Sagem Modem and VPN

[alianmac]

Hi there,

I just got my Sky Broadband today.

I used to be on Plusnet ADSLMax over a BT line. I was paying £30 per month to plusnet for a service where the restrictions seemed to cut in quite seriously as the family approached the 30GB per month download limit.

By moving to Sky Talk Unlimited and Sky BB I have been able to upgrade to Sky HD+ and still expect to save £25 - £30 per month.

My configuration when with Plusnet was an ADSLNation X-modem connected to a Linksys RV042 dual Wan firewall router. I was hoping to get a Netgear router from Sky and be able to use the existing VPN setup on my RV042 by using VPN passthrough. However, I got a Sagem.

To be specific, I use a PPTP VPN both ways. To get at files on my home network when in the office and to get at the office network for various services when at home.

I read through all the posts that I could find on this forum about Sagem routers and VPN and wasn't very confident that I could get it to work. What I have done is as follows:

1) Set up the Sagem router, checked it all worked OK, then set up the RV042 so that the Sagem LAN is the RV042 WAN.
2) Fixed the IP address of the RV042 within the Sagem DHCP range.
3) Set up a dyndns service on the Sagem router
4) Set up an inbound firewall rule on the Sagem to allow all PPTP VPN traffic through to the IP address of the RV042.
5) Set up a PPTP VPN server on the RV042 (actually this was already set up for my previous ISP).

I can now VPN into home from my T-Mobile 3G card (i.e. the "wild" internet) and expect to be able to do the same tomorrow from the office. I can also VPN into the office from any PC on my home network.

Now I know that all the network security guys will wave cloves of garlic or crucifixes in my direction because of my use of PPTP - so my main question is:

Will this same setup work for IPSEC VPN if I use a firewall rule to allow all VPN IPSEC traffic to the same router? If it will work, will it be specific to certain IPSEC clients?

Finally, can anyone see anything wrong - morally, legally technically or security wise (other than use of PPTP) with what I have done? I signed up to Sky knowing abour the router restrictions and do not particularly wish to use a different router.

I also thought, having seen some of the other posts about VPN issues, particularly wih Sagem routers, that if it doesn't have any fatal flaws this approach might be useful to others. I am pretty confident that it will also work with a Draytek 2910/2920.

Regards,
Malcolm

[matzy]

It seems to me that you have done what I am looking to do.

Before moving to Sky I had a Belkin Router that worked perfectly fine with my wife's VPN (Nortel). Now with the Sagem she cannot access it and the IT department arent able to help.

I have managed to get my old router working with sky (and therefore the VPN too). Is what you have done basically meant that as far as Sky can tell you have your sky router in use, but you also have your other router daisy-chained to it allowing you to have working VPN?

[alianmac]

Quote:

Is what you have done basically meant that as far as Sky can tell you have your sky router in use, but you also have your other router daisy-chained to it allowing you to have working VPN?

Yes. I have done this by giving my original router a fixed IP address on the LAN side of my Sky router and then setting up the Sky router to pass through all VPN traffic to that IP address.

Quote:

I have managed to get my old router working with sky (and therefore the VPN too).

That makes me think that you may have the wrong kind of router to copy what I have done. Is your router an ADSL modem/gateway/router or a cable broadband gateway/router? The difference is in the type of connection used to connect to the broadband input.

On an ADSL modem/gateway/router the connection to the broadband is RJ11 - which is different to the ethernet (RJ45) connections on your computer and the LAN side of the gateway. Inside the box, between the RJ11 connector and the router electronics, is an ADSL modem.

A cable gateway router has an ethernet (RJ45) connector to connect to the broadband. This is the same as the other connections on the box. As a result there isn't an ADSL modem in the box.

My box (a Linksys RV042) is a cable gateway router, so I can connect the LAN side of my Sky router to the WAN side of my existing router without any ADSL electronics in the middle.

If your Belkin is an ADSL modem you won't be able to do this.