EGOPOLY

Topics include: programming, Apple, Unix, gadgets, large-scale web sites and other nerdy stuff.

Another IPSec solution for Mac OS X Leopard

2008-06-23 21:23:06

I finally got around to replacing my Apple Airport Extreme as my home router. Airports have a few nice features, such as nice seamless extension of a wireless network, and sharing of HFS-formatted hard drives. But as routers, they pretty much blow. You can't add static routes, and they don't have integrated VPN capabilities.

I selected a NetGear FVS318 v3 as a router, mostly because I had read some posts that many people had made it work with the IPSec VPN utility IPSecuritas. It pretty much worked out of the box: I set up the router normally (I have a fixed IP address at home), then followed the instructions built in to IPSecuritas for the 318 router.

I was careful to select an internal network scheme that is unlikely to collide with common schemes found at internet cafes and most companies. That is, my home network is not in 192.168.0.0/16 or 172.16.0.0/*, nor is it 10.0.0.0/24. There seems to be a way to configure IPSec to "reverse NAT" so that inbound remote connections masquerade as an address on the local network. I need to figure that one out.

Testing an IPSec VPN at home is a little tricky. Most people don't have an extra external IP address at home they can use as a test, so one would have to set things up and then test connecting to home from the office or a neighbor's house. But I have a Sprint EVDO USB, so I was able to connect with that.

The FVS318 also allowed me to add a static route so that my OpenVPN (which is running on my old Linux machine) will work as well, so I have two VPNs, in case there is an address conflict with the IPSec network.