I need a router that will support built-in VPN protocols under macOS Monterey

[atxcyclist]

I need an inexpensive gigabit router with wireless that will support IKEv2, Cisco IPSec, or L2TP over IPSec. My crappy router at work only supports OpenVPN and PPTP VPN, and I cannot natively use either one of those under macOS. I went through all the trouble to get an internet connection with a static IP, now this is keeping me from completing the next phase in my office network. 

[DrMacintosh]

I'd check with your IT department. If you need it for work, they should be able to help you out. 

[LIGISTX]

6 minutes ago, atxcyclist said:

I need an inexpensive gigabit router with wireless that will support IKEv2, Cisco IPSec, or L2TP over IPSec. My crappy router at work only supports OpenVPN and PPTP VPN, and I cannot natively use either one of those under macOS. I went through all the trouble to get an internet connection with a static IP, now this is keeping me from completing the next phase in my office network. 

Um… I’m confused. Your router doesn’t need any VPN capabilities if your hosting the VPN on a client machine. You just need to open ports on the router. 
 

If the router is what’s handling the VPN, your client machines will be oblivious to the VPN even existing. 
 

Also, why did you need a static IP? Could you not just either use Cloudflare or another dynamic DNS provider (they are free, and forward your public IP to a domain name, so as it dynamically changed, your domain name is auto updated to match). 

[atxcyclist]

Just now, DrMacintosh said:

I'd check with your IT department. If you need it for work, they should be able to help you out. 

I am the IT department, haha. This is a little two-person design firm, so it falls on me as the more tech-savvy one.

 

I've been working toward remote access for a while, I didn't realize the protocols my router used were all deprecated from modern OS's.

[atxcyclist]

6 minutes ago, LIGISTX said:

Um… I’m confused. Your router doesn’t need any VPN capabilities if your hosting the VPN on a client machine. You just need to open ports on the router. 
 

If the router is what’s handling the VPN, your client machines will be oblivious to the VPN even existing. 
 

Also, why did you need a static IP? Could you not just either use Cloudflare or another dynamic DNS provider (they are free, and forward your public IP to a domain name, so as it dynamically changed, your domain name is auto updated to match). 

I need to host it on the router, we don't have specialized hardware for this task. This is a very small setup with a basic file server on our local office network, I just need remote access. The static IP was more or less a benefit of upgrading to a symmetrical fiber connection, but I would like to use it for simplicity's sake.

[LIGISTX]

4 minutes ago, atxcyclist said:

I need to host it on the router, we don't have specialized hardware for this task. This is a very small setup with a basic file server on our local office network, I just need remote access. The static IP was more or less a benefit of upgrading to a symmetrical fiber connection, but I would like to use it for simplicity's sake.

I don’t understand then. If the router is what’s negotiating the VPN… oh, your not trying to set up site to site VPN between multiple routers, your talking about providing credentials for remote access to VPN back into the office from laptops.

 

Can you just set up a r-pi running WireGuard? Or spin up a VM/container for WireGuard within the network somewhere. Or… few hundreds bucks and set up a pfsense router/firewall and use WireGuard on that would be my recommendation. 

[atxcyclist]

8 minutes ago, LIGISTX said:

I don’t understand then. If the router is what’s negotiating the VPN… oh, your not trying to set up site to site VPN between multiple routers, your talking about providing credentials for remote access to VPN back into the office from laptops.

 

Can you just set up a r-pi running WireGuard? Or spin up a VM/container for WireGuard within the network somewhere. Or… few hundreds bucks and set up a pfsense router/firewall and use WireGuard on that would be my recommendation. 

Yeah, this is just remote file access to our server.

 

Most of that stuff is way beyond my level of expertise. I could fumble through it, but I'd need a much better server to run a virtual machine for PFsense, and host our files, and I have to imagine that's much more expensive endeavor than a router that will do this task. 

[LapsedMemory]

Why can't you just install the OpenVPN client on MacOS?  What features do you need to run natively that you can't do thru the client?

[atxcyclist]

4 minutes ago, LapsedMemory said:

Why can't you just install the OpenVPN client on MacOS?  What features do you need to run natively that you can't do thru the client?

I don't want to manage access accounts on a 3rd party system. I also ran OpenVPN previously on another setup, and I had random authentication/connection problems with it. I also had problems with the 3rd party software funneling internet traffic through the VPN as well, and I'm not messing with that again I just want file access.

[LapsedMemory]

7 minutes ago, atxcyclist said:

I don't want to manage access accounts on a 3rd party system. I also ran OpenVPN previously on another setup, and I had random authentication/connection problems with it. I also had problems with the 3rd party software funneling internet traffic through the VPN as well, and I'm not messing with that again I just want file access.

In that case, UniFi's hardware should do it.  Personally I'd go with a Dream Machine Pro and a Unifi access point,

 

but you could also do it with the Dream Router....

https://www.wundertech.net/how-to-set-up-a-vpn-server-on-unifi/

[LIGISTX]

20 minutes ago, atxcyclist said:

Yeah, this is just remote file access to our server.

 

Most of that stuff is way beyond my level of expertise. I could fumble through it, but I'd need a much better server to run a virtual machine for PFsense, and host our files, and I have to imagine that's much more expensive endeavor than a router that will do this task. 

A pfsense box is actually pretty affordable. But…..

 

Can you run VM’s on whatever server you have? Just spin up a very light weight client and instal WireGuard. 

[atxcyclist]

10 minutes ago, LIGISTX said:

A pfsense box is actually pretty affordable. But…..

 

Can you run VM’s on whatever server you have? Just spin up a very light weight client and instal WireGuard. 

It's an old AMD Phenom X6 machine, I think it supports virtual machines but I couldn't take our file server offline long enough to test that.

[LIGISTX]

20 minutes ago, atxcyclist said:

It's an old AMD Phenom X6 machine, I think it supports virtual machines but I couldn't take our file server offline long enough to test that.

What OS is running your file server on that Phenom? But, yea. That is pretty old.

[atxcyclist]

5 minutes ago, LIGISTX said:

What OS is running your file server on that Phenom? But, yea. That is pretty old.

Windows 7, it’s what I’m familiar with and had a key.

 

 

[LIGISTX]

Just now, atxcyclist said:

Windows 7, it’s what I’m familiar with and had a key.

 

 

You can run WireGuard on that… although I’d really recommend the free upgrade to win 10, if for no other reason than security patches. 
 

But I understand it’s difficult to take down your file system for an OS update.