These all-in-one devices allow you to tunnel into your home network from anywhere on the internet via a secure connection. You will need only a IPsec VPN client software installed on your remote PC. This is the easiest way to gain complete, secure access to your LAN via the internet.
The most important features for a VPN-based broadband router are a true Stateful Packet Inspection (SPI) Firewall for security reasons and a built-in Dynamic DNS client so that you can automatically locate your LAN from anywhere on the internet.
Several different options are available, such as the Linksys BEFV41 or BEFSX41. The later is more secure because of the highly recommended Stateful Packet Inspection Firewall but neither Linksys product offers a built-in dynamic dns updater. The Netgear FVS318 ProSafe VPN Firewall offers Stateful Packet Inspection and dynamic dns updaters but has been reported to be very buggy (see this 10+ page thread at DSLreports.com.
If you are looking for a more advanced router with more configuration optons, see this link for a complete comparison. The Snapgear lite products offer about the most band for buck of any out there.
(Note: Stateful Packet Inspection firewalls are more advanced and secure than simple Network Address Translation firewalls. NAT firewalls only isloate the local network from the internet but do not inspect packets from the internet to insure they were actually requested and are not unsuspected attacks. SPI firewalls inspect each incoming packet to help prevent someone from gaining access to your LAN.)
If you will be using a software-based VNP server on your LAN, you will need to configure your Firewall / Router os that Ports 1723 & 47 are forwarded to the VPN Server. Port 1723 is the TCP port PPTP uses for setting up the connection. But PPTP uses IP protocol 47. THIS IS NOT TCP/UDP!! Therefore regular NAT port forwarding does not work on port 47. According to http://www.iana.org/assignments/port-numbers port 47 if for NI FTP (not sure what that is considering FTP is port 21).
Your router must have PPTP pass-through capability. For instance on the Lucent/Ascend Pipeline family they have a parameter called 'tunnel server' in their NAT settings that is specifically for IP protocol 47 passthrough. This needs to be configured in addition to forwarding TCP port 1723.
I got dlink router 713p and use only one NIC and forwarding on 1723. both tcp/ip & netbeui installed. works fine for me.
try this: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q244603
I am finding information that the ISP may have "control", as to whether the GRE protocol can pass on their networks. I have setup a vpn behind a linksys, with the PPTP enabled, port 1723 opened, hell EVERYTHING is open, and still not able to connect to the RRAS. I have talked to the ISP, (SoCal roadrunner) and they are less than forthcoming with info. Plus, as a residential subscriber, they DO NOT support servers on their network. Any further information on this?
