[lopsa-discuss] hardware VPN devices for laptops?

Dan Rich drich at employees.org
Wed Dec 21 11:36:19 PST 2005 

David Parter wrote:
>> Can you elaborate on the "reconfiguration" problem?
>>     
>
> sure. Especially if the laptop in question is at some other location (a
> hotel room, at home, etc), if there is no software component on the
> laptop, then the support staff (especially me!) doesn't have to try and
> talk something through windows configuration menus and debugging on the
> phone.
>
> The idea is that the hardware VPN box plugs in exactly where the
> broadband modem would be -- it looks just like any other ethernet to the
> laptop, no question about routing tables, which virtual interface is up,
> etc. Windows is pretty good now about a "simple" network connection...
>   
Which is great if the hotel has broadband.  The hardware devices I've 
used are all useless on a wireless connection (i.e. the Town and Country 
in San Diego, my local Staryucks, the airport, etc).  The software VPN 
will work in all of those places.

As to configuration, for the one I'm using currently (Cisco) you just 
download the software, download a profile (config file), click on 
"connect", and you're up and running.  For Windows boxen, our IT 
department send out a CD that does it all for you.  For those of us with 
Macs or Linux boxen you have to know what you're doing just a little 
bit, but not much more than that.
>> I've seen the VPN hardware that Trey and some others carry about. 
>> portable? yes; small? It doesn't pass the "fits in your shirt pocket"
>> test.
>>     
> It does fit in the laptop bag, however. 
>   
The one that I used in the past (small startup since gone under) was 
about the size of a pack of cigarettes.  However, I don't remember a 
single case of anyone carrying it in their shirt pocket, it got dumped 
in the laptop bag with the usual assortment of power adaptors, cables, 
batteries, and all of the other bits most folks carry along with their 
laptop.
>> And I have to wonder it the "reconfiguration" issue
>> that you're worried about doesn't occur there as well.
>>     
>
> In theory, once the VPN hardware device is configured, it stays
> configured... 
>
> Anyone with postitive or negative experiences trying to support such
> devices, or software VPN configurations?
>   
The hardware device I used almost always worked.  The ones I've seen 
always allow pass-through connections until they establish the VPN, so 
that was never a problem.  And the policies were all stored on the VPN 
server, so they could be updated easily.

The same isn't quite true of software VPNs, as I've had issues with them 
not always being reliable.  As an example, the Cisco software VPN would 
work fine from my hotel room at LISA (LodgeNet - at least when LodgeNet 
was working), but not from the conference network until I changed the 
configuration to use TCP instead of UDP.  I'm not sure that's something 
I'd want to walk one of our less technical users through over the phone.

-- 
Dan Rich <drich at employees.org> |   http://www.employees.org/~drich/
                               |  "Step up to red alert!"  "Are you sure, sir?
                               |   It means changing the bulb in the sign..."
                               |          - Red Dwarf (BBC)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lopsa.org/pipermail/discuss/attachments/20051221/347fb905/attachment.htm

More information about the Discuss mailing list