VPN Features

The VPN capabilities are the real reason to consider buying the FVS114. If you don’t need a VPN, there are other routers on the market that offer a more complete set of features including wireless capabilities, a robust Ubicom-based QoS (Quality of Service) engine, and extensive profiles for automatically opening ports for online gaming. The FVS114’s VPN features, however, are impressive for such an inexpensive box.

The summary below of the 114's VPN features is taken from the security features section of the FVS114 Web page. If you're familiar with IPsec gateways, you'll see that the 114's feature set is pretty good for such an inexpensive box.

• VPN Functionality: Eight (8) dedicated VPN tunnels, Manual key and Internet Key Exchange Security Association (IKE SA) assignment with pre-shared key and RSA/DSA signatures, key life and IKE lifetime time settings, perfect forward secrecy (Diffie-Hellman groups 1 and 2 and Oakley support), operating modes (Main, Aggressive, Quick), fully-qualified domain name (FQDN) support for dynamic IP address VPN connections.
  
  
• IPSec Support: IPSec-based 56-bit (DES), 168-bit (3DES), or 256-bit (AES) encryption algorithm, MD5 or SHA-1 hashing algorithm, AH/AH-ESP support, PKI features with X.509 v.3 certificate support, remote access VPN (client-to-site), site-to-site VPN, IPSec NAT traversal (VPN pass through).

Note that the FVS114 supports digital certificate-based authentication. The management interface enables you to generate a “Self Certificate” request (using the Certificates link under the VPN section) that can be submitted to a Certificate Authority (CA) and import the certificate that you receive from a CA. However, it can’t generate a usable certificate directly. The management interface also enables you to upload a Certificate Revocation List (CRL) from your CA (using the CRL link under the VPN section).

Two types of VPNs tunnels are supported by the FVS114: LAN-to-LAN and remote-client. Rather than clutter up the review, I've provided detailed instructions for setting up a LAN-to-LAN tunnel and guidelines for setting up a remote-client tunnel here in Appendix A.

The wizard worked well for setting up a LAN-to-LAN tunnel using a pre-shared key. Once I overcame some self-generated problems from my not-so-real-world test configuration, I was able to set up a client-to-gateway tunnel, using the Resource CD's application notes.

Once the LAN-to-LAN VPN connection is established, you’ll have access to resources on the remote LAN. In my tests, I created a share on the remote LAN and mapped a drive to it. Similarly, the net view \\remote_IP command line prompt properly displayed the shared resources for that remote IP address.

The FVS114 management interface also enables you to view the status of the VPN and data for each active VPN tunnel. To access the VPN Status/Log screen, use the VPN Status link under the VPN section.

Figure 6 shows a VPN Status screen example.

Figure 6: VPN Status

Tags: IPsec, Netgear, Router reviews, VPN,

Related Articles: