Software and hardware VPN's
-
Hey all, Does anyone run both Hardware and software VPN's together on a network? The reason I ask is that we are running a VPN network which lately has been having some rather nasty stability issues. I was thinking of running Himachi or similar in the background so that when the Hardware fails, (a) we can still connect to fix the hardware ones from both ends, and (b) have the possibility of the network using the software if the hardware is not available. Would this cause any issues? and can anyone recommend a good VPN software app?
"There are three sides to every story. Yours, mine and the truth" ~ unknown "All things good to know are difficult to learn" ~ Greek Proverb "The only place success comes before work is in the dictionary" ~ Vidal Sassoon
-
Hey all, Does anyone run both Hardware and software VPN's together on a network? The reason I ask is that we are running a VPN network which lately has been having some rather nasty stability issues. I was thinking of running Himachi or similar in the background so that when the Hardware fails, (a) we can still connect to fix the hardware ones from both ends, and (b) have the possibility of the network using the software if the hardware is not available. Would this cause any issues? and can anyone recommend a good VPN software app?
"There are three sides to every story. Yours, mine and the truth" ~ unknown "All things good to know are difficult to learn" ~ Greek Proverb "The only place success comes before work is in the dictionary" ~ Vidal Sassoon
Thunderbox666 wrote:
The reason I ask is that we are running a VPN network which lately has been having some rather nasty stability issues. I was thinking of running Himachi or similar in the background so that when the Hardware fails, (a) we can still connect to fix the hardware ones from both ends, and (b) have the possibility of the network using the software if the hardware is not available.
What are you using for the hardware VPN? If it is built into the router that is providing your ADSL (or whatever your connection is) then access from the outside world would be impossible therefore shooting your software VPN in the foot.
Thunderbox666 wrote:
Would this cause any issues? and can anyone recommend a good VPN software app?
Only using hardware VPN myself. Most customers have Billion modems with a couple now running Cisco 857W's supplied by Telstra.
Michael Martin Australia "I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible." - Mr.Prakash One Fine Saturday. 24/04/2004
-
Thunderbox666 wrote:
The reason I ask is that we are running a VPN network which lately has been having some rather nasty stability issues. I was thinking of running Himachi or similar in the background so that when the Hardware fails, (a) we can still connect to fix the hardware ones from both ends, and (b) have the possibility of the network using the software if the hardware is not available.
What are you using for the hardware VPN? If it is built into the router that is providing your ADSL (or whatever your connection is) then access from the outside world would be impossible therefore shooting your software VPN in the foot.
Thunderbox666 wrote:
Would this cause any issues? and can anyone recommend a good VPN software app?
Only using hardware VPN myself. Most customers have Billion modems with a couple now running Cisco 857W's supplied by Telstra.
Michael Martin Australia "I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible." - Mr.Prakash One Fine Saturday. 24/04/2004
Michael Martin wrote:
If it is built into the router that is providing your ADSL
No the VPN and the ADSL are seperate. Currently we have Linksys ADSL and VPN routers but as for the model, i wouldnt know off the top of my head.
"There are three sides to every story. Yours, mine and the truth" ~ unknown "All things good to know are difficult to learn" ~ Greek Proverb "The only place success comes before work is in the dictionary" ~ Vidal Sassoon
-
Michael Martin wrote:
If it is built into the router that is providing your ADSL
No the VPN and the ADSL are seperate. Currently we have Linksys ADSL and VPN routers but as for the model, i wouldnt know off the top of my head.
"There are three sides to every story. Yours, mine and the truth" ~ unknown "All things good to know are difficult to learn" ~ Greek Proverb "The only place success comes before work is in the dictionary" ~ Vidal Sassoon
Thunderbox666 wrote:
No the VPN and the ADSL are seperate. Currently we have Linksys ADSL and VPN routers but as for the model, i wouldnt know off the top of my head.
How about getting a little old small form factor PC (lower energy consumption) sticking a Linux distribution on it and locking it down. Then setting up port forwarding of port 22 on the Linksys to the Linux box. Then access it remotely using PuTTY from an external Windows box and have some SSH tunnels setup in PuTTY to allow access to the Linksys or any other machine inside the network using RDP, VNC or whatever?
Michael Martin Australia "I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible." - Mr.Prakash One Fine Saturday. 24/04/2004
-
Thunderbox666 wrote:
No the VPN and the ADSL are seperate. Currently we have Linksys ADSL and VPN routers but as for the model, i wouldnt know off the top of my head.
How about getting a little old small form factor PC (lower energy consumption) sticking a Linux distribution on it and locking it down. Then setting up port forwarding of port 22 on the Linksys to the Linux box. Then access it remotely using PuTTY from an external Windows box and have some SSH tunnels setup in PuTTY to allow access to the Linksys or any other machine inside the network using RDP, VNC or whatever?
Michael Martin Australia "I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible." - Mr.Prakash One Fine Saturday. 24/04/2004
Building on that idea further, he can use OpenVPN or one of the virtual appliances that provide those features out of the box, with only a little configuration. I would further recommend, if he's an experienced UNIX user, that he ditch Linux and use OpenBSD. It's built with security as a top priority, with most features secure out of the box, and has features like BCrypt password hashing that make it quite resilient. I often use it for firewalls, vpn, etc. If you don't want the complexity of something like SELinux, but want something that will last on the front lines, an OpenBSD VPN solution is an attractive option. (main downside: hardware support, but all UNIX's have that problem)