Hello all! I need a VPN-capable router, preferably with a web interface, that should be able to authenticate against my LDAP server which is behind the router.
The problem stems from the fact that I'm utterly unable to configure that setup for the Linksys RVS4000 that I own. Anything exists that is both cheap and easy to setup?
Flashing the firmware is an option, as long as it is a well-documented option. Would it be viable/doable?
[Edit] Okay, I've been looking at custom firmwares, any way to know which ones will work with my router before nuking its present one to oblivion? Anyone has experimented with that? My needs are quite simple, I want a DHCP router, an LDAP authenticated VPN, and basic firewall capabilities. I'm using DynDNS from the RVS4000 for now, but I guess I could setup something on the servers instead, that's only a minor problem...
-
Have a look at pfsense. I've set it up to authenticate against an Active Directory using Radius for pptp VPN connectivity. But if you're looking for IPSEC you're dealing with certificates and pre-shared secrets with IPSEC not username/password authentication. But pfsense can do that too. It also supports OpenVPN. So you have a couple of VPN options with it.
You'll just need to size the hardware appropriately for your needs. The Linksys model you reference looks pretty small so I'm sure that one of these will work well for you.
MrZ : Any way to know if a firmware like Tomato or DD-WRT would work on my RVS4000?3dinfluence : You'll have to check the Tomato and DD-WRT project websites. Both have a good list of compatible hardware. I do have some DD-WRT experience and would not use it as a VPN for a small business. It would suffice in a small business application where all you're looking for is a simple NAT gateway to the Internet. But it's VPN build doesn't support ldap/radius authentication and seems to be geared mostly for a single user connecting remotely.nedm : @3dinfluence -- wondering if you've use the radius authentication in pfSense for outbound ACLs with AD users as well? Looking at setting up some web access policies based on AD groups and would love to hear any feedback on others' experience with this.3dinfluence : @nedm I've only used it for authentication of PPTP VPN connections on pfSense. I've not used the pfSense captive portal functionality but looking through the options it does support radius authentication.nedm : @3dinfluence, thanks for the reply. Captive portal is exactly what we're looking at implementing. I've looked at Untangle and the AVP add-on for smoothwall as well, but I've had such good experience with pfSense I'd love to be able to use it for this as well. Will give it a rip and see how it goes.From 3dinfluence -
IMHO 20 users is pushing the limits of the consumer grade router/firewall .. you will see performance problems, and you may well be on the wrong side of the licensing restrictions.
I suggest you get a good firewall. I regularly recommend Astaro appliances for this kind of application (most recently here); I have deployed a number of them with great success. I second 3dinfluence's recommendation of pfsense as one of several good cost-effective options.
From tomjedrz
0 comments:
Post a Comment