safe to hook up vpn router to wifi location?

Junior Poster

110 posts since Sep 2011

Reputation Points: 10

Solved Threads: 3

Skill Endorsements: 0

0

So I am not clear based on your description, but is sounds like there is a location that you are at that has Wifi. This Wifi network is connected to the Internet. You want to be able to connect back to your work's network. If this is correct, this is my suggestion...

You do not need a VPN router. If you want to connect back to your corporate network, if they offer VPN services, you need the VPN client loaded on your computer. If they do not have VPN services, how do you normally connect back when you are travelling or at a remote location? Connecting back to a work location via VPN over a public netowrk is Safe. That is the point of VPN, to secure the connection over an untrusted network.

"Anyone connecting on this wifi could access your network, but its not connected to your work network???" Of course not... How did this IT person explain that a person could connect back to the work network through a public wifi?

JorgeM

Industrious Poster

4,002 posts since Dec 2011

Reputation Points: 294

Solved Threads: 543

Skill Endorsements: 115

0

>>How did this IT person explain that a person could connect back to the work network through a public wifi?

I think he meant that he wanted to take a router and connect it downstream from the public wifi router. So that his wan port is connected to the public router and he offers his own wifi. His router would then create a peer to peer vpn tunnel.

#1 - most consumer routers will not let you connect WAN to a wifi network.
#2 - if somehow you got around #1, if you leave your wifi open, then yes, everyone could connect to the remote network.
#3 - Your IT person should have suggested just using a client on your PC.

Posting Pro in Training

498 posts since Jul 2010

Reputation Points: 49

Solved Threads: 59

Skill Endorsements: 10

0

this building location that is offering wifi is NOT connected to the work network. However, the vpn connection that I need for the app will be connecting to the work network. The other I.T. guy stupidly told me in one sentence that its a security vulnerability because anyone connected to the public wifi will be able to hit the work network. I disagreed with him but didnt want to argue about it. Not an arguer, im more of a solutions kind of guy. Thanks for the help guys!

Junior Poster

110 posts since Sep 2011

Reputation Points: 10

Solved Threads: 3

Skill Endorsements: 0

1

If the router that connects public wifi to the internet will ALSO be used to create a VPN tunnel, this is still a safe config if done correctly.

Just separate out the public wifi space from the private space in 2 VLANs isolated from each other. Both route outbound. THe VPN tunnel is built to match the interesting traffic to only the private wifi subnet.

I do this all the time.

Posting Pro in Training

498 posts since Jul 2010

Reputation Points: 49

Solved Threads: 59

Skill Endorsements: 10

0

CimmerianX, I must purchase a separate vpn router due to the fact that the current wifi router does not have vpn capabilities. Is it still feasible??

Junior Poster

110 posts since Sep 2011

Reputation Points: 10

Solved Threads: 3

Skill Endorsements: 0

1

To have a dedicated router that can support VPN tunnel would suggest that you have more than one person in this building that needs a secure connection back to the remote office. Generally, these "branch office" tunnels are created so that you can have a small office of employees to have a secure connection back. However, just to summarize what I had suggested before...if you are the only employee at this location, then a VPN router is not feasible. All you need to do is load the VPN client on your computer and connect back to your work's network through their VPN gateway. This will create a secure tunnel over this pubic network. That is safe. If you do require to create a branch office tunnel, then both networks at this location should be separated by VLANs.

JorgeM

Industrious Poster

4,002 posts since Dec 2011

Reputation Points: 294

Solved Threads: 543

Skill Endorsements: 115

0

What model is the current router?

Posting Pro in Training

498 posts since Jul 2010

Reputation Points: 49

Solved Threads: 59

Skill Endorsements: 10

0

At the location that offers free wifi its a Netgear G54 wireless router. And at the main office where the database server(WORK NETWORK) is at, the router is a Linksys 10/100 8-port VPN Router. But I think I been overthinking about this whole situation. I do believe that if I set up a vpn connection to the database network(WORK NETWORK), it will work just fine and it will be secure, and no public wifi user should be able to access ANY network resources that is on the WORK NETWORK. PLEASE correct me if I am wrong.?!

Junior Poster

110 posts since Sep 2011

Reputation Points: 10

Solved Threads: 3

Skill Endorsements: 0

1

I do believe that if I set up a vpn connection to the database network(WORK NETWORK), it will work just fine and it will be secure, and no public wifi user should be able to access ANY network resources that is on the WORK NETWORK. PLEASE correct me if I am wrong.?!

You are correct.

JorgeM

Industrious Poster

4,002 posts since Dec 2011

Reputation Points: 294

Solved Threads: 543

Skill Endorsements: 115

1

I"m with ITG-JM. If it's only for 1 user (you), then use a VPN client on your machine.

Posting Pro in Training

498 posts since Jul 2010

Reputation Points: 49

Solved Threads: 59

Skill Endorsements: 10

0

Thanks for all the help guys. But when you say use a vpn client, whta specifically are you talking about? I was just talking about using the Windows Create a vpn connection wizard. I wouldnt need to get some special vpn client software would I? Im open to ALL recommendations. And please be specific on your answers as it is a little difficult to interpret you guys at times lol Dont take it personal.