Ask MetaFilter questions tagged with vpn

Help a British Ex-Pat Access Overseas Content (BBC, iTV, premier league football, etc...)

ghostpony — Fri, 27 Nov 2009 14:10:32 -0800

My father is a British ex-pat who is craving some good old fashion football/cricket/BBC. Please share some advice about best way to access this content while in the states. My father is a British ex-pat who has lived in the states for some 20 odd years. After many years of paying through the nose for pay per view football matches and the occasional cricket test match he gave up.

Can you give us some advice about the best way to access this content? He is interested in watching Premier League matches, cricket, rugby, and most everything the BBC puts out. He is particularly interested in live-streaming matches, but would take what he can get.

Also news to me Hulu has a UK only site that features content from Channel 4, ITV, and other UK only channels, and so access to that would be welcome.

Do you have any advice? Where do we start?

VPN woes

randomstriker — Tue, 24 Nov 2009 16:20:09 -0800

I have set up a VPN connection, and two network adapters: wired and wireless. How do I force the VPN connection to use the wireless adapter, without disabling the wired adapter? I am on Windows 7.

Problem is that the wired network connection on my company's LAN goes through a firewall that blocks my ability to use the VPN connection that connects me to my customer's LAN. The wireless network, however, is open to the internet.

Currently I disable my wired adapter, fire up the VPN which connects over the wireless adapter, then re-enable my wired adapter. This works fine but is really annoying.

Does Xbox 360 have a proxy option with authentications?

omaralarifi — Sat, 21 Nov 2009 11:17:06 -0800

Does Xbox 360 have a proxy option with authentications such as username and password with it? Or PPTP w/ authentications. Also does it have a VPN support?

All HTTP requests time out, unless connected remotely via VPN.

tdischino — Tue, 17 Nov 2009 19:58:50 -0800

All HTTP requests time out, unless connected remotely via VPN. HTTPS (in my trusted sites) and FTP work fine. Somehow OpenDNS factors into this. I've seen this, but it's not exactly what is happening to me as far as I can tell. I consider myself a power user and somewhat technical, but realistically I know just enough computer-y stuff to make myself dangerous to myself, so take the rest with that in mind.

Within the network (when I am actually at work connected via ethernet or wireless), I get the same results. IS guys are slow to respond assuming I have some malware (although i've run malwarebytes about 5 times with consistent results - no infections). I consider myself a smart user , so I am not convinced this is foul play by some dumb virus and I don't visit nefarious sites (on the work lappy that is). I can only get HTTP to not timeout if I am connected remotely with the VPN (Cisco 5.0.01.0600, but this also happened under 4.8) running.

There are many things that i've tried or that were tweaked that I feel I need to include in this that I am afraid I might provide a lot of unimportant information. Please bear with.

Background: So, this is my work lappy (Dell Latitude D610) running WinXP fully patched. A week ago, I upgraded the Cisco VPN client from 4.8 to 5.0. The same day, I was given an AT & T GT Ultra 3G card. Every time I plugged the card in (having tried several drivers), Windows would BSOD. I decided to give up trying to get the card to work after several days. I uninstalled the drivers. I started experiencing this issue where HTTP requests would time out, somewhere between the first install of the card drivers, and giving up on the card. This included intranet and internet sites. My home page is an HTTPS site, so I didn't notice it immediately as it connects just fine, and a lot of my work sites are HTTPS (Not too mention, I've had a lot of remote connectivity over the past week or so, so it wasnt consistently occurring). Also, I started getting certificate errors when my Outlook (2007) would try to connect to the exchange server over a remote vpn connection (from home only). When I would look at the certificate, it referenced opendns.com. I use openDNS at home and have configured their name servers into my router.

So I did a system restore to a point before the card was installed. Well, since the VPN client was installed the same day as the card, I had to reinstall it as well. No Luck with HTTP unless I was over VPN. So I started searching the OpenDNS KB since the outlook exchange certificate errors were consistently occurring over the VPN connection, and found this. So I added my work domains to the exceptions, and everything was hunky dory again (until I got into work today and could not access much of anything). IS guy tried reinstalling XP SP3 today, didn't help. I tried uninstalling and reinstalling the VPN client today, didn't help.

Got home tonight, tried to connect to HTTP sites, no luck. Fired up the VPN, and here I am.

So, to recap, everything seems to work fine with VPN connection from home, behind OpenDNS. HTTP does not work if VPN is not running, or if I am within the physical network. If any of this makes sense, what piece(s) represent the wrench in the gears?

