" firstname.lastname@example.org" hath wroth:
Yeah, I noticed. Nothing in the data sheet, knowledge pile, or docs.
Too bad there's no online emulator to see if there's a setting. Call
or write sales or support?
No. That just means that they didn't list it as a feature.
It's way more complicated. SSL is just one type of VPN. There's also
PPTP, L2TP, and IPSec with a mess of encryption and authentication
The basic problem with shoving a VPN through a router is that NAT
rewrites the header. If the VPN encapsulates the header as well as
the data, as in AH, then the VPN termination will not work and
complain. Most VPN's don't do that, but there are few high security
flavors that do, and they won't go through any form of NAT. The one's
that don't, such as ESP, still encrypt the header, making it rather
difficult for the router to re-write the IP address and header info.
"VPN Passthru" detects this condition and provides special handling to
deal with the encrypted headers.
For most applications, it's safe enough to leave VPN passthrough on
and the user will never notice. So, routers are starting to make that
the default and remove the option to turn it on or off. In other
words, it may work but no guarantee.
A more serious problem is how many VPN tunnels can you open through a
router? Most junk routers will do exactly one. Improved firmware
might crank this up to perhaps 2 tunnels. Cheap routers made to
terminate VPN's can probably do about 10. Real VPN routers can do
hundreds. No clue where the Z-2000 fits. For example:
Comparing NETGEAR's VPN and VPN Passthrough Support
Light reading and homework:
Is That a VPN or Is It Just Passing Through?
Are IP NAT Traversal and VPN Passthrough the same thing?
Troubleshooting VPN passthrough for Home Routers
On 24 Apr 2007 00:15:25 -0700, " email@example.com"
Actually it does. Page 59.
Read the manual and you won't have to guess.
Different. Wikipedia is a good place to learn about it.
John Navas hath wroth:
Yep, I was lazy. The "user guide" is 12MBytes big and I decided that
I didn't want to wait for the download. It was midnight, and the
download was running at 10KBytes/sec. This morning, it's at
25KBytes/sec. Yawn.... I guess I'll wait the 10 minutes.
I read the "quick start guide" and data sheet, neither of which
mentions VPN. Neither does a search of the knowledge base. However,
I wanna read about their built in RADIUS server, so I might as well
grab the PDF.
10 minutes remaining to download.... this page 59 had better be worth
reading. Maybe a foldout? Pictures of the insides without covers?
6 minutes remaining and it's 40% done. The anticipation of success is
making me thirsty. Time for a green tea fix. Maybe if I don't watch,
it will go faster. Bubble, bubble, toil and trouble....
2 minutes remaining and it's 60% done and back down to 10KBytes/sec.
Is it true that one must suffer before enlightenment? Maybe if I add
sugar, it won't taste like green tea.
30 seconds remaining and 98% done and it's down to 5KBytes/sec. No
wireless involved so that's not it. I guess it's just a bad day for
Done in 17 minutes. On to page 59 out of 440 pages. Ugh, big. It's
days like this that I really like searchable PDF documentation.
Looks like it has a PPTP client built into the firmware. There may be
other types of clients as there is a pull down box on the menu for
encapsulation type. No foldout. However, a PPTP client does not
answer the original question. This is about VPN passthru.
The index, under "IPSec", points to page 39 which mumbles something
about the router supporting certificates. So, I guess it can do
On page 40, it claims support of SSL Passthrough, but in reference to
web pages, not a VPN. However, if it works for web pages, it should
work for a VPN (famous last assumption).
Under firewall rules on Page 160, it mentions a rule set for IPSec
either AH or ESP encapsulation. This implies that the router at least
recognizes IPSec VPN's and can pass them through the firewall.
Nothing else I could find for VPN. From skimming the docs, in about
the same time span that it took to download, I would conclude that
support for VPN passthrough is indeterminate and must be tested first,
especially the number of tunnels supported simultaneously. Since
there is a prefab firewall rule for IPSec for encapsulation type, it's
possible that at least IPSec is supported. It's also possible that
I'm searching for the wrong term. I did read the entire TOC and
index, but found nothing useful.