VPN for home lab

ehnde

I'd like to set up a VPN connection to my lab at home. This is related to CCNA:Security, and I thought it might help solidify my understanding of how VPNs work and also give me a way to remote into the lab (other than logmein, ssh, or RDP over a nonstandard port).

Criteria:

• no cost at all
• cannot install software at work, but have access to Windows 7 and Windows XP. I frequently use different desktops.

Available Equipment:

• Windows VPN client, java, putty, VNC, web browser at work
• a netgear router, two cisco 1721s running IOS 12.4 advanced IP services, and a server (machine I'm using at home as a combo dynamips/console server box)
• switches and routers connected to the dynamips box/console server that have nothing to do with this project except for the need to access these devices as part of the lab

What would you guys suggest as a reasonable way to go about setting up VPN connectivity from work to the home lab?

Kasor

Use logmein to remote to your home workstation, then you can access your home network from the workstation that you setup logmein.

Otherwise, I don't see any free tool unless you are going buy the HW/SW to support VPN.

ehnde

Hey, thanks for the reply! I use logmein right now, and it works great - serves my needs well...but I would like to set up a vpn partly to reinforce my studies in CCNA Security.

Doesn't the Cisco 1721 with advanced ip services support vpn connectivity? I could forward whatever ports I need from my home netgear router over to a spare 1721, then pass the traffic into my lab. What additional software would be needed?

exampasser

If you have an MSDNAA account you can get a free copy of Server 2008 R2 and run a VPN server on that. You can also run a VPN server on XP/Win7 but you're limited to PPTP(professional editions at least, dunno about home editions). If you can get a copy of Server 2008 R2 you can run SSTP which will give you less problems with firewalls blocking it as it uses port 443.

keenon

you can run ssl vpn via adito it runs under windows or linux.

demonfurbie

you can setup a vpn server on linux fairly easy

shoot you can do it via web based linux on some distros

Untangle Lite Package

jibbajabba

According to some quick google the 1721 seems to support VPNs. I have setup my 877 for both, IPSec and pptp so I can connect either way, depending here I am. In the office I have setup a site-2-site IPSec to my 877 and for iPad / iPhones and laptops I am using PPTP. PPTP is certainly the easiest to setup:

Configuring the Cisco Router and VPN Clients Using PPTP and MPPE [IP Tunneling] - Cisco Systems

Windows XP can then connect just fine using the built-in client.

ehnde

jibbajabba wrote: »

According to some quick google the 1721 seems to support VPNs. I have setup my 877 for both, IPSec and pptp so I can connect either way, depending here I am. In the office I have setup a site-2-site IPSec to my 877 and for iPad / iPhones and laptops I am using PPTP. PPTP is certainly the easiest to setup:

Configuring the Cisco Router and VPN Clients Using PPTP and MPPE [IP Tunneling] - Cisco Systems

Windows XP can then connect just fine using the built-in client.

So the two possibilities come down to using a Cisco 1721 that I have available as a vpn terminator, or using the server I'm running dynamips on. How tough would this be on the 1721? I don't have a vpn module in it. Also how much overhead would this create using my server as a vpn terminator? (In this case I'm leaning towards openvpn if I must use the server).

jibbajabba

Overhead - I don't know. Wouldn't think it is an issue in a lab anyway. I run a server 2008 server as DC and VPN server, running just a GB of Ram. And I only just see that the VPN module is optional in the 1721. So if you don't have one then that option is not available to you.

Surely your office has a static IP, why not just open all ports for this IP on the firewall? Again, for a lab surely an option ?

Or simply use a CentOS machine, or even virtual machine, you can run this as a VPN server as well (need to do your own google homework on that though).