VPN from home NAS system.

CodeMonkey — Fri, 16 Oct 2009 10:36:19 -0800

I am trying to set up my router so that I can get at my files on my 3 NAS boxes. These NAS boxes are 1) D-Link DNS323, Infrant ReadyNAS NV+, and a Buffalo TeraStation HD-H2.0TGL/R5. The router is connected to the internet via a home service cable modem so it won't have a static IP and one step is to find the IP address before accessing. I have a router (DLink DGL-4100) which says it can make a IPSec VPN or FTP using a Virtual Server (I think). There would be no other PCs on the network since I would be taking my laptop with me when I access the network. The manuals for the routers talk about FTP serving but if I get a VPN set in my router then I should be able to just browse for whatever I want that way...right? The instructions say it can be done, but how? Please give me step by step instructions the best you can for setting up the router, the NAS boxes and my XP laptop (with suggested software, if necessary) since I have looked all over the internet and can't find anything I can understand. Of course the access should be encrypted and password protected. THANKS GUYS. From the router manual. (DGL-4100):
Application Level Gateway (ALG) Configurations
Here you can enable or disable ALG’s. Some protocols and applications require special handling of the IP payload to make them work with network address translation (NAT). Each ALG provides
special handling for a specific protocol or application. A number of ALGs for common applications ar enabled by default.

IPSec VPN:
Allows multiple VPN clients to connect to their corporate network using IPSec. Some VPN clients support traversal of IPSec through NAT. This ALG may interfere with the operation of such VPN clients. If you are having trouble connecting with your corporate network, try turning this ALG off. Please check with the system adminstrator of your corporate network whether your VPN client supports NAT traversal.

FTP:
Allows FTP clients and servers to transfer data across NAT. Refer to the Advanced -> Virtual Server page if you want to host an FTP server.

Virtual Server
The Virtual Server option gives Internet users access to services on your LAN. This feature is useful for hosting online services such as FTP, Web, or Game Servers. For each Virtual Server, you define
a public port on your router for redirection to an internal LAN IP Address and port.
Example: You are hosting a Web Server on a PC that has Private IP Address of 192.168.0.50 and your ISP is blocking Port 80.
1. Name the Virtual Server Rule (ex. Web Server)
2. Enter in the IP Address of the machine on your LAN – 192.168.0.50
3. Enter the Private Port as [80]
4. Enter the Public Port as [8888]
5. Select the Protocol - TCP
6. Ensure the schedule is set to Always
7. Check the Add Rule to add the settings to the Virtual Server List
8. Repeat these steps for each Virtual Server Rule you wish to add. After the list is complete, click Save Settings at the top of the page.
With this Virtual Server Rule all Internet traffic on Port 8888 will be redirected to your internal web server on port 80 at IP Address 192.168.0.50.

From the D-Link NAS DNS-323 manual:
FTP Server
The DNS-323 is equipped with a built in FTP Server, which is easy to confgure. It allows users access to important data whether they are on the local network or at a remote location. The FTP server can be confgured to allow user access to specifc directories, and will allow up to 10 users to access the DNS-323 at a time.

This section contains the configuration settings for the DNS-323 FTP Server.
The current settings and status of the DNS-323 FTP Server are displayed here.

The FTP access for users and groups can be added and edited here.

Category Determines whether the FTP server rule will apply to an individual user or a group.

User / Group Select the group or user the FTP server rule will apply to.

Folder Browse to and select the folder or directory you are granting FTP access to. Select root to grant access to all volumes.

Permission Set the user or group permission to Read Only or Read/Write.

FTP Server Settings
Max User: Sets the maximum amount of users that can connect to the FTP server.
Idle Time: Sets the amount of time a user can remain idle before being disconnected.
Port: Sets the FTP port. Default is 21.
Flow Control: Allows you to limit the amount of bandwidth available for each user.

Most standard FTP clients like Windows FTP, only support Western European codepage when transferring files.
Support has been added for non-standard FTP clients that are capable of supporting these character sets.

Access List: Lists all defned FTP Rules.

If you are behind a router, you will need to forward the FTP port from the router to the DNS-323. Additional flltering and frewall settings may need to be modifed on your router to allow FTP Access to the DNS-323 from the Internet. Once the port has been forwarded on the router, users from the internet will access the FTP server through the WAN IP address of the router.

