NeoRouter
http://www.neorouter.com/forum/

IP Resolution, Server Groups, and Security
http://www.neorouter.com/forum/viewtopic.php?f=5&t=1323
Page 1 of 1

Author:  jamesnw [ Mon Oct 19, 2009 5:50 pm ]
Post subject:  IP Resolution, Server Groups, and Security

Ok, first of all I want to congratulate you on a product that works mostly as expected (i.e. VPN via Proxy). There are some things, however, that I'd like to give feedback on (and 3 requests):

1. Other people I have try it get confused when the select "options", thinking that the options is for the client. I suggest you but "connections" into the "options" screen, which other client-side options, if any, and create a new menu item called "Administration", or "Domain Account Settings", or "Global Options", or whatever.

2. Request: Proper LAN IP resolution. I tried NeoRouter on 3 PCs (1 desktop and 2 laptops) behind a router that redirects the required port to the server. If I use the Internet outside of my LAN, I can connect no problem; however, inside the LAN I cannot. I suspect this is because the client is trying to connect to the WAN IP, but most routers WILL NOT WORK THAT WAY. Inbound packets via the local LAN to the WAN, all behind the same router, will usually not work, because in most cases the router is listening for inbound WAN packets, and NOT the LAN packets. This is a common issue, and in most cases is resolved via a DNS server (which I don't have anyhow), but in your case may I suggest this: Have your mediator server (that stores the domain info for the clients) also store the LOCAL SERVER LAN IP and not just the WAN IP. In this way, the client can check locally FIRST for connectivity, and THEN attempt the WAN IP. This can also usually be detected by checking if a connecting client is behind the SAME router as the server (by checking the WAN IP). If so, then use the local LAN IP address, and NOT the WAN IP. (side note: you may also wish to send a domain name and NOT a static WAN IP, so that some of your clients with DNS servers can resolve properly anyway, and default to static IPs only if all other options fail to connect).

3. Request: User groups (I have a feeling this was a request already ;)). I think it goes without much saying that user groups works better when dealing with too many servers. This is usually a basic requirement for any network security control.

4. Request: I'd like to see a global SERVER group option that automatically becomes a part of everyone's client. After some thought, I realized that installing the client on too many computers, where everyone has the same group name and computer list, is WAY TOO MUCH WORK, and should not be necessary. This is how I see it implemented: Global server group configuration, in the global options, with user groups assigned. The clients would show this group as a fixed global group that cannot be edited by the client side user. At the very least, have the group AUTO ADDED to the client when A user connects with a "clean slate" list (i.e. a client with no groups and no servers would again auto-add the global server list). That said, a fixed global list is still better. ;)

Thanks, just my 2 cents worth. ;)

James

Author:  kevinz [ Tue Oct 20, 2009 5:52 am ]
Post subject:  Re: IP Resolution, Server Groups, and Security

HI James,

Thanks for your suggestions. It's very helpful to improve NeoRouter. We will evaluate it.

Thanks,
KevinZ - NeoRouter team

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/