Choosing the right vpn device, What you’re looking for, Recommended devices – equinux VPN Tracker 8.1.1 User Manual
Page 81
Choosing the Right VPN Device
What You’re Looking For
Whether you’re shopping for a new device or are trying to find out if your ex-
isting router can act as a VPN gateway, these are the magic words you’ll want
to look for – if they’re mentioned in the manual or data sheet, the device is
probably suitable:
‣ IPsec VPN Access
‣ IPsec Tunnels
‣
‣
‣
‣
Misleading Feature Names
If a device lists only one or more of the following features, it probably cannot
act as a VPN gateway:
‣ IPsec Passthrough
‣ VPN Passthrough
‣ IPsec NAT-Traversal
These features indicate that the device is capable of letting IPsec VPN connec-
tions pass through. They do not indicate whether the device is capable of of-
fering VPN services itself.
Other Types of VPNs
‣ L2TP or L2TP/IPsec
‣ PPTP
If your device offers only these types of VPNs, it may be possible to use the
limited VPN client built-in to OS X. VPN Tracker lets you control these connec-
tions from inside VPN Tracker. Other VPN types, such as OpenVPN and proprie-
tary SSL VPNs are not supported.
Apple Airport Base Stations
AirPort base stations are only capable of passing through VPN connections,
but do not provide VPN services (i.e. act as a VPN gateway) themselves. If
you are using an AirPort base station, you will need to buy a dedicated VPN
gateway to replace or work alongside your Airport base station.
Recommended Devices
Now for the big question: Which device do we recommend?
Unfortunately there is no generic answer to this question. There are a lot of
factors you’ll need to consider, such as the number of VPN users you need to
support, the type of Internet connection you have, etc.
Generally speaking, the most important features are
‣ Robust support for client-to-gateway connections (some older or low-end
VPN gateways are designed to provide only a single gateway-to-gateway
VPN that requires static IP addresses on both ends of the connection).
‣ Support for all forms of NAT-Traversal.
‣ Reasonable level of security (at least 3DES encryption, better AES, SHA-1
hash algorithms, better SHA-2, DH groups 2 and 5, better higher).
‣ If you expect more than one VPN user: Support for Extended Authentica-
tion (XAUTH) and a form of client provisioning (Mode Config, Cisco
EasyVPN, SonicWALL DHCP over VPN, WatchGuard MobileUser VPN).
The technical support team at equinux has extensive experience with a large
number of VPN gateways, so please feel free to email us with a brief outline of
your requirements, and a list of devices you're considering, and we'll be happy
to give you our take on them!
81