From the ReadyNAS NV+ manual.

FTP/FTPS
To access the share via FTP in Share security mode, log in as “anonymous” and use your e-mail address for the password.
.
To access the share in User or Domain security mode, use the appropriate user login and password used to access the ReadyNAS. For better security, use an FTPS (FTP-SSL) client to connect to the
ReadyNAS FTP service. With FTPS, both the password and data are encrypted.

From the Terastation manual.
To allow Anonymous FTP, choose Enable for Anonymous FTP Server. Select a folder to share from the Anonymous User Public Shared Folder (only one folder may be shared by anonymous FTP) and
choose whether you want the share to be Writable or Read Only. Click the Apply button to set up anonymous FTP.
If FTP Server is disabled in the Basic window, this page will not be accessible.
Anonymous FTP mode uses port 8021 (e.g. ftp://IP Address:801).

Does Zune HD have VPN connectivity option?

omaralarifi — Sat, 26 Sep 2009 11:13:09 -0800

Does Zune HD have VPN connectivity option as iPod touch?

Where do you put your VPN?

plaidrabbit — Tue, 22 Sep 2009 18:16:58 -0800

Where exactly should I place my VPN server in my network? I have a working home network, with a Debian box running as a DNS server and firewall. I'm using it for business purposes, and will more than likely either need to access the network on the road or allow my business partner to work from home on a regular basis.

While I'm not so much concerned about how to configure the VPN server right now, what I am concerned about is where I should place the VPN server to keep everything secure. As it stands, I'm also planning on using a proxy server (legal requirement to keep browser logs, FTL), so I'll more than likely be using a DMZ in my network architecture. Should the VPN be placed in the DMZ, or does that seem overkill? If not, why? If so, what does this gain me? (I can think of a few things, but I'm not 100% sure if I'm right.)

If it helps, security is of the utmost concern - I will be doing legal work for clients involving electronically stored information, and most of my forensic boxes and analyzation tools will be on a closed internal network without access to the internet. However, I'm looking for the best way to secure things so medium-security information can still be accessed via the VPN, without having to worry.

VPN 24/7?

sevenyearlurk — Fri, 18 Sep 2009 18:23:05 -0800

VPN 24/7 on iPhone? I use an iPhone, and I finally got hooked up to my work email -- but I need to use VPN to access it. Is there any reason (battery life, etc.) that I shouldn't just leave VPN turned on all the time? If it's not a good idea, are there any better solutions?

Proxy? VPN? How can I fool download services into thinking I'm from the USA?

GilloD — Tue, 15 Sep 2009 02:01:23 -0800

Proxies, VPNs and restrictions, oh my! How can an American dude in South Korea get his Hulu, Steam and Direct2Drive on. More inside. I'm an American dude who is living in South Korea, as you can tell from my recent AskMeFi history. Here's a new kink: I got this sweet, sweet gaming laptop. I like to play games. And unlike other dudes, I like to pay for them. I have the $ to spend, I like to support the safe, lgal alternative to piracy.

Problem: I can't spend it. Many Steam games aren't available outside the US. Same with Direct2Drive. The vast majority of titles aren't purchasable with a Korean credit card. More, if I try to use my American card I get a warning like "The billing address you're using doesn't match the country you're buying from".

So, ugh. I thought we all liked capitalism and here I am trying to spend money and I literally CANNOT GIVE IT AWAY. Recently I've had friends 'Gift' me the game which lifts this restriction, but I feel bad putting them on the spot.

So: Proxy? Proxies are slow, yeah? Are there pay-for proxies that are quicker? WHat about VPNs? What are my options for tricking websites into thinking I'm coming from the US. I'm not against shelling out a monthly fee to have access to a service like this. Suggestions?

Three states, one LAN: how do I create the VPN?

anotherpanacea — Wed, 29 Jul 2009 05:56:00 -0800

Networking newbie question: how do I set up a Cisco router-based VPN between three sites, such that each can treat the other as if it were on the same LAN? Right now, I plan to use a Cisco RV082 and two WRVS4400Ns at locations in three different states. I need to set up a VPN tunnel between the devices. That's where things get fuzzy: my previous networking experience is basically just setting up home wireless routers. I can follow Cisco's tunneling guide until it starts asking me for my 'preferences.' I find I don't know enough to have articulate preferences.

What do I need to know? For instance, do I need to use a 'subnet'? What's the best encryption option? Also, what questions should I be asking? What issues or problems should I be on the lookout for?

