Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless Reviews

VPN

Like its 802.11b FVM318 sibling, the FWAG has a built-in IPsec endpoint and also supports VPN passthrough for PPTP, IPsec and L2TP traffic. But unlike the FVM318, the endpoint is for tunnels originating or terminating on the WAN interface only. Protection for wireless LAN clients will need to be done via WEP or WPA (more on this later).

The IPsec endpoint has its good and bad points. On the plus side, it's much more configurable than the endpoints found on Linksys' popular BEFVP41 [reviewed here] and BEFSX41 [reviewed here] routers, and supports digital certificates (and a certificate revokation list) for IKE policy authentication in addition to pre-shared keys. NETGEAR also includes a couple of detailed setup examples for FWAG114-to-FWAG114 VPNs.

The main negatives are its logging and connection setup. VPN setup log messages are generally tough to decipher unless you're an expert, but I found the FWAG's tougher to decipher than those generated by Linksys' BEFSX41. Since there's no Connect button, NETGEAR suggests you try to ping a client on the opposite end of the tunnel to get things started. Once you're up, there's no way to terminate a connection (although this is more of a problem during testing than in real application).

Having recently figured out how to make WinXP's built-in IPsec client work [see this ProblemSolver for the details], I figured I'd try to get it to work its magic with the FWAG. I eventually succeeded, but only could get the tunnel going from the FWAG end and after a router reboot. And although the tunnel appeared to be working, this message in the VPN Log didn't exactly inspire confidence!

[2003-09-02 17:17:39]Something terribly wrong, trying to free alredy freed

IKE_QM_STATE block

However, I was impressed that the throughput through the tunnel averaged a respectable 1.6Mbps from the XP client to FWAG and 2.0Mbps in the reverse direction, which is well matched to most broadband connection speeds.

Tip! Tip: If you want to try your own luck at getting XP and the FWAG tunneling in harmony, here are my basic setup details:

FWAG114 IKE Policy
Direction Type Both directions
Local Identity Type WAN IP address
Remote Identity Type Remote WAN IP
IKE SA Parameters

Encryption algorithm: 3DES
Authentication algorithm: MD5
Authentication method: Pre-shared key
Diffie-Hellman Group: Group 2

FWAG114 VPN Auto Policy
IKE policy select the policy created
Remote VPN endpoint IP address
IPsec PFS selected, PFS Key Group 2
Traffic Selector Local IP: Subnet address
Remote IP: Single address
ESP configuration Enable encryption, 3DES
Enable authentication, MD5
XP Client

Basic approach is mirror the settings above.

For both rules:
Filter action should require security, ESP with MD5 & 3DES.
Authentication method is Pre-shared key with matching key.

For the "To" rule:
Tunnel setting uses FWAG's WAN IP as specified address
IP Filter list uses "My IP address" as Source, FWAG IP subnet as Destination addresses, mirrored

For the "From" rule:
Tunnel setting uses XP client's IP address as specified address
IP Filter list uses FWAG IP subnet as source, "My IP address" as Destination addresses, mirrored

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I run an OpenVPN client on my ASUS RT-AC86U with 384.10_2 firmware. Everything works fine except that whenever the VPN client disconnects (happens occ...
Hey guys; so obviously I can add my wifi printer to any particular SSID, but is there a way I can make it available to any device, regardless of which...
This is really annoying. I bought an Archer A7 because it was wirecutter's top pick for a home wifi router and bonus it has parental controls and can ...
I just logged in and saw 1 core being maxed.Some rouge process has glitched and I have no idea how long it was pegged use a full cpu core.A script iss...
I can obviously ping the gateway from any device, but regardless of whether I turn on "guest" access to the share (or use username/pw), or try it with...

Don't Miss These

  • 1
  • 2
  • 3