I hope you don’t mind, but I need to take a break from all the Matrix Mega reviews that I’ve been doing as of recent. I’m about halfway through with them and I’m wearing a bit thin. 😀 My guess is that you are too, so for the next few entries, I’m going back to my normal types of postings.

VPN HellFor the past week or so, I’ve been up to my ears in learning all about a fairly new technology called VPN, or Virtual Private Networking. You may have heard of it, as had I, but if you’ve never explored this technology on your own, you’re in for a real treat – not!

Here’s the idea – let’s assume that you have two computers that you’d like to network together so that they ‘talk’ to each other. Computer A is downtown and Computer B is in the suburbs. Both computers are connected to the Internet using fast connections (DSL, T1, Cable, etc.), so by using VPN you can create a secure ‘tunnel’ through the Internet and thus connect the two computers. Although both computers are accessing the unsecure and open network that is the Internet, the encrypted tunnel secures the information exchanged between the two computers. The best part is that each computer sees the other as if they were on the same exact network. The concept itself seems rather straightforward, it’s the implementation that’s a killer.

I’ve found plenty of web sites that talk about VPN technologies and the concepts behind making them work, however I can’t find anything concrete that explains setting it up step-by-step. I’ve read plenty of IPSec and Internet Key Exchange (IKE) and L2TP, but I have yet to see anything that provides concrete “here’s what I did” piratical applications. At this point I feel a bit like a blind person who’s trying to learn what the color red looks like. It’s driving me nuts. I’ve spent days trying various solutions and reading web page after web page, but it is still escaping me.

Sample VPN configurationFrom what I gather, there are several types of VPN configurations available and that fact may belie the problem itself. The solution depends on what type of configuration you want to use. Here’s the skinny the of the more common configurations:
1. Software-To-Software VPN – Windows XP and 2000 includes software that allows you to setup a VPN server. Setup a server and then connect to it with another Windows XP, or Windows 2000 machine and you’re good to go. In Windows XP, there’s even a wizard that makes it easy to setup a VPN connection. The downside is that this wizard assumes that you’re connecting to another Windows machine, if you’re not, then you’re out of luck. There are other 3rd party VPN Server solutions out there and if you choose one of those, then you’ll need a VPN client that allows you to connect.
I’m not a big fan of putting a Windows machine outside of a firewall, so neither of these solutions appealed to me. Most of my clients don’t have another server sitting around that they can use to setup for a VPN server and there’s no way I’m opening up ports to a production server.
2. Hardware-To-Hardware – Most networking companies now offer firewalls with VPN solutions built in. Low-cost solutions are available from companies such as Linksys and Netgear, so finding a $150 piece of hardware is not hard to do. To make this configuration work, you place one “box” in front of Computer A and another “box” in front of Computer B and the two “boxes” talk to each other and make the VPN connection.
This configuration is great if you’re trying to connect two offices together. Unfortunately, since this my first VPN setup, I can’t afford to purchase two “boxes” to test and setup. I have one installed, but I need to use a different configuration for the time being.
3. Software-To-Hardware – If you’re a mobile user then this type of configuration is more typical for you. What this setup involves is using software to connect to a VPN piece of hardware. Going back to our scenario, what this would mean is that you have a “box” between Computer A and the Internet and you use software on Computer B to connect to the box from your remote location.

Given that there are a large number of mobile users, you would think that this type of setup is the most common of the three. However, if you take a look at the scant few VPN clients that are out there, you’d think this type of thing was totally new and that no one had ever tried to do this before.

My Experience
I purchased the Netgear Model FVS318 Cable/DSL ProSafe VPN Firewall with 8-port switch for a client. Based on the documentation on the web, it appeared that the firewall came with the remote VPN Client software. Upon inspection of the box, it was clear that it did not. Instead, Netgear recommends purchasing SoftRemote from SafeNet. The software costs $149.00 per computer and there is no demo available to see how well it works.

What I discovered was that most VPN clients do not offer a demo version in which to try the product before you buy it. If the software was only $30 that would be one thing, but to spend $149 and just trust that it’s going to work is not my typical M.O. The only software I could find that did have a demo was the GreenBow VPN Client. I downloaded and installed it, but my experience with the software was not positive. I don’t like the UI one bit and I was never successful in making a VPN connection. I don’t know why though because the GreenBow VPN Client doesn’t give you any indication that it’s even working, much less trying to connect.

I did find an open source solution called OpenVPN, but it’s only for software-to-software connections. It does not work with software-to-hardware solutions, “OpenVPN is not compatible with IPSec, IKE, or dedicated hardware VPNs.” That left me high and dry with out software in which to test with. Believe me, I have searched and searched, but I’m keep turning up nothing in the way of a demo VPN client.

A Ray Of Hope
The only ray of hope that I have is a product from Linksys called a USB VPN & Firewall Adapter. From what I’ve read it would appear that this is a hardware solution that you can setup at the main location and then dole them out to your VPN users to plug between their computer and their high speed Internet connection. What I like about this solution is that it’s a hardware-to-hardware solution, so it should be more straight ahead and I like that it’s OS independent. A friend of mine has one and was playing with it last night, I’m anxious to hear how his tests went.

For now, I’m up a creek without a paddle. If you have any experience with using Virtual Private Networking, I’d love to hear your thoughts on the subject. Any recommendations are most welcome! Until then, I’ll keep slugging away at this until I either raise my I.Q., or figure out a solution. 🙂