Setting up a VPN... help

So here’s the long and short of it: I’m going into my third year of my computer science degree this fall. I’ve been working with computers since I was in high school, and I’ve done computer work on the side for years. I started out working with Windows stuff, of course, but I’ve been learning the ins and outs of *nix and OSX for the last year or two. I dabble in programming when I can (specifically, Ruby / Rails).

Well, my fiancee’s dad owns a business that buys and sells plastic injection molding machinery and parts. Last fall, he rescued me from my unbearably awful job at Tim Horton’s, and put me to work in the warehouse - cleaning parts, stripping old control cabinets, and whatnot. Whenever a computer problem would arise, I would fix it, as that’s what I do best. Last spring, we started having a pretty serious problem with our database, so he decided to have me take a look at it. Now, it’s been a few months, and I have my own office and the official title of ‘systems administrator’.

I love my job and everything about it, but I’m very, very inexperienced with some of the finer points of sysadmin-ing. Networking’s always been my weak spot, but I’ve been figuring everything out and making it work as I go.

My project for this weekend is to set up a VPN, and I have pretty much no idea at all where to start. We just picked up a Netgear FVS318 router / VPN / firewall, so I need to VPN in to that from a client computer running Windows 7. I’ve tried to set up Shrew Soft VPN Client, but I’m not sure what I’m doing, and I’m having trouble getting anywhere with it.

Any and all help would be very much appreciated.

TL;DR: Help me set up a VPN with a Netgear firewall / router / VPN and a Windows freeware client and earn my undying love and gratitude.

EDIT: As it stands, apparently my modem has a built-in router, and it doesn’t support bridging, so my Netgear router has never actually gotten my WAN IP, which would explain my perpetual failure. I’m picking up a Motorola Surfboard in a few hours, and that should make things work a lot more nicely.

EDIT 2: Got it to work with the vanilla Netgear client for now… I’ll be fooling around with other clients when I have time to do so. Thank you all for your advice.

openvpn is nice, there are also some very nice cisco books on VPN.

if you’re new then go for the CCNA/P stuff, fairly easy, but if you have hands on experience then you may have to read a load of stuff you know and it can become tiresome… just stick to it and you’ll come out the other side with a nice clear view of how VPNs work, you’ll also pick up some networking fundamentals too

Grab a copy of the reference manual for your VPN gateway from here (assumed v3):
http://support.netgear.com/app/answers/detail/a_id/2105/session/L2F2LzEvc2lkL0VRQ0I5Z3dr

See page 5-5 “How to Set Up a Client-to-Gateway VPN Configuration”

If you use the Netgear VPN client and follow their example, it should be pretty simple to setup.
Edit: After looking into it a little, it appears their client is fairly worthless. I would try something else.

BTW, Windows 7 has a built-in IPSEC client you could try (though I’ve never used it.)

If you continue this path and even choose to go on to system engineering (which you’re kind of doing here to a small degree) as well, the first/hardest lesson you’ll learn is determining the compatibility of your devices and client when setting up a new system. A lot literature is full of buzz words and bullshit and when you can figure out what something ‘supports’ you’ll find that having access to that feature costs more. Don’t be afraid to call the manufacturer of the product your interested in and asking what exactly it supports and what you get for the price point you’re looking at, for small things like this you’ll probably get some idiot making minimum wage in a call center. It’s when you get to the big multi thousand dollar things where you get on file an engineer saying you will get something, if you dont get it for some reason they will usually take the hit and give it to you; sometimes not. Also sysadmin forums/communities (such as this) are extremely helpful as well since there might be someone who’s already dealt with the product in question and has a unbiased opinion on its pros and cons.

Do you have an existing firewall of some sorts? From the sounds of it the Netgear may not be as easy or feasible to setup as it could be.

If you already have a half decent firewall and say a Windows server, you could forward a few ports and use Windows’ RRAS component.

That being said, with the Timmy’s reference in mind, where abouts are you? Somewhere in Canada I gather.

what is the point of setting up the VPN? Remote access into the office network? Joining two offices?

