New router that supports secure VPN access

TinyTim · Post by **TinyTim** » Fri Jan 30, 2009 7:20 am

My current router is on the fritz, meaning I have to restart it a few times a day to keep it going (sort of like being on life support and needing to shock the thing back to life). No biggie, it's a few years old and served me well based on my needs then.

So now my needs have changed...I am looking for recommendations for a router that supports secure VPN connections / port forwarding / MAC filtering for wired ports and has a 10/100/1000 port speed (will be transferring big files internally) - may be able to do with a 10/100 and use a gig switch instead...

Built in wireless is not a requirement as I can pick-up a wireless access point to add later. I attempted to research the great google black hole of information and got really really confused.

Budget $200-300 - not sure if I am reaching for the stars here.

Post by **YeOldeStonecat** » Fri Jan 30, 2009 7:32 am

TinyTim wrote: that supports secure VPN connections

You're looking for a router that has a built in VPN server? Or supports VPN passthrough..such as from home you VPN to the office?

TinyTim · Post by **TinyTim** » Fri Jan 30, 2009 8:35 am

YeOldeStonecat wrote:You're looking for a router that has a built in VPN server? Or supports VPN passthrough..such as from home you VPN to the office?

VPN server - if exists...

I want to be able to remote into my pc from, say another state to view files and/or perform work via remote desktop session. I may be going down the wrong path and may need a server to do this...ha, not sure what I need

Post by **YeOldeStonecat** » Fri Jan 30, 2009 8:46 am

TinyTim wrote:VPN server - if exists...

I want to be able to remote into my pc from, say another state to view files and/or perform work via remote desktop session. I may be going down the wrong path and may need a server to do this...ha, not sure what I need

If you wish to remote desktop to your PC...you don't need a VPN host, you can just open/forward port 3389 to the internal IP of your PC. From a PC across the country..fire up remote desktop client and enter your WAN IP address (or dynamic dns name that you create if you have a dynamic account).

However...even though the above is easy to setup...there's an even easier way..
LogMeIn.Com free.

So you don't have to worry about VPNs, firewalls, ports, changing IP addresses, etc.

It is difficult to find a router that combines gigabit LAN, N Wireless, and built in VPN host. VPN hosts are mostly found on SOHO/Business grade routers...which are still primarily G wireless, and often just 10/100 on the LAN side.

N Wireless and gigabit LAN are more commonly found in home market routers, which usually lack VPN.

Suggestion would be to consider logmein for remote access, and a DLink DIR655.

TinyTim · Post by **TinyTim** » Fri Jan 30, 2009 9:04 am

how secure is the port forwarding thing though? I thought once you opened a port and directed traffic to the machine you are essentially opening the pc up to the Internet and anyone who decides to scan the port can access the machine...strong passwords and encrypted connection - what else can you do

Post by **YeOldeStonecat** » Fri Jan 30, 2009 9:12 am

RDP is secure. You're only opening up that one port. There are over 65,000 ports on a PC...putting a PC in the DMZ of a home router opens up all ports..that's bad. Or..plugging a PC directly into your cable modem..so the PC obtains the public IP address..that's daring (3rd party software firewall strongly recommended here).

But just port 3389...as long as you have a good secure password for your user account, and your Administrator account..you're good. You can also set your PC to cancel RDP login requests after X number of failed attempts. Set this to something like 3 or 5..and you're good. Someone doing a dictionary attack on your PC will not take like 500 years to crack it.

AFAIK there is only 1x solid documented vulnerability against RDP...a man in the middle attack..that was produced in a lab environment..and is rather impossible in the real world. I believe it is no longer valid with the newer version 6. RDP itself is encrypted.

You can also change the default port if it makes you feel more comfy...like 3391 or ..whatever. IMO..no reason to.

TinyTim · Post by **TinyTim** » Fri Jan 30, 2009 9:19 am

That makes sense...I will give it a shot, may have to shoot a PM your way later if a Q arises.

Post by **YeOldeStonecat** » Sat Jan 31, 2009 10:46 am

Never a problem...glad to help if you need.

bilbus · Post by **bilbus** » Fri Feb 06, 2009 1:18 am

if you have a insecure password on your desktop someone can guess your username / password.

I would go the vpn route (if you dont mind the expence and complacation), much more secure.

I use Pfsense as my router, has a buildin vpn server (its a free open source router)

rdp it self is very secure.