Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless Reviews

VPN

Like its 802.11b FVM318 sibling, the FWAG has a built-in IPsec endpoint and also supports VPN passthrough for PPTP, IPsec and L2TP traffic. But unlike the FVM318, the endpoint is for tunnels originating or terminating on the WAN interface only. Protection for wireless LAN clients will need to be done via WEP or WPA (more on this later).

The IPsec endpoint has its good and bad points. On the plus side, it's much more configurable than the endpoints found on Linksys' popular BEFVP41 [reviewed here] and BEFSX41 [reviewed here] routers, and supports digital certificates (and a certificate revokation list) for IKE policy authentication in addition to pre-shared keys. NETGEAR also includes a couple of detailed setup examples for FWAG114-to-FWAG114 VPNs.

The main negatives are its logging and connection setup. VPN setup log messages are generally tough to decipher unless you're an expert, but I found the FWAG's tougher to decipher than those generated by Linksys' BEFSX41. Since there's no Connect button, NETGEAR suggests you try to ping a client on the opposite end of the tunnel to get things started. Once you're up, there's no way to terminate a connection (although this is more of a problem during testing than in real application).

Having recently figured out how to make WinXP's built-in IPsec client work [see this ProblemSolver for the details], I figured I'd try to get it to work its magic with the FWAG. I eventually succeeded, but only could get the tunnel going from the FWAG end and after a router reboot. And although the tunnel appeared to be working, this message in the VPN Log didn't exactly inspire confidence!

[2003-09-02 17:17:39]Something terribly wrong, trying to free alredy freed

IKE_QM_STATE block

However, I was impressed that the throughput through the tunnel averaged a respectable 1.6Mbps from the XP client to FWAG and 2.0Mbps in the reverse direction, which is well matched to most broadband connection speeds.

Tip! Tip: If you want to try your own luck at getting XP and the FWAG tunneling in harmony, here are my basic setup details:

FWAG114 IKE Policy
Direction Type Both directions
Local Identity Type WAN IP address
Remote Identity Type Remote WAN IP
IKE SA Parameters

Encryption algorithm: 3DES
Authentication algorithm: MD5
Authentication method: Pre-shared key
Diffie-Hellman Group: Group 2

FWAG114 VPN Auto Policy
IKE policy select the policy created
Remote VPN endpoint IP address
IPsec PFS selected, PFS Key Group 2
Traffic Selector Local IP: Subnet address
Remote IP: Single address
ESP configuration Enable encryption, 3DES
Enable authentication, MD5
XP Client

Basic approach is mirror the settings above.

For both rules:
Filter action should require security, ESP with MD5 & 3DES.
Authentication method is Pre-shared key with matching key.

For the "To" rule:
Tunnel setting uses FWAG's WAN IP as specified address
IP Filter list uses "My IP address" as Source, FWAG IP subnet as Destination addresses, mirrored

For the "From" rule:
Tunnel setting uses XP client's IP address as specified address
IP Filter list uses FWAG IP subnet as source, "My IP address" as Destination addresses, mirrored

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I have been upset that the rt-ac56u was not included in the routers that would support Aimesh since it is very similar to the rt-ac68u and decided to ...
Is there a way to set up the guest network to use PiHole as its DNS when it is set to block Access to Intranet?I tried the following:LAN > DHCP Server...
Trying to work out how to install Mosquitto on a AsusWRT firmware / Asus RT-AC68U combo.I believe the Linux is based on Tomato and heavily modified, b...
So I have a bit of a issue with wifi clients connecting to a ASUS RT-AC86U in repeater mode. I will try to lay it out.So I have a Asus RT-AC88U as the...
Hi, I have a samba share mounted on a aimesh node. It can be accessed via the very insecure asus admin default account. Can I change the password on t...

Don't Miss These

  • 1
  • 2
  • 3