Basic setup: three homes. One has a home server, three laptops connected wirelessly, one ethernet-connected desktop, and a couple of media extenders. The other two each have an ethernet-connected desktop and a laptop or two connected wirelessly.

How safe are subscription VPNs?

reformedjerk — Thu, 09 Jul 2009 11:30:03 -0800

How safe exactly is a subscription VPN like Witopia? I'm considering getting witopia for hulu, bbc, and pandora access. I've read questions about subscription based VPNs here before, but none of them ask what seems to me like an obvious question: how can you be sure that Witopia isn't doing some sort of snooping of the traffic themselves? Obviously, I'm just being paranoid, but let's say I'm using its VPN, in theory I don't have to worry about them getting CC and password info from SSL pages, right? Perhaps they can snoop for cookies and hijack a session, but other than that can I be fairly confident in its security?

HP MediaSmart Server EX487 and a VPN Connection

NotMyselfRightNow — Tue, 07 Jul 2009 01:17:43 -0800

I'm thinking about adding the HP MediaSmart Server EX487 to my home network. I have multiple computers in my apartment (all Windows PCs), including a work machine that is always connected via VPN to my office (to acccess Outlook, a shared drive, etc.). Will the work machine's VPN connection cause any difficulties, or prevent me from utilizing the HP for file sharing, printing, back up, etc. for my work machine, or any of my home machines?

SSH through the AS12880 / DCI Iranian government-run firewall?

thewalrus — Mon, 22 Jun 2009 20:54:42 -0800

Iranian firewallfilter: How to make SSH traffic not resemble SSH traffic, when examined by a deep packet inspection device (Ellacoya, Narus, etc)? Other advice on specific types of VPN from within Iran also welcome. I've been following the news about Iranian Internet censorship for a few years now, but obviously started paying more attention in the last couple of weeks. There's two interesting papers examining AS12880 (DCI)'s Internet transit from Arbor Networks:

Iranian Traffic Engineering

Deeper Look at the Iranian Firewall

Misc:

Robtex page examining AS12880's uplinks to the world

Rense page, strange changes in Iranian Internet transit

What I'm wondering specifically is methods which can be taken to make SSH traffic look -less- like SSH traffic. Assume that a person inside Iran has root on a European-colocated FreeBSD or Linux system (or root on a VPS/Virtual Machine) running the latest OpenSSH. The sshd would of course be listening for incoming connections on a nonstandard port, it could be any port, or multiple different ports. If I remember right OpenSSH now defaults to SSH2/AES but can also use Blowfish. Are there any methods that can be used to disguise the initial SSH handshake and packet headers? Any special tricks from the client software end, assuming that the client (OSX or Linux) can run any ssh client that will compile on it?

Is VPN traffic (Cisco, or Juniper-Netscreen SSL-VPN) less likely to trigger flags or get blocked than SSH?

Does anyone have firsthand or secondhand experience of Windows Remote Desktop / RDP 5.1 being blocked from within Iran?

Automatically connect to VPN on specific wireless network?

chndrcks — Tue, 19 May 2009 22:44:30 -0800

Is there a way to automatically connect to a vpn upon connecting to a specific wireless network (preferably in Windows 7)? I'd like to automatically log on to a certain VPN when I connect to my wireless router - is there a way to do this in Windows 7? Ideally, it would log in when connecting to my wireless router, but not other routers. Also, it would be great if it would log in even before I sign in to windows so that my network shares can map automatically. Any way to do all / some of this? My googling has failed me.

Help me choose a VPN provider.

blacksky — Sun, 03 May 2009 09:56:27 -0800

Help me choose a VPN provider. I live in the UK, and am growing increasingly weary of government snooping and bright ideas like this. I have nothing to hide, but still don't like the idea of anyone monitoring and logging what I do on the net.

So I figure a VPN that exits somewhere that doesn't do the kind of scary stuff the UK gov. seems to specialize in at the moment, and that doesn't routinely share information with the UK might be a good way to go.

I'm aware of companies such as superawesomebroadband.com and www.witopia.net but wondered if anyone could share their experiences with particular providers and maybe make some recommendations?

Of course it should be good, secure *and* cheap :) Oh yes, and I primarily use Linux.

Also, what kind of performance hit could I expect from this kind of set up for a) normal surfing and b) bit torrent usage.

