D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: RM on August 31, 2009, 12:17:20 PM

Title: VPN Client
Post by: RM on August 31, 2009, 12:17:20 PM

I'm confused about the DFL-210 and the VPN clients; some people here mentioned that they are using the regular Windows XP vpn client with the firewall, and, in some other cases it's indicated that will be necessary to buy a DS-601/5 license... so, my question is: Do I need the DS-601/5 or can I use the regular Windows XP vpn client to establish a connection trought the firewall????

Title: Re: VPN Client
Post by: Fatman on August 31, 2009, 12:54:37 PM

There are a couple of sub issues to this question, I am going to assume that you are using Windows due to your mention of DS-601/5, and furthermore I am going to assume you are looking for a client->server VPN for the same reason.

What type of VPN are you going to be using?

PPTP
Windows (since at least 2000 possibly earlier) has a built in client, and it is easy to use.  I would just use it.  This is the easiest to set up (on both client and server sides) and the least secure method (though more than a lot of people need when used with one of it's stronger encryption methods).

L2TP Over IPsec
Windows (since at least XP possibly earlier) has a built in client, and it is easy to use.  I would just use it.  Since your L2TP tunnel is encapsulated in IPsec it is at least as secure as the IPsec option (if configured with the same security parameters), though it has a little more overhead.  This is also the most difficult option to set up the server for (but I like to think that you set up the server once and an untold number of clients, where would you like the complexity?).

IPsec
Windows (since at least XP possibly earlier) has a built in capability, but not client.  I can think of a number of easier orthodontic procedures to sit through.  Many 3rd party clients are available (such as the D-Link DS-601/s), many of them are easy to use.  You can use any of them that follow the applicable standards.  Most 3rd party clients are fairly easy to use (even if not as painless as the above options, though some are a breeze), use whichever one suits you best, tough I would try it with a DFL before buying umpteen million licences.  This is the most difficult option to set up the client for in my experience.

Title: Re: VPN Client
Post by: RM on August 31, 2009, 01:12:41 PM

You're assumptions were good....

In my case, it's just for administrative purposes... a mean, I'm looking the best option to connect to the network remotely and check the platform; no many people will get access to the network trought VPN, however, I need to make a secure connection.

A second option would be install a second firewall and make a vpn-to-vpn tunnel, but, that should be the latest option.

Title: Re: VPN Client
Post by: Fatman on August 31, 2009, 01:28:41 PM

I am a big fan of L2TP over IPsec, in case that wasn't apparent from my descriptions.  There is a FAQ on support.dlink.com that I think covers the server (and client I believe) setup quite well.