ZyAir 2000 G Does it support VPN ?

On 23 Apr 2007 11:41:06 -0700, " snipped-for-privacy@gmail.com" wrote in :

What does the manual say? ;)

It says nothing about vpn.

So I guess its not possible ?

VPn is just a ssh connection through the router or is it more complicated ?

" snipped-for-privacy@gmail.com" hath wroth:

Yeah, I noticed. Nothing in the data sheet, knowledge pile, or docs. Too bad there's no online emulator to see if there's a setting. Call or write sales or support?

No. That just means that they didn't list it as a feature.

It's way more complicated. SSL is just one type of VPN. There's also PPTP, L2TP, and IPSec with a mess of encryption and authentication protocols.

The basic problem with shoving a VPN through a router is that NAT rewrites the header. If the VPN encapsulates the header as well as the data, as in AH, then the VPN termination will not work and complain. Most VPN's don't do that, but there are few high security flavors that do, and they won't go through any form of NAT. The one's that don't, such as ESP, still encrypt the header, making it rather difficult for the router to re-write the IP address and header info. "VPN Passthru" detects this condition and provides special handling to deal with the encrypted headers.

For most applications, it's safe enough to leave VPN passthrough on and the user will never notice. So, routers are starting to make that the default and remove the option to turn it on or off. In other words, it may work but no guarantee.

A more serious problem is how many VPN tunnels can you open through a router? Most junk routers will do exactly one. Improved firmware might crank this up to perhaps 2 tunnels. Cheap routers made to terminate VPN's can probably do about 10. Real VPN routers can do hundreds. No clue where the Z-2000 fits. For example:

Comparing NETGEAR's VPN and VPN Passthrough Support

Light reading and homework:

Is That a VPN or Is It Just Passing Through?

Are IP NAT Traversal and VPN Passthrough the same thing?

Troubleshooting VPN passthrough for Home Routers

On 24 Apr 2007 00:15:25 -0700, " snipped-for-privacy@gmail.com" wrote in :

Actually it does. Page 59.

Read the manual and you won't have to guess.

Different. Wikipedia is a good place to learn about it.

On Tue, 24 Apr 2007 01:18:23 -0700, Jeff Liebermann wrote in :

Page 59 was missing from the copy you downloaded?

John Navas hath wroth:

Yep, I was lazy. The "user guide" is 12MBytes big and I decided that I didn't want to wait for the download. It was midnight, and the download was running at 10KBytes/sec. This morning, it's at

25KBytes/sec. Yawn.... I guess I'll wait the 10 minutes.

I read the "quick start guide" and data sheet, neither of which mentions VPN. Neither does a search of the knowledge base. However, I wanna read about their built in RADIUS server, so I might as well grab the PDF.

10 minutes remaining to download.... this page 59 had better be worth reading. Maybe a foldout? Pictures of the insides without covers? 6 minutes remaining and it's 40% done. The anticipation of success is making me thirsty. Time for a green tea fix. Maybe if I don't watch, it will go faster. Bubble, bubble, toil and trouble.... 2 minutes remaining and it's 60% done and back down to 10KBytes/sec. Is it true that one must suffer before enlightenment? Maybe if I add sugar, it won't taste like green tea. 30 seconds remaining and 98% done and it's down to 5KBytes/sec. No wireless involved so that's not it. I guess it's just a bad day for downloading.

Done in 17 minutes. On to page 59 out of 440 pages. Ugh, big. It's days like this that I really like searchable PDF documentation.

Looks like it has a PPTP client built into the firmware. There may be other types of clients as there is a pull down box on the menu for encapsulation type. No foldout. However, a PPTP client does not answer the original question. This is about VPN passthru.

The index, under "IPSec", points to page 39 which mumbles something about the router supporting certificates. So, I guess it can do authentication.

On page 40, it claims support of SSL Passthrough, but in reference to web pages, not a VPN. However, if it works for web pages, it should work for a VPN (famous last assumption).

Under firewall rules on Page 160, it mentions a rule set for IPSec either AH or ESP encapsulation. This implies that the router at least recognizes IPSec VPN's and can pass them through the firewall.

Nothing else I could find for VPN. From skimming the docs, in about the same time span that it took to download, I would conclude that support for VPN passthrough is indeterminate and must be tested first, especially the number of tunnels supported simultaneously. Since there is a prefab firewall rule for IPSec for encapsulation type, it's possible that at least IPSec is supported. It's also possible that I'm searching for the wrong term. I did read the entire TOC and index, but found nothing useful.

On Tue, 24 Apr 2007 09:22:37 -0700, Jeff Liebermann wrote in :

PPTP _is_ (a type of) VPN.