router adds considerable power and flexibility to your network. Five products in one, it combines an ADSL modem, router, 10/100 LAN switch, 802.11g access point, and SPI True Firewall. It gives you untethered continuous connectivity to your network resources and the Internet, and allows you to share your broadband access with all of your networked computers wireless or with wires using Ethernet cables. Featuring high-speed 802.11g wireless capability – up to five times faster than 802.11b – it allows you to download large files, videoconference, and distribute and play high-quality digital movies, photos, and MP3s in the blink of an eye. Simple to use, it plugs directly into your ADSL line. An integrated switch lets you directly connect four computers or any combination of four computers, access points or printers. Setup couldn’t be easier – NETGEAR’s Smart Wizard install assistant and on-screen help guide you through each step. The Smart Wizard automatically detects and makes the best connection to your ISP. True Firewall protects your network with business-class security against intruders, including logs and alerts of break-in attempts, while VPN pass-through makes it safe to connect to your business network from home or office. The contemporary, sleek design of this unit suits your home or office. Future upgrades to firmware can be obtained via the Internet.
Faster Than Ever
The DG834G gives you instant connectivity with or without wires, and works with your existing 802.11b devices as well as your new 54 Mbps 802.11g devices. A built-in ADSL modem furnishes direct, always-on Internet connectivity and multi-user access sharing at speeds up to 140 times faster than dial-up. This powerful router distributes MP3s, digital movies and photos with ultra-fast 10/100 switched LAN ports capable of speeds of 200 Mbps, and shares a single IP address with up to 253 users. And, it boasts double the memory and a 50% faster CPU than many popular routers.
Hassle Free
No need for a separate modem – this connects directly into your ADSL line. Built-in Port Forwarding settings, Universal Plug and Play (UPnP™) and Virtual Private Network (VPN) pass-through make it simple to play Internet games, send instant messages, and host Internet services. User interface matches your local language (English, French, German or Italian). It supports PCs, Macintosh®, and virtually all Ethernet devices, and comes with a free Ethernet cable for connecting your first computer.
Secure
True Firewall using Stateful Packet Inspection (SPI) and Intrusion Control features Denial of Service protection from hacker attacks, while VPN (Virtual Private Network) pass-through permits secure access to your office or corporate network and enables you to host VPN services. Content filtering lets you control access to inappropriate web sites and limit usage by time of day. Logs browsing activities and provides optional e-mail alerts so you can monitor access. DMZ support allows unrestricted access from the Internet to one computer (for hosting web services).
Specifications
Routing Protocols:
Static and Dynamic Routing with TCP/IP, VPN passthrough (IPSec, L2TP, PPTP), NAT, UDP, RIP, PPPoE, PPPoA, Classic IP, DNS, DHCP (client & server)
Application Support:
Works with most Internet applications including: Quake®, Half-Life®, StarCraft, Unreal Tournament®, ICQ®, AOL® Instant Messenger™, Microsoft Messenger®, NetMeeting®, RealPlayer®, Windows Media Player™, Net2Phone®, Dialpad®
Physical Interfaces:
LAN: Four (4) 10/100 Mbps auto-sensing, Auto Uplink™ RJ-45 ports (one Cat 5 UTP cable included), 802.11g access point
WAN: ADSL RJ-11, T1.413, G.DMT, G.Lite, ITU Annex A; Annex B version is DG834GB
Wireless speeds:
1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54 Mbps (auto-rate capable)
Modulation Type:
OFDM with BPSK, QPSK, 16QAM, 64QAM, DBPSK, DQPSK, CCK
Frequency:
2.412 ~ 2.462 GHz (US)
2.412 ~ 2.484 GHz (Japan)
2.412 ~ 2.472 GHz (Europe ETSI)
2.457 ~ 2.462 GHz (Spain)
2.457 ~ 2.472 GHz (France)
Security Features:
Firewall: Stateful Packet Inspection, Intrusion logging and Reporting, Denial of Service protection
VPN Functionality: NAT traversal (VPN pass-through) for IPSec, PPTP and L2TP VPNs
Mode of Operation: Network Address Translation (NAT), static routing IP Address Assignment: Static IP address assignment, internal DHCP server on LAN, DHCP client on WAN
Management Features:
Administration Interface: Web graphic user interface with protected user name and password, remotely accessible from designated IP addresses
User Support:
Up to 253 LAN users
RFC Support:
IPSec tunnel mode:
(RFC 2401) (pass through mode), IP v.4
DHCP server:
(RFC 2131)
DHCP client:
(RFC 2131)
NAT (many-to-one):
(RFC 1631)
IP Control Protocol:
(RFC 1332)
Bridged Ethernet Encapsulation:
(RFC 1483, 2684)
PPP over Ethernet (PPPoE):
(RFC 2516)
PPP over ATM (PPPoA):
(RFC 2364)
Classical IP over ATM:
(RFC 1577)
ADSL Specifications:
ADSL, Dual RJ-11, pins 2 and 3, ANSI T1.413, G.DMT, G.Lite (ITU Annex A; Annex B is DG834GB)
Antenna:
2 dBi
Standards Capability:
802.11g
Functions:
Remote Management, Port Range Forwarding, Exposed Host (DMZ), DNS Proxy, URL Content Filtering, E-mail Alerts
Maintenance:
Save/Restore Configuration, Diagnostics, Upgrades via Web Browser, Logging
Power Adapter:
15VAC 1.0A Plug is localized to country of sale for North America, Japan, UK, Europe, Australia
Physical Specifications:
Dimensions: 255 x 169 x 34 mm (10 x 6.7 x 1.3 in.)
