1,105,427 Community Members

safe to hook up vpn router to wifi location?

Member Avatar
SyncMaster170
Junior Poster
110 posts since Sep 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 3 [?]
Skill Endorsements: 0 [?]
 
0
 

Hello all,
This is my problem, I currently have a building location where my work offers wifi. I have built an app for them that connects to our sql database. My work wants the app at that location where wifi is offered to the public.
Currently there is free wifi offered to the public at this location, so the modem has a netgear wifi router attached to it. First question: (1) Where would I attach the vpn router? To the wifi router or modem? (2) Would there be a security risk for my works database if I set this all up(i.e. had a vpn connection to our database and had free wifi at this location also)?
I was told by the other I.T. guy that this is a possible security risk because anybody hooked up to wifi could access our network? Eventhough this building location is not networked to our main network.
Thanks in advance. Im really just looking for another professional opinion.

Member Avatar
JorgeM
IT Addict
6,418 posts since Dec 2011
Reputation Points: 581 [?]
Q&As Helped to Solve: 963 [?]
Skill Endorsements: 172 [?]
Moderator
Featured
Sponsor
 
0
 

So I am not clear based on your description, but is sounds like there is a location that you are at that has Wifi. This Wifi network is connected to the Internet. You want to be able to connect back to your work's network. If this is correct, this is my suggestion...

You do not need a VPN router. If you want to connect back to your corporate network, if they offer VPN services, you need the VPN client loaded on your computer. If they do not have VPN services, how do you normally connect back when you are travelling or at a remote location? Connecting back to a work location via VPN over a public netowrk is Safe. That is the point of VPN, to secure the connection over an untrusted network.

"Anyone connecting on this wifi could access your network, but its not connected to your work network???" Of course not... How did this IT person explain that a person could connect back to the work network through a public wifi?

Member Avatar
CimmerianX
Practically a Master Poster
661 posts since Jul 2010
Reputation Points: 53 [?]
Q&As Helped to Solve: 83 [?]
Skill Endorsements: 13 [?]
 
0
 

>>How did this IT person explain that a person could connect back to the work network through a public wifi?

I think he meant that he wanted to take a router and connect it downstream from the public wifi router. So that his wan port is connected to the public router and he offers his own wifi. His router would then create a peer to peer vpn tunnel.

#1 - most consumer routers will not let you connect WAN to a wifi network.
#2 - if somehow you got around #1, if you leave your wifi open, then yes, everyone could connect to the remote network.
#3 - Your IT person should have suggested just using a client on your PC.

Member Avatar
SyncMaster170
Junior Poster
110 posts since Sep 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 3 [?]
Skill Endorsements: 0 [?]
 
0
 

this building location that is offering wifi is NOT connected to the work network. However, the vpn connection that I need for the app will be connecting to the work network. The other I.T. guy stupidly told me in one sentence that its a security vulnerability because anyone connected to the public wifi will be able to hit the work network. I disagreed with him but didnt want to argue about it. Not an arguer, im more of a solutions kind of guy. Thanks for the help guys!

Member Avatar
CimmerianX
Practically a Master Poster
661 posts since Jul 2010
Reputation Points: 53 [?]
Q&As Helped to Solve: 83 [?]
Skill Endorsements: 13 [?]
 
1
 

If the router that connects public wifi to the internet will ALSO be used to create a VPN tunnel, this is still a safe config if done correctly.

Just separate out the public wifi space from the private space in 2 VLANs isolated from each other. Both route outbound. THe VPN tunnel is built to match the interesting traffic to only the private wifi subnet.

I do this all the time.

Member Avatar
SyncMaster170
Junior Poster
110 posts since Sep 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 3 [?]
Skill Endorsements: 0 [?]
 
0
 

CimmerianX, I must purchase a separate vpn router due to the fact that the current wifi router does not have vpn capabilities. Is it still feasible??

Member Avatar
JorgeM
IT Addict
6,418 posts since Dec 2011
Reputation Points: 581 [?]
Q&As Helped to Solve: 963 [?]
Skill Endorsements: 172 [?]
Moderator
Featured
Sponsor
 
1
 

To have a dedicated router that can support VPN tunnel would suggest that you have more than one person in this building that needs a secure connection back to the remote office. Generally, these "branch office" tunnels are created so that you can have a small office of employees to have a secure connection back. However, just to summarize what I had suggested before...if you are the only employee at this location, then a VPN router is not feasible. All you need to do is load the VPN client on your computer and connect back to your work's network through their VPN gateway. This will create a secure tunnel over this pubic network. That is safe. If you do require to create a branch office tunnel, then both networks at this location should be separated by VLANs.

Member Avatar
CimmerianX
Practically a Master Poster
661 posts since Jul 2010
Reputation Points: 53 [?]
Q&As Helped to Solve: 83 [?]
Skill Endorsements: 13 [?]
 
0
 

What model is the current router?

Member Avatar
SyncMaster170
Junior Poster
110 posts since Sep 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 3 [?]
Skill Endorsements: 0 [?]
 
0
 

At the location that offers free wifi its a Netgear G54 wireless router. And at the main office where the database server(WORK NETWORK) is at, the router is a Linksys 10/100 8-port VPN Router. But I think I been overthinking about this whole situation. I do believe that if I set up a vpn connection to the database network(WORK NETWORK), it will work just fine and it will be secure, and no public wifi user should be able to access ANY network resources that is on the WORK NETWORK. PLEASE correct me if I am wrong.?!

Member Avatar
JorgeM
IT Addict
6,418 posts since Dec 2011
Reputation Points: 581 [?]
Q&As Helped to Solve: 963 [?]
Skill Endorsements: 172 [?]
Moderator
Featured
Sponsor
 
1
 

I do believe that if I set up a vpn connection to the database network(WORK NETWORK), it will work just fine and it will be secure, and no public wifi user should be able to access ANY network resources that is on the WORK NETWORK. PLEASE correct me if I am wrong.?!

You are correct.

Member Avatar
CimmerianX
Practically a Master Poster
661 posts since Jul 2010
Reputation Points: 53 [?]
Q&As Helped to Solve: 83 [?]
Skill Endorsements: 13 [?]
 
1
 

I"m with ITG-JM. If it's only for 1 user (you), then use a VPN client on your machine.

Member Avatar
SyncMaster170
Junior Poster
110 posts since Sep 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 3 [?]
Skill Endorsements: 0 [?]
 
0
 

Thanks for all the help guys. But when you say use a vpn client, whta specifically are you talking about? I was just talking about using the Windows Create a vpn connection wizard. I wouldnt need to get some special vpn client software would I? Im open to ALL recommendations. And please be specific on your answers as it is a little difficult to interpret you guys at times lol Dont take it personal.

Question Answered as of 1 Year Ago by CimmerianX and JorgeM
You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article