Croatia Online!

benzenedream — Tue, 28 Apr 2009 17:25:36 -0800

What is the best way to get unlimited net access in Croatia without per minute data charges? We're going to Croatia for a few weeks and will need reliable net access for VPNing back home. I'm fine with paying a bit extra for a temporary DSL/Cable install - we will be staying in a home so mobile access is not necessary. Something faster than 56k modem speed would be preferred.

What happens to Windows Parent Domain if Child Disappears?

rocketpup — Wed, 07 Jan 2009 12:30:37 -0800

Windows Domain Filter: In a parent/child domain scenario, where Active Directory and Exchange data is being replicated between the two domains over a VPN, what risk is there to the parent domain if the link to the child domain goes dark forever? A company has two offices. Office A houses the servers responsible for the parent domain, and Office B houses the servers responsible for the child domain. What needs to happen at Office A to protect or clean up its own network if, from its perspective, Office B ceases to exist?

DIY Secure VPN/SSH connection?

BoldStepDesign — Sat, 03 Jan 2009 21:29:28 -0800

I've been unsuccessful in getting an old pc up and running with Ubuntu or some other *nix OS. I am wondering. Is it possible to use VPN or ssh from my computer to my Dreamhost account to create a secure tunnel to their servers into to the internet? I'm using 0.00 gb on my account for bandwidth. Sound doable? Basically:

Me @ coffeeshop -- secure tunnel -- > Dreamhost -- > Out to the net.

-=--
If not can I do this running a VPS? (Virtual Private server), if so suggest some cheap hosts please.
-+--

How to get an Iphone or G1 to work with my work

alkupe — Thu, 18 Dec 2008 09:13:55 -0800

I want to know what phone I should get to be able to use vpns and ssh to linux machines I'd be interested in using my phone to connect to my work vpns, then connect to some machines with an ssh client. I can't really figure out if either the iphone or the g1 can do this. One vpn is normal windows PPTP VPN to work network. The other appears to be the Firepass SSL VPN, where I go to some web page and login, then it opens a network connection on my PC. I don't know much about how this stuff works, but I'm happy to try to figure out any technical details.

Sharing network drives through a firewall

SteveInMaine — Wed, 17 Dec 2008 08:12:12 -0800

How can I securely share files on a Windows server behind a firewall with remote users ? We have a Sonicwall firewall box with VPN, and while this works okay for remote desktop, it's really slow for file sharing. I'm currently looking into Hamachi or sftp and welcome opinions on these solutions, but am open to other ideas that are secure and relatively easy to set up and administer. Practically all of the remote users are on Windows XP machines, though there might be a stray Vista or Apple user that needs access.

ASA5505 and Slimserver? Sharing music over a wan?

Anonymous — Sun, 30 Nov 2008 08:54:36 -0800

I have a very large music collection. For Christmas I was thinking of getting my parents an ASA5505 and a Squeezebox Duet. I already have an ASA5505, and setting up a hardware VPN should be trivial. We both have 15x15 lines, speed should not be an issue. I noticed my parents had like 30 lame songs they got from iTunes and were slowly trying to digitize their vinyl collection. I pretty much have anything they could ever want in mp3 form and nicely organized with a Slimserver serving up to my head units. I figure this should work in theory, especially given that my parents (!) have a fiber 15x15 line. Well I do too, and since we're on the same provider's network, I can't imagine more than a couple of geographic hops on a router.

What say you Metafilter? Has anyone tried this? It should work in theory, right? Any ideas?

Why isn't the VPN between two Cisco ASA 5505s working?

chengjih — Sun, 23 Nov 2008 16:24:34 -0800

Why isn't the VPN between two Cisco ASA 5505s working when I switch ISPs? One of the ASA 5505s is sort-of dual homed in the new configuration. The VPN appears to establish, but I can't pass traffic from one LAN to the other. We currently have a IPSec VPN between the office and our colo across a business-class cable line. We recently got a symmetric DSL line in the office in order to improve upload speeds to the colo from the office. Ideally, we'd like to have the cable line for ordinary Internet traffic, and the DSL just for the VPN traffic to the colo.

The ASA in the office has the DSL connected to ethernet port 7, which we've set up as a separate VLAN named "colo", in addition to the standard "inside" and "outside" VLANs. This ASA has a "restricted" license so only VLANs, and traffic between "outside" and "colo" is blocked.

I set up a static route using the "colo" interface to the colo ASA. Traceroute looks correct, and I can ping through it (in fact, I can ping from behind the ASA, from one of the internal machines on the office LAN). I then did an "isakmp enable colo", and switched the interface associated with the crypto map from "outside" to "colo".

