FVS328 VPN Setup
Over the last week, we have setup two new networks in the Lubbock area, for a local 501 (c) 3 charity.They have two locations in town, and we are using our new T1 (installed by NTS Communications on Monday) to host their software, including their network file shares (via Samba) and a Jabber server. We have connected all three locations (their two locations, and our office) using off-the-shelf Netgear FVS328 VPN router / firewalls.
Although they are no longer made by NetGear, I got these routers, as refurbished items from eBay, and was able to pass the savings down to our client. The latest version of the router, the FVS338, adds no special features other than, "much faster", according to their spec sheets. Since the system has no "speed" criteria, there was no reason to pay double the price.
We tested them in the office, and built a small network consisting three of the devices, and three computers. Two workstations, and a small server. I was able to configure an IPsec VPN using a shared key, using the router's simple web interface, within a few minutes. Within twenty minutes, all three were talking to each other, and the network was running smoothly.
On Thursday, we found out that the devices perform slightly differently in the wild. Although users on all three networks could browse the Internet just fine, and we could make outbound ftp and ssh requests, the VPN connections were extremely flaky. For instance, I could connect to a remote server using ssh, but after a few seconds the connection would drop. In another attempt to use the VPN, all attempts to access a web server at the other location failed.
We checked all of the equipment, low and high, and finally discovered that these NetGear devices are very picky about the MTU settings, which default to 1500 bytes per packet. We dropped the setting down to 1400, and they began working flawlessly.
0 Comments:
Post a Comment
<< Home