Multi-State Family Networking?

Valley Redneck asks: "The last few members of my extended family just entered the 20th century and went to broadband. Now that we're all on-line with small home LANs in place, we'd like to start sharing stuff via a VPN. The only problem is I'm the only marginally tech savvy one in the bunch, and I'd rather not have to hop a plane to configure everyone's box. Any recommendations for a broadband router that supports VPN to use on the mother-ship network that will play nice with all versions of Windows XP SP 2 (Pro, Home and Media Center) and its VPN client?"

Do it in software

[Cyberglich]

Hardware can be trickey use software Hamachi is a very easy to use very powerfull very secure and it supports windows mac and linux. www.hamachi.cc

hamachi

[schwal]

just install, and give em a password to your network. even has chat.

Cool. But why?

[peacefinder]

You may not need to bother with hardware VPN devices. There are some reasonable software solutions that can run right on the endpoint computers.

I've heard good things about Hamachi, but I haven't used it myself. I have used OpenVPN, and I love it. It's pretty simple to set up, even using certificate-based authentication and encryption. You can have everyone download and install it themselves, then you can send them configuration files.

Before you do all this, though, there's an important question to ask: Is a VPN worth the additional risks? If all the machines are in a pseudo-local network over the VPN and someone gets a worm, you could all go down together. Unless you're planning to do something which actually requires pseudo-local network access, you might be better off to make whatever you're planning to do be web-based.

Re:Cool. But why?

[ckulpa]

Check out the Security Now Podcast or transcript http://www.grc.com/securitynow.htm http://www.grc.com/sn/SN-018.htm Episode 18 and 19 is about Hamachi.

openvpn?

[dead.phoenix.616]

Hi,

not sure exactly if you want to go the hardware way,
and not sure if what I mention meets your criteria,
but if you can set up a single linux box as a router
some place, that box can run openvpn (server) while
each client can hook up to it with the openvpn client
software (windoze client too ;)
trivial to set up:
http://www.openvpn.org/

cheers,

j

Re:openvpn?

[karnal]

That should be http://www.openvpn.net/.net, not .org....

Smoothwall, mayhaps?

[elwin_windleaf]

I haven't used it in a while, but have you investigated Smoothwall linux? It's a linux distribution converts old PCs into very network-capable routers. Not only that, but it's manageable through web and SSH (I believe).

One of the reasons it came to mind is that it supports VPN connections between routers (again, I believe; haven't worked with it in a while). If you've got some spare PCs lying around (usually a prerequisite to reading Slashdot), this might be a great way to get your family networked for free while cleaning out the basement.

A Linux distro possible ... Clarkconnect

[douggmc]

Check out http://www.clarkconnect.com/ if you are so inclined at all for a pretty darn good and robust solution in terms of a software approach. It does many things including VPN services.

Linksys rv042 routers

I work for a small IT shop and we use linksys RV042 routers that support ipsec vpn's and dyndns. you can set them all do have dyndns accounts, and setup the vpn links on each, then ship them to your family, when the plug them in they register with dyndns, and viola! the vpn just sort of comes together. I've done this for small companies that need a vpn, but can't afford to fly me to some other state, it works great, just make sure each router has a different subnet, and upgrade the firmware before you do anything!

OpenVPN

[shish]

I seem many people recommending hamachi; while OK, I prefer openvpn -- it works much nicer cross platform (the linux version seems half assed compared to the windows, whereas ovpn is exactly the same everywhere), it doesn't have an external company as a single point of failure, it's more configurable, and generally feels more solid.

Its main downside is that it's designed server-client with you being the server, so you become the single point of failure, as well as having to act as proxy for all network traffic -- AFAIK hamachi only uses the central server to start connections, and runs p2p from then on.

Re:Use..

[wolrahnaes]

gah, no sveasoft!

We've been through this quite a few times here, but for the benefit of those who missed the great Sveasoft debates, here's a quick summary:

1. Linksys releases GPL code for WRT54G routers
2. People start modifying this code
3. Sveasoft forms a community around a particulat "distro"
4. Sveasoft starts charging
5. Sveasoft gets pissed that people are exercising their legal right to share the GPLed software for free
6. Sveasoft cuts back on source releases, bans anyone who even mentions the GPL on their forums
7. Sveasoft stops source releases entirely for "test" versions (a.k.a. current, release is the old outdated version)
8. DD-WRT project starts as fork of last Sveasoft source releases
9. Sveasoft threatens DD-WRT, calls it a ripoff of their product
10. DD-WRT developers and community collectively laugh, continue developing and releasing both binaries and source regularly
11. Sveasoft crawls back in to a hole

Basically, don't use Sveasoft, and definately don't pay for it. They are repeat GPL violators and do not in any way support the WRT community. Use HyperWRT for basic features, DD-WRT for a fully-featured mega-distro, and OpenWRT for a top-end complete custom build.

Personally, I run DD-WRT v23 SP1 VoIP edition, and it does an excellent job of both connecting my Xbox to XLink Kai and handling QoS for my IP phones, not to mention all the neat wireless tricks.