Jan. 14, 2008 - Added Netgear WNR854T router with firmware 1.4.23NA to the Good Router List
Note: This list may be dependent on the firmware revision used on the router.
Please report the model number and firmware in place on the router in the Novell Public Forums so
that this list can be updated as needed.
IPSec Passthru Note - I have recently found that at least some routers need to have
IPSec passthrough (passthru) enabled for BorderManager 3.8 IKE-based Client-Site
VPN to work. Please enable it and test before giving up on the router. Some
of the routers on this list may have been fine if that setting was enabled, but
that test may not have been performed before a user emailed me with a bad
router update.
This is not an all-inclusive list, and it is being compiled on the feedback from Novell Public Forum
users. If you know that one of these models does in fact work with BorderManager 3.6 VPN over NAT,
please notify the sysops in the BorderManager public forums immediately so that we can correct this
list. We (Sysops) expect that firmware revisions to correct some problem will eventually make this
list go away. It is also possible that users reporting these routers to us have not configured
them properly, though default settings should work.
I am unsure about the other Linksys routers such as the BEFN2PS4, BEFSRU31, BEFW11P1,
BEFW11S4, and HPRO200. I strongly suspect they will work as long as they have the latest firmware
upgrade.
Note: This list may be dependent on the firmware revision used on the router.
Please report the model number and firmware in place on the router in the Novell Public Forums so
that this list can be updated as needed.
Personally, I have used a Linksys BEFSR11 and later a Netgear RP614v2 successfully with both legacy-
and NMAS-mode VPN connections, over a cable modem. In fact, I go through a BorderManager static
NAT hop, and then through dynamic NAT on the router to get to the Internet. As of this writing (Nov.
10, 2004), the firmware revision on my current router (Netgear RP614v2) is 5.20_RC3NA Apr 23,
2004.
We need more information to make this list more complete, so if you have a Cable Modem/DSL router, please post the information as to whether it works or not to us in the Novell Public Forums!
Normally I don't have to change any default settings on routers
to get Client-Site VPN to work over them.
Oct 12, 2006 - An exception to the above statement has to do with BorderManager
3.8 Client-Site VPN, when using NMAS (IKE) mode to connect (instead of
compatiblity mode): You must enable IPSec passthru on the router. If you do
not, you may be able to authenticate and make a C2S VPN connection, but not be
able to ping any hosts on the protected network. Some routers will have
IPSec passthru enabled by default, and some won't.
One Novell forums user reported that he had problems with VPN when using routers configured to give
out DHCP addresses with no expiration. (Normally lease time on a DHCP lease is 3 days). He said
that once he put on an expiration time for the leases that VPN started working OK.
Mar. 11, 2006 - I have been struggling to get Client-Site VPN working through a
Xincom router set up using multidmz mode to forward all packets to a BM 3.8
server. It works fine when I connect if my client is behind a NetWare server
doing NAT. It seems not to work for almost all other cases. (Update: I got this
to work by enabling IPSec passthru on the Xincom router.)
Here are some links to web sites with tips (and some patches) for various routers:
General Help: http://www.practicallynetworked.com/
Linksys specific help: http://www.practicallynetworked.com/support/linksys_router_help_pg2.htm
3rd-Party Firmware for Linksys Routers: http://www.sveasoft.com/
Thanks to Caterina Luppi for this tip! (Some of this information is now obsolete. Some newer Linksys routers will work with VPN, while others may need a firmware update.)
BorderManager 3.6 allows you to establish the client-to-site VPN even if the client is behind a device performing NAT, like the DSL routers used to connect for home usage.
Nevertheless, not all the routers and devices performing NAT are compatible with the BorderManager 3.6 VPN.
The Linksys 4-port and 8-port Cable Modem/DSL routers are known to break the Client-to-Site VPN because of the UDP checksumming performed by the router itself. The Client-to-Site VPN across a NAT
device uses UDP 2010 packets to carry the SKIP packets used for the encryption key exchange. Unfortunately these packets don't pass the UDP checksumming test, and they get dropped at the router. Note
that in the configuration of the router, the UDP checksumming APPEARS TO BE DISABLED while it is still taking place.
For the time being I don't recommend using this model of router if you are planning to connect to a BorderManager Client-to-Site VPN.
The Cisco, D-Link and Netgear DSL routers, on the other hand, are known to work perfectly with the BorderManager 3.6 VPN.
If you are using other models of DSL routers, please, report your experience in the VPN section of the Novell Support connection forums, and we will add your model of router to this list.
Note: Some people have reported problems going through Linux Masquerading as well, due to some port translation taking place. More on this issue as information comes in to the Novell Public
Forums.
