# Security issues with VPN and standard router?



## BillBald (Oct 1, 2007)

Are there security issues with VPN when going through a standard router? 
Does port forwarding on the router, and opening ports in Windows or 3rd party firewall, open the VPN Server to attack?
I've seen it suggested that you need a hardware firewall, rather than relying on a router.


----------



## johnwill (Sep 26, 2002)

Most VPN clients disable all other network connections when they connect through a router. When I use the VPN supplied by my clients, my connections on the computer I'm running it on has no other connectivity, either on my local network or the Internet. I don't know of any security risk, and many people run the same configuration.


----------



## Cellus (Aug 31, 2006)

Keep in mind that anything can be attacked, whether it is the nodes or the actual traffic. The good thing with decent VPNs is that their natural focus on security makes it far more difficult to maliciously compromise. However with that being said, the best security product will fail if it is improperly configured. This also stands true with any jiggering you have to do on any intersecting nodes, such as configuring a router to get VPN to work through it. Blindly forwarding ports and enabling passthroughs can open more holes than are necessary to get something to work. Look very carefully at documentation to find out what you _just_ need to get the VPN to work properly, and try to avoid commonly-abused blanket changes which may be easier to do - if you're concerned about security, try to carve a hole big enough in the wall instead of smashing at it. You only want just enough exposure as required, and do not want to unintentionally break any pre-existing security in the process (which happens more often than people think)


----------



## BillBald (Oct 1, 2007)

We are thinking of allowing clients running WinXP or Vista to connect to Small Business Server 2003, using the standard Windows VPN functionality. Is that good enough?


----------



## johnwill (Sep 26, 2002)

The Windows VPN client is decent, and should do the job for you.


----------