On the ASA in the colo, I changed the peer for the crypto to the IP of the DSL line. I also added a tunnel group for this IP.

The VPN establishes -- I can see it in the ADSM and through "show crypto ipsec sa" -- but I can't send traffic from one LAN to the other. Ping doesn't work. ssh from an office server to a colo server seems to start but doesn't get anywhere. Strangely, when I telnet to the ssh port of the colo server, I see the usual SSH banner, so something seems to get through.

Any ideas? I haven't really touched the access lists on either ASA, as they appear to be correct. All I'm doing is changing the IP address of the "office", albeit to a different interface/VLAN. Is this a licensing problem for the ASA?

Thanks.

How to best connect the tubes between our offices

Jonsnews — Wed, 05 Nov 2008 09:25:26 -0800

I am working on a project connecting our three plants together, and need help evaluating the options (MPLS vs Point to point VPN over the internet), and bonus video-chatty question inside. So here are the facts:
- 3 Plants to connect (Ohio, Alabama, and Near Toronto Canada)
- Need to establish a persistent VPN connection to unify Domains, email, Shared Drives, Phone systems (We have a cisco IP telephony system), and support limited (not high usage) video chat between the plants
- We recently put in a brand new all cisco network wired, wireless, and phone (call manager 6).
- We will be consistently transferring large Catia (CAD) drawings between the plants, but we are the hub for those. We will also be hosting the shared drives, email, domain, etc. I am planning on having redundant backups for each location in case of we lose connection.
- We use an online ERP/MRP solution that is entirely internet based, we need to support redundancy on this because if it goes down, plants shut down.
- We currently have a t-1 for our ERP/MRP, and a 2megabit fiber for internet stuff.

I have gotten several proposals, and my concerns are as follows:
- MPLS - All three plants would have 1 t-1 connecting them to the MPLS "cloud" (basically a switch that all three plants would connect to, with an additional T1 to our erp/mrp from the cloud to give us access). We would be pushing all services over a single t1, if we need more bandwidth, we would buy another t1, or multiple t1s. I feel this is much more expensive then just having them bump up our bandwidth in our fiber.
- P2PVPN - Is the latency over the internet going to be prohibitive for things like video chatting, and pushing our phone service over the p2pvpn connection?

Bonus Video chat message:
What are some good corporate messaging solutions that feature video and voice chat? Screen sharing is a bonus!

Understanding throughput..the right way..

hboogz — Thu, 16 Oct 2008 06:57:04 -0800

Firewall and VPN throughput: Please help me understand the real world difference ? I'm working on examining different firewall's to replace an existing Nokia IP 380.

I see different throughput numbers being thrown around by different vendors and it gets rather confusing for me.

Take for example, a FW throughput as advertised at 1 Gbps and VPN throughput as advertised at 600 Mbps.

I only have 1 firewall and about 50 IPSEC VPNs; personally,it doesn't make sense to buy a firewall that can handle such throughput if the line coming into my office is just 1.5 Mbps ?

All VPN's at the site have T1's and the main site has a T1, so what's the point of getting a firewall that encrypts/decrypts traffic at 600 Mbps ?

And VPN throughput is combined into the overall FW throughput ?

I took a look at the device utilization of the firewall between yesterday and today and got this -- i'm really uncertain how to analyze that and correctly size the new FW ?

On average i believe the current FW is running about 40 Mbps..

I know i'm not understanding something correctly, so please someone please school me...

recycled PCs as m0n0wall WAN/VPN routers - worth messing with?

bartleby — Thu, 02 Oct 2008 16:33:42 -0800

ITfilter: Thinking about a new firewall/WAN VPN router - should I bother trying to roll my own with m0n0wall? Thinking about a project to put in hardware firewalls for 3 up-til-now independent sites who don't want to consolidate but need to start having secure WAN tunnels between, with some traffic monitoring tools for "okay, which one of you is killing our bandwidth" days, port blocking, etc.

I'm sure we've got some old workstations that can be recycled into m0n0wall boxes, but no so sure it's worth the time & hassle to do myself vs. buying commercial equipment. Boss likes cheap; I like free time and minimal stress migraines.

Note: I'm sometimes clever, but I've got no freeBSD or router hacking experience to build on. Going in cold.

Anyone had experiences with m0n0wall they'd care to share?