It sounds like remote access. I’m a huge fan of terminal services-based solutions. One would be a remote desktop gateway. Another would be a terminal services server a la Citrix.

Have you looked at the Shrew Soft documentation for Netgear VPN devices?

VPNs aren’t too hard to setup. You just have to make sure the settings (encryption type, keys, etc) match on the VPN device and the client. I’m not familiar with the Netgear devices, but I’ve set a few up on our Cisco ASA. Either the built in Windows IPSEC client or Shrew Soft should work fine for the clients.

Hey man, don’t psyche yourself out here, this is pretty straight-ahead stuff. On the Netgear side, I’d go with the vanilla configuration, just Next Next Next until it’s done. Then, go to Win7 and point the client at the firewall, Windows will do it’s best to autoconfigure the client and most times it’ll work just fine. Clearly this is an oversimplification, but often times with consumer gear thing will “just work”.

Additionally, making a small investment in learning IPv4 is a good idea. I’d recommend a CCNA study guide book (check out Todd Lammle), you should be able to read the valuable parts in a couple of weeks of evenings. As you advance in your career, the more solid your networking basics, the better you will do. Good luck!

Your first problem is using a Netgear FVS318…

+1 on OpenVPN. I just spent a bunch of time getting a site-to-site OpenVPN tunnel working over a gigabit network. It’s a pretty snappy configuration I must say…

If you follow the key generation guide from here, but just copy the default configuration from here, you can get the system up and running relatively trivially. Feel free to PM if you have any setup questions.

I’ll have a look at OpenVPN, thanks… does it have a Windows client?

Maybe it’s just me, but I’ve found OpenVPN to be difficult to set up. I ended up going with Zentyal to try make it easier to set up.

I have a related question:

What I’m trying to do is give my team members the ability to attach to one of several secluded networks that aren’t normally well-connected to the rest of the network. For the most part, we aren’t worried about security, but more about giving their laptop access to the entire secluded network, and dealing with IP address conflicts.

Something like a SOCKS tunnel + Widecap† would be much easier to set up on the server side, but it doesn’t look very professional/stable, or as easy to configure on the client side, as compared to OpenVPN.

Any suggestions?

† Widecap is a “proxifier”, something that makes all the local apps go through the SOCKS proxy, without having to individually configure each app for the SOCKS proxy.

The Netgear client costs money; I was led to believe (via the box the router came in) that it came with the router, and it was a selling point for me… and I don’t want to tell my boss “oh hey looky, we have to spend MORE money now on this thing!”.

I’ll have to read up on the built-in IPSEC client a bit more - I’ll let you know what I figure out. Thanks so much.

Thank you so much for your experience and insight. I’m a member at StackExchange already (though nobody’s really helped me much there as of late, for some reason), and that’s why I joined here - because there’s no way that I’m doing this on my own.

The FVS318 is the only existing firewall at the moment. We’re a Windows shop, but all our servers are OSX or Linux (SME Server).

I’m in Ortonville, MI… come say hi!

Remote network access… We use FileMaker (ugh) for our database, and the files are remotely hosted over the network. The most secure and seamless way of getting remote access seems to be via VPN.

so you are working for your potential father in law?

Yes, but it’s not ‘like that’. I get paid about half of what anyone else in this field would, because he knows that I have to take the time to figure it all out, and he’s 100% fine with that. We have a really strong relationship, and I see myself being an actual business partner of his in < 10 years.

this thing being 129.99, im going to assume your budget is nill if you are afraid to ask for more money on behalf of their network security

Not so much that, as the fact that I want him to be confident in my decision-making abilities. I don’t want to have to own up to the fact that this isn’t quite the out-of-the-box solution that we were hoping that it would be.

Do you have a static IP/domain name or at least a dyndns account and domain name?

dyndns, yes, and I’ve set it up before, on another system for ssh access.

The solutions that you’ve mentioned seem extremely robust and awesome, but I need to have something working by the end of the day… thank you so much for your insight, though, and if I ever have to do this again, I’ll know where to start.

I did not know that this was even a real thing… thank you so, so much.

I really need help on the fundamentals of networking - I’ll look into that. Thanks.