0

I need a VPN-capable router, preferably with a web interface, that should be able to authenticate against my LDAP server which is behind the router. I'm utterly unable to configure that setup for the Linksys RVS4000 that I own. Does anything exists that is both cheap and easy to setup?

Flashing the firmware is an option, as long as it is a well-documented option. Would it be viable/doable?

[Edit] Okay, I've been looking at custom firmware. Is there a way to know which ones will work with my router before nuking its present one to oblivion? My needs are quite simple, I want a DHCP router, an LDAP authenticated VPN, and basic firewall capabilities. I'm using DynDNS from the RVS4000 for now, but I guess I could setup something on the servers instead, that's only a minor problem...

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
  • Need more information. How many VPN connections and what speed link? Need any other features such as multi-wan support? – 3dinfluence Mar 11 '10 at 14:54
  • It's a gigabit network that some external users will connect to. Less than 20 connected users at all times, if you sum the VPN and the LAN. The idea is pretty much to get secure access to sensible files shared on the LAN by the servers. –  Mar 11 '10 at 15:02
  • By link speed I mean your WAN link not the local LAN. Or do you have a Gigabit WAN link? By 20 connected users are you talking about 20 VPN users? B/c that LinkSys box says it will only deal with 5 VPN connections. – 3dinfluence Mar 11 '10 at 15:06
  • Most of the users are within the LAN, only a couple will be outside. –  Mar 11 '10 at 15:10

2 Answers2

1

Have a look at pfSense. I've set it up to authenticate against an Active Directory server using RADIUS for PPTP VPN connectivity. But if you're looking for IPsec you're dealing with certificates and pre-shared secrets with IPsec, not username/password authentication. But pfSense can do that too. It also supports OpenVPN. So you have a couple of VPN options with it.

You'll just need to size the hardware appropriately for your needs. The Linksys model you reference looks pretty small, so I'm sure that one of these Netgate m1n1wall firewalls will work well for you.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
3dinfluence
  • 12,409
  • 2
  • 27
  • 41
  • Any way to know if a firmware like Tomato or DD-WRT would work on my RVS4000? –  Mar 11 '10 at 16:01
  • You'll have to check the Tomato and DD-WRT project websites. Both have a good list of compatible hardware. I do have some DD-WRT experience and would not use it as a VPN for a small business. It would suffice in a small business application where all you're looking for is a simple NAT gateway to the Internet. But it's VPN build doesn't support ldap/radius authentication and seems to be geared mostly for a single user connecting remotely. – 3dinfluence Mar 11 '10 at 16:10
  • wondering if you've use the radius authentication in pfSense for outbound ACLs with AD users as well? Looking at setting up some web access policies based on AD groups and would love to hear any feedback on others' experience with this. – nedm Apr 09 '10 at 18:16
  • @nedm I've only used it for authentication of PPTP VPN connections on pfSense. I've not used the pfSense captive portal functionality but looking through the options it does support radius authentication. – 3dinfluence Apr 09 '10 at 19:06
  • thanks for the reply. Captive portal is exactly what we're looking at implementing. I've looked at Untangle and the AVP add-on for smoothwall as well, but I've had such good experience with pfSense I'd love to be able to use it for this as well. Will give it a rip and see how it goes. – nedm Apr 09 '10 at 19:43
0

IMHO 20 users is pushing the limits of the consumer grade router/firewall... You will see performance problems, and you may well be on the wrong side of the licensing restrictions.

I suggest you get a good firewall. I regularly recommend Astaro appliances for this kind of application (most recently here); I have deployed a number of them with great success. I second 3dinfluence's recommendation of pfSense as one of several good cost-effective options.

Community
  • 1
tomjedrz
  • 5,964
  • 1
  • 15
  • 26