Apr. 6, 2007 - Added Linksys WAG54v2, firmware revision 1.01.17 to the Bad Router List
Dec. 17, 2006 - Added Linksys WAG54gx2 to the Bad Router List
Oct 12, 2006 - Added IPSec passthru note, and Airlink 101 route to Good Router List
May 18, 2006 - Added WGR614v5 with the latest firmware version 1.09 - Thanks Barry Akin!
May 1, 2006 - Added Linksys DSL Wireless modem BEFW11S4 to the working list. Also added NETGEAR DG834B ADSL Modem Router (not the GB, GTB or PNB .. just B) to the working list - Thanks Sascha Kauschka!
Mar. 13 2006 - Added Linksys WRT54GL to the working list. Thanks Kevin Carr!
Added Billion 7402 v2 to the working list. Thanks Laura Buckley!
Mar. 13 2006 - Added Linksys WRT54GS v5 to the not-working list. Thanks John Donnelly!
Mar. 11 2006 - Added Belkin F5D8230-4 information to each list. Added information below the lists about possibly having problems if using DHCP with a non-expiring lease.
Feb. 24 2006 - Added Dlink 614 rev B, firmware 3.42 to the not working list. Added Linksys BEFSR41 Version 2, firmware 1.46.2 to the working list.
Jan. 19 2005 - Added Netgear WGR614v4 to the working list.
Jan. 18 2005 - Added Netgear WGT624 to the working list, with one particular firmware.
Dec. 16, 2004 - Added Linksys WRV54G to the 'works OK' list.
Dec. 11, 2004 - Added Belkin wireless router model F5D7230-4 to the 'Works OK' list. Also DLink 604 and 624.
Dec. 3, 2004 - Added 3COM Model 3CRWE51196 to the 'Works OK' list.
Dec. 2, 2004 - Added TrendWare TW100-BRF114 to the 'Doesn't Work' list, and added 3COM Model 3CRWE53172 to the 'Works OK' list.
Nov. 9, 2004 - Interesting post in the forum on the Linksys WRT54G router. Updating the firmware to a 3rd-party company version got the VPN to work. See http://www.sveasoft.com/ .
Oct 25, 2004 - Added several Siemens routers to the 'works OK list'.
Aug 14, 2004 - Removed Netgear WGT624 (v2) 4-port 108MB 802.11g wireless router from the 'works OK' list and replaced it with the Netgear RP614v2 router. I mistakenly mixed up these two
routers when I updated this site on Aug 4, 2004. (I tested the RP614v2 myself, in both SKIP and IKE modes). I have not yet tested the WGT624 (wireless) router with VPN.
Feb 5, 2004 - Removed Linksys BEFCMU10 from 'doesn't work' list and added it to 'works OK list'. User reporting the problem found that the issue he was having was with a personal firewall
product, not the Linksys.
Jan 12, 2003 Added Linksys BEFCMU10 to list of "doesn't work" routers.
Jan 10, 2004 - Added 2wire HP1000sw DSL firewall/router to list of "doesn't work" routers.
Apr. 3 - Added Netgear DG814 and Draytek Vigor 2600
Jan. 29, 2003 - Added Netgear FR114P
Oct. 15, 2002 - added Netgear RP614
Oct. 8, 2002 - Added Solwise SAR705.
May 22, 2002 - Added Asus AAM6000EV DSL modem/router.
Apr. 29, 2002 - removed Netgear RP114 from the not-working list and put it on the working list, after getting some better testing done...
Apr. 17, 2002 - Added Netgear FR314 to the working list.
Apr. 9, 2002 - Added Netgear RP114, latest Firmware (3.26) to the 'not-working' list.
Jan. 14 - Added DynaLink (Askey) RTA 020 to list of working routers.
Dec. 21 - Updated with some information on the Linksys 1-port BEFSR11 (which I use).
Nov. 12 - Added Netgear RT314 to compatible list.
Sept. 4 - Added Draytek Vigor 2200 to the list of routers that don't work. Added SMC Barricade SMC7004ABR to the list of those that do work with NAT.
August 2 - Cisco 677 added to list of routers known to work with VPN over NAT.
June 28 - See the URL's at the bottom of this page. Linksys has released a 1.39 firmware patch, which appears to make the beta patch mentioned below obsolete.
May 17, 2001. A new (beta) firmware revison for Linksys routers, 1.38.6 with a date of 5/15/01, has been tested by a forum user on a Linksys BEFSR41, and afterwards, VPN over NAT worked! This
was a beta release revision on May 17, 2001.