The holiday hangout will go online tomorrow! If there's anything in the regular subforums that you're going to want to access over the holidays, copy it now while it's still accessible.
Don't like the snow? You can make a bookmark with the following text instead of a url: javascript:snowStorm.toggleSnow(). Clicking it will toggle the snow on and off.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

Setting up a small business VPN

override367override367 misogynist/MRA/socially irresponsibleRegistered User regular
edited February 2012 in Help / Advice Forum
Okay after my previous thread dealing with frustration, I can finally do this

Background: A business hired me to network their offices, I've run into numerous problems involving viruses, cocked up updates, every windows OS from the last decade being involved, charter being total fuckups who can't figure out why a modem won't connect (and me being blamed for it, because i control the blinking internet light)

Anyway, finally got static IP addresses in the offices and now I want to VPN them

I was going to order a Charter VPN, but the owner and his wife refuse to be bothered looking up their account info or take five minutes to call Charter and have me authorized to speak for their account, so that's not an option (their opinion is that I should have everything working already and require nothing from them in terms of effort)

So in lieu of that I need a small business VPN/Firewall. Now I can't replace their existing routers, because he insists they are under contract with their printer manufacturer to use that exact router (whatever), but I should still be able to chain the modem, router and vpn/firewall

I have no experience purchasing these and since I'm paying for it I can't go too expensive, what's a good option here? I'm dealing with miniscule amounts of data and only a maximum of 12 computers, so it just needs to be reliable and relatively simple to set up (go into its configuration and point it to the other one and set up a VPN).

I was thinking one of these

override367 on
XBLIVE: Biggestoverride
League of Legends: override367

Posts

  • wmelonwmelon Registered User regular
    That unit is very similar to the router we're using in my office. I will tell you that it's a bit of a pain to get the VPN working properly and it requires a specific client that you'd have to install on each client computer rather than use the built in client in windows/osx.

    There will also be other headaches involved with getting the VPN server to work behind another router. We ended up not using the built in VPN Server and just figured out which ports we needed to forward to use the RAS service built into Server 2008.

  • DjeetDjeet Registered User regular
    My local Fry's guys tell me the RV042 is the goto router for small IT companies doing work like you are. I have an older rev and it has its limitation, but generally is pretty configurable. I've not used the "Dual WAN" capability, just the WAN/DMZ config.

    That said, this restriction ("Now I can't replace their existing routers") I think is going to be a major hurdle in trying to do this with a cheap appliance, unless you've got 2 statics and can place the appliance upstream of the Charter router.

  • RuckusRuckus Registered User regular
    Are you looking for just site to site VPN, eg two offices with a permanent encrypted link, or are you looking for a client to office functionality as well, eg where a user can take their laptop home, and using an installed software package create a temporary encrypted link to the office from their home network.

    Raneados wrote: »
    so what SPECIFICALLY is the problem with my hole?
  • override367override367 misogynist/MRA/socially irresponsible Registered User regular
    edited February 2012
    Ruckus wrote: »
    Are you looking for just site to site VPN, eg two offices with a permanent encrypted link, or are you looking for a client to office functionality as well, eg where a user can take their laptop home, and using an installed software package create a temporary encrypted link to the office from their home network.

    Site to site, the last one I worked with was a Cisco... something, I dont remember the model, but it had a very easy to use interface where I could set up on its configuration the ip address of the other VPN, did this with both of them and everything was handled on the (layer 3? it's been a while since Cisco class) level, no additional software or configuration on the clients was necessary, to the computers in the network each office was a different preconfigured subnet (192.168.1.X, 192.168.2.X, etc), which is already how their local addresses are set up

    its driving me crazy trying to remember what I worked with before, I dont even remember if it was classified as a cisco router or a cisco firewall, but it was reliable and a solid piece of hardware. I called my old boss and he doesn't remember either, and they don't do site to site vpn anymore in that manner

    override367 on
    XBLIVE: Biggestoverride
    League of Legends: override367
  • RuckusRuckus Registered User regular
    At my first job out of college we used SonicWalls, my next employer we used CheckPoint equipment, my current employer uses Cisco ASAs (Advanced Security Appliances).

    Personally I've also used m0n0wall for site to site VPNs.

    Raneados wrote: »
    so what SPECIFICALLY is the problem with my hole?
  • override367override367 misogynist/MRA/socially irresponsible Registered User regular
    I think I've reconsidered doing any more work for these people, they've consistently expected me to work for free and after staying up late playing Syndicate because i got nothing going on today the guy's wife calls me to bitch about the other computers not being displayed in their network list

    It's just a display bug, her software was working fine, the network is working fine, and she called me at home and wanted it immediately fixed. Straw,camel, etc.

    XBLIVE: Biggestoverride
    League of Legends: override367
  • wmelonwmelon Registered User regular
    Good choice. When to fire a client is one of the hardest lessons to learn as a small business owner.

  • necroSYSnecroSYS Registered User, ClubPA regular
    First review of the RVS4000:
    Caution on this item if you need to use the IPSEC VPN! There is no ''Keep Alive'' function and you will need to re-connect the VPN frequently if you are using one of these at both ends. Tunnels to other routers work fine but you cannot use this model at both ends. After hours with Cisco engineers they finally said there was NO WAY to make it stable.

    So, combine that with your needy client and you'll be giving yourself a heart attack for $300.

    Cisco ASAs are great for VPN (both kinds), but they're about $500 each. A secure, hassle-free, site-to-site tunnel via appliance is probably not something you'll be able to get in your price range. m0n0wall is likely your best bet, assuming you have some FreeBSD facility, especially given that you're looking for something to sit behind your edge NAT devices anyway.

    Kind of hilarious that you're going to have a router that is going to NAT a single public to a single private and send all of the traffic to your Firewall/VPN anyway.

    There's no point in you getting both of yourselves all worked up and ready to chart the undiscovered country, then having her flush crimson red, run to the bathroom, and spend twenty minutes straining and grunting and stressing out because you're all ready to deliver your package but there's a three inch thick Sunday paper clogging up the mail slot.
  • ICEFIR3ICEFIR3 Registered User regular
    I'm probably asking for flames by suggesting it but Hamachi from LogMeIn is a cheap software VPN for those cheap clients. Needs to be installed on one PC on the network you want to access and allows for something like 10 PCs connecting via the VPN for free (though you're not supposed to use it free for commercial use). We use it for one of our less critical networks at work.

  • override367override367 misogynist/MRA/socially irresponsible Registered User regular
    I'm using Hamachi and Logmein (to administer) right now on their systems, it mostly works fine but last time it released an update all their vista computers shit the bed until I reinstalled it

    XBLIVE: Biggestoverride
    League of Legends: override367
  • ICEFIR3ICEFIR3 Registered User regular
    ahh gotcha, We're all Win 7 + Win 2008, but the servers are on the network, not via VPN.

Sign In or Register to comment.