Weight: 0.6 kg (1.3 lb)
Environmental Specifications:
Operating temperature: 0° to 40° C (32° to 104° F)
Operating humidity: 90% maximum relative humidity, noncondensing
Warranty:
NETGEAR 2-year warranty
SYSTEM REQUIREMENTS:
• ADSL Internet service
• Ethernet connection (adapter and cable) for each PC
• 2.4 GHz wireless adapter or Ethernet adapter and cable for each computer
• TCP/IP Networking software (Windows® 98,
Me, NT, 2000, XP, NetWare®, UNIX®, Linux® )
• Windows® 98, Me, NT, 2000, XP, Mac® OS,
NetWare, UNIX, or Linux
• Internet Explorer 5.0 or Netscape 4.7 or higher
PACKAGE CONTENTS:
• Wireless ADSL Firewall Router DG834G
• Power adapter
• Ethernet cable
• Phone cable
• ADSL phone line filter (most countries)
• Resource CD
• Installation guide
• Warranty/Support information card
NETGEAR RELATED PRODUCTS:
• FA120 USB 2.0 Adapter
• FA311 PCI Adapter
• FA511 Ethernet CardBus
• MA111 802.11b USB Adapter
• MA311 802.11b PCI Adapter
• MA521 802.11b PC Card
• MA701 802.11b Compact Flash Card
• ME101 802.11b Wireless Ethernet Bridge
• PS101 Mini Print Server
• WG311 54 Mbps Wireless PCI Adapter
• WG511 54 Mbps Wireless PC Card
• WGE101 54 Mbps Wireless Ethernet Bridge
• XE102 Powerline Bridge (U.S. only)
>> Edited by sybaseian on Friday 12th December 12:01
Draytek routers are the business, we are rolling them out to all of our laptop users (circa 600). The model we are using 2600g (officially out on monday) supports vpn passthrough as well as being able to terminate 16 vpns, it also has a print server in it and content filtering firewall.
Won't bother posting the full specs or this thread will be the longest ever
see www.draytek.co.uk
Won't bother posting the full specs or this thread will be the longest ever

Getting a VPN to work from behind a Netgear or such box on an ADSL / Cable broadband connection is usually a case of just a couple of settings - look for "IKE over TCP" or "Support NAT".
For the technically minded, IPSEC uses UDP port 500 for the initial negotiation - which is fine, its clear text anyway so no issues there. The next bit is the actual encryption of the data being sent over the VPN - this usually fails. NAT (i.e. you have an internal address for you house - something like 192.168.x.x) is the bit that screws it up. ESP (the encryption protocol part of IPSEC) protects the whole packet and the IP address is part of this - NAT then renders the packet invalid - by changing it and hence it wont work.
The thing you do is to encapsulate ESP in another packet. The most common way of doing this is using UDP on some bizzare port number 1267 for example. Its not that efficient and kinda like a hammer to break a nut - but it works and you can run any old VPN through any router - just make sure it supports NAT traversal or ESP over UDP etc...
For the technically minded, IPSEC uses UDP port 500 for the initial negotiation - which is fine, its clear text anyway so no issues there. The next bit is the actual encryption of the data being sent over the VPN - this usually fails. NAT (i.e. you have an internal address for you house - something like 192.168.x.x) is the bit that screws it up. ESP (the encryption protocol part of IPSEC) protects the whole packet and the IP address is part of this - NAT then renders the packet invalid - by changing it and hence it wont work.
The thing you do is to encapsulate ESP in another packet. The most common way of doing this is using UDP on some bizzare port number 1267 for example. Its not that efficient and kinda like a hammer to break a nut - but it works and you can run any old VPN through any router - just make sure it supports NAT traversal or ESP over UDP etc...
NATing the IPSEC packets doesn't render them invalid at all, but may lead to them getting lost when they come back to you from the VPN gateway at the office.
It can be done without having to encapsulate, in a couple of ways:-
Either: Case 1
There's only one VPN client on the privately numbered (RFC1918) network *and* the thing doing the NATing knows where to forward return IPSEC traffic to
Or: Case 2
Some form of smart IPSEC masquerading takes place. The Linix IPSEC masquerading code is smart enough to mangle IPSEC packets to preserve uniqueness and allow more than one VPN client on a privately numbered network, dishing out return IPSEC traffic to the right client. Been there, done that. In this case, though, the IKE Phase 1 ID needs to be something other than the IP address of the machine (can be an arbitrary string, works fine as long as the VPN gateway back at the office allows Phase 1 IDs to be other things).
Been there, done both with my own Linux gateway here. Linksys' IPSEC passthrough is the case 2 type as well.
It can be done without having to encapsulate, in a couple of ways:-
Either: Case 1
There's only one VPN client on the privately numbered (RFC1918) network *and* the thing doing the NATing knows where to forward return IPSEC traffic to
Or: Case 2
Some form of smart IPSEC masquerading takes place. The Linix IPSEC masquerading code is smart enough to mangle IPSEC packets to preserve uniqueness and allow more than one VPN client on a privately numbered network, dishing out return IPSEC traffic to the right client. Been there, done that. In this case, though, the IKE Phase 1 ID needs to be something other than the IP address of the machine (can be an arbitrary string, works fine as long as the VPN gateway back at the office allows Phase 1 IDs to be other things).
Been there, done both with my own Linux gateway here. Linksys' IPSEC passthrough is the case 2 type as well.
m12_nathan said:
Draytek routers are the business, we are rolling them out to all of our laptop users (circa 600). The model we are using 2600g (officially out on monday) supports vpn passthrough as well as being able to terminate 16 vpns, it also has a print server in it and content filtering firewall.
Won't bother posting the full specs or this thread will be the longest eversee www.draytek.co.uk
These look the dogs danglies don't they. I'm waiting for one of these and contacted DrayTek this morning to see when they are available. They told me that the first batch had already been allocated and shipped and they should get some more next week

Still worth waiting for though
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff