Has anyone managed to get this to work (with either new or old firmware)? I am thinking of buying a SAR715, but one of the main reasons would be so that I could access theserver at work via VPN. I am reasonably computer literate, but have no experience of routers or ADSL. Would I have a hope in hell of getting the thing to work?

Any guidance or news of others' experiences with VPN would be appreciated...

Mines working a treat, I use a secure remote client on my machine. So far i have got on to my companies intranet. I have also got on to our exchange server to access my mail (though i had to forward port 135).

Thanks for the response. Are you using IPSec?

Originally posted by Verbal
Thanks for the response. Are you using IPSec?

Showing my ignorance, whats IPSec ?

My guess would be that Pabs is using PPTP, not IPSec. If IPSec was being used, I'd guess the setup would be considerably more complicated -- you'd know if you were using it...

This is one thing on my ToDo list... I have an IPSec VPN into my office LAN, and I plan to get that configured soon.

Either way, if you want to VPN into another location (we'll assume to your office), the majority of the work is setting up the remote (i.e. office) end of the link with appropriate filters, etc.

On your workstation, because the default 715 config is to allow all outgoing traffic, it is unlikely you'll have hit any snags...

Jon

I've given this a quick go - into a Microsoft ISA Server using IPSec but unfortunately I haven't set up the Certificate Server so I'll have to wait 'til I'm back in the office :(

Basically I get a cojnnection but then get an error message saying that no valid certificate was found on the server..

I updated my SAR715 yesterday to version 8.2. Since then I have been able to use Micro$oft's VPN client (PPTP) on the work '98 machine I have to access the work network (far end is a NT 4.0 box).

I hope to get 2000 working soon so I can see if later versions work OK.

I think there's some confusion here about what the 715 can/can't do with regard to VPNs...

Some background...

What I have at work currently is a leased-line router - not radically different from the 715, except it doesn't have a DSL port; it has a (erm) Frame Relay port.

This router (a RoBoX/Gnatbox) has built-in IPSec VPN Server. So, when I establish a VPN connection from home to work, the connection is being established between my workstation, out through the 715 and into the router in the office. Once connected and authenticated, traffic can pass from my workstation securely straight onto the router/LAN at work -- it has nothing to do with whether I'm running Windows, Mac, Linux, Sun, etc. boxes in the office. It looks something like this:

[Jon's Machine] <-> [SAR715] <-> [RoBoX]

What I think most people here are talking about is the rules, etc. necessary to establish a connection from their workstation at home, through the 715, through some other router at work and into a separate VPN Server -- probably a Windows NT4/2000 machine running PPTP or IAS(?). Something like:

[Your machine] <-> [SAR715] <-> [Office Router] <-> [VPN Server]

Assuming both routers are firewalled and therefore "locked up tighter than a gnats chuff", the issues are opening the ports to allow this connection to be established through both routers to the desired VPN server... so, the issues are what ports need to be allowed out of your LAN, into your office LAN and what port forwarding probably has to happen at the office so that your NT/2000 server is visible to the outside world.

I'd expect, for example, that you'd have to open the PPTP port to only the static IP address your DSL connection has.

...

Going on from that, I think I'm right in thinking that the 715 is not similar to what I have at work..?

It isn't a VPN Server, right?

If I wanted to be able to VPN into my home machine from work, I think the issues/questions are to do with what ports, filters, etc. need to be defined on the 715 to allow an incoming connection through the 715 to some VPN Server 'behind' it, similar to (in fact, the reverse of) what I described above.

Sorry; just wanted to clear that up..?

;)

Jon

Thanks Jon, that's very useful. I was just about reaching that conclusion myself: it looks like the (otherwise similarly-specced, but yet to be released) Draytek Vigor 2600 does have native VPN support like your work server - but it is a fair bit more expensive at £179 excl. VAT.

As I understand it, what the 8.2 firmware adds to the 715 is the ability to pass the IPSec protocol through the router (including when NAT is being used). I think that IPSec is what my VPN server at work uses, and since it seems from other threads that hardly anyone can get 8.2 to work properly, I am reluctant to sign up to buy the 715 at the moment.

If anyone thinks I am wrong on any of the above, feel free to correct me...

Jon,

You have it right (at least as far I I understand it). The 715 is a router with simple firewalling rules based on ports and protocols. The ASUS had problems with SOME VPN implementations as the router only "understood" how to NAT UDP, TCP and ICMP protocols. As some VPNs use protocols like GRE (I'm thinking MS PPTP) they wouldn't work through the router in NAT mode.

I don't use VPN networking into my 715 so I can't say whether it works but I'll stick my neck out and say it will probably work with some simple forwarding rules to send any incoming VPN traffic to the appropriate server on the inside LAN.

Chris.

Originally posted by Verbal
...since it seems from other threads that hardly anyone can get 8.2 to work properly, I am reluctant to sign up to buy the 715 at the moment.

If anyone thinks I am wrong on any of the above, feel free to correct me...

I'm not sure I'd totally agree with that...

The 7.x firmware, coupled with the Windows configuration and Web interface, can work but I just thought it was clunky and unintuative (and frankly, ugly). That's just my opinion as a Windows and Web developer.

Therefore, I was eager to get my hands on the 8.2 firmware (and the updated applet & Web interface) because it sounded like it was the key to a much better product.

8.2 certainly has some issue, and you're right that some people are having little joy getting it to install, let-alone connect. I don't know that "...hardly anyone" has it working -- perhaps Steve could comment on that.

However, when these issues are sorted -- remember, it is Beta code -- I think the router will shine. You might say that the 715 was perhaps released too early; that it wasn't mature enough. I like to get my hands dirty with this kind of stuff, so I'm not too bothered about ironing out some wrinkles. If you're not keen on that kind of involvement with a product, then perhaps you should look elsewhere. At the end of the day, by the time the Vigor 2600 materialises, the 715 may have got it's final firmware release with zero problems.

I'm not aware that any release date is set for the Vigor yet... I had narrowed down my choice of products to the 714 and 2600 when I was ready to buy, so I joined their announcement mailing list, and haven't heard a peep from SEG to date...

Jon

I connected to PIPEX yesterday with my new SAR715 on the 3rd attempt (managed to lock myself out and had to restore defaults with the serial line half-way!)

Anyway my employer uses Nortel Extranet Access client, according to the release notes it "uses the IPsec protocol with the ISAKMP/Oakley Key Exchange protocol to authenticate and
secure an end-to-end connection into a remote network." Somewhere in the settings it claims to be using ESP - which I hope means there's no header authentication going on.

According to http://www.practicallynetworked.com/support/VPN_help.htm I need to forward ports 500 (for the IKE) and 1723 to my IPsec LAN client. Is that TCP or UDP? I am assuming TCP.

Jump to Section 6 "Port Forwarding" of SAR715 Setup.pdf where it describes how to setup port forwarding with the DSL configuration GUI. Unfortunately it does not say how you configure from CLI. I have found the GUI hard to use (it almost broke my connection as I setup the port forwarding rules).

In the meantime Nortel Extranet client is still reporting the same error message: "Banner sock: The attempt to connect timed out without establishing a connection" as before I put in the port forwarding.
If anyone has had any luck with SAR715 port forwarding could they please point me in the right direction?
Many thanks in advance!

If I understand your question correctly, I think you're going about this the wrong way; in the wrong direction...

You have a VPN Client on your machine at home, and you want to VPN into your office LAN, right?

Surely, that means you're establishing an outbound connection from your machine, through the 715 and into your office LAN (presumably through a firewall)?

Port Forwarding is a machanism to map address (and ports... soon) from the outside world into your LAN at home.

On the 715, are you using the firewall; is it turned on in the Advanced menu? If it isn't, then I don't see you should have any issues. I certainly have an outgoing VPN into my office via the 715 and had to do nothing on the DSL router to achieve this. However, at the point I turn on the firewall to secure outbound connections, I'm anticipating having to carefully configure it with all this IPSec ports/protocols.

Jon

Originally posted by Jumpin_Jon
If I understand your question correctly, I think you're going about this the wrong way; in the wrong direction...

You have a VPN Client on your machine at home, and you want to VPN into your office LAN, right?

Right


Surely, that means you're establishing an outbound connection from your machine, through the 715 and into your office LAN (presumably through a firewall)?


Yes



Port Forwarding is a machanism to map address (and ports... soon) from the outside world into your LAN at home.

On the 715, are you using the firewall; is it turned on in the Advanced menu? If it isn't, then I don't see you should have any issues. I certainly have an outgoing VPN into my office via the 715 and had to do nothing on the DSL router to achieve this. However, at the point I turn on the firewall to secure outbound connections, I'm anticipating having to carefully configure it with all this IPSec ports/protocols.

Jon

Have not turned on the firewall - in fact I was trying to find out where I would need to!

I still believe my problem is wrapped up in NAT. At least when I look at the extranet client stats it sends packets OK but does not get anything back from the office.

I have successfully got an outbound VPN (using PPTP) to work. There was no configuration required on the SAR715, it just worked. The big problem people seem to have is getting the uPnP to work, but I'm not sure this has an effect on VPN's.

I will be trying IPSec at some point in the near future, so when (I'm optimistic) I get it working, i will dump my config on the forum.

I set up my 715 last night with Virata 8.2. I then connected to my office VPN using the Nortel Extranet Client with IPSec. It just worked 1st time - no setup on the 715 needed other than to get your connection to your ISP working. This was my primary reason for upgrading to the 715 and I am so far happy that the upgrade was worthwhile (although I do want to see the final release version of 8.2 and see if these firmware upgrades are any better than the ones for the 6000EV)

Thanks for your help Iain - your post lead me to a greater understanding of the firmware differences.

After a few attempts with DSL config tool, CLI xmodem, console and flashfs commands I finally got 8.2 into action last night. The Nortel Extranet Access Client miraculously connected straight into the office and even survived a few of the intermittent ADSL connection drops while replicating my mail!

The Virata 8.2 SAR715 does exactly what I was looking for when I bought it. Now keeping my fingers crossed for the dropped connection fix!

Glad to have helped :-)

I have successfully connected through a 715 0.96b to a SVPN server using Info Express VS Client on Windows 2000 professional both before and after Windows 2000 Service Pack 3

This client is also known as VS Client International. My version is 4.33. The executable name is vsc32w.exe

I have static IPs *not nat* , dhcp, firewall config with
raw ip filters out only on transports 47 and 51 and both in and out on transport 50. I got those from the articles on the forum

http://www.solwiseforum.co.uk/showthread.php?threadid=644&highlight=vpn

http://www.solwiseforum.co.uk/showthread.php?threadid=1444&perpage=15&highlight=vpn&pagenumber=1

If anyone wants help with this particular client, message me. You need to choose the option to connect via DSL/cable, even if you have a firewall on your router. Don't choose connect via proxy.