As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Setting up a small business VPN
override367
ALL minionsRegistered User regular
ALL minionsRegistered User regular
Okay after my previous thread dealing with frustration, I can finally do this
Background: A business hired me to network their offices, I've run into numerous problems involving viruses, cocked up updates, every windows OS from the last decade being involved, charter being total fuckups who can't figure out why a modem won't connect (and me being blamed for it, because i control the blinking internet light)
Anyway, finally got static IP addresses in the offices and now I want to VPN them
I was going to order a Charter VPN, but the owner and his wife refuse to be bothered looking up their account info or take five minutes to call Charter and have me authorized to speak for their account, so that's not an option (their opinion is that I should have everything working already and require nothing from them in terms of effort)
So in lieu of that I need a small business VPN/Firewall. Now I can't replace their existing routers, because he insists they are under contract with their printer manufacturer to use that exact router (whatever), but I should still be able to chain the modem, router and vpn/firewall
I have no experience purchasing these and since I'm paying for it I can't go too expensive, what's a good option here? I'm dealing with miniscule amounts of data and only a maximum of 12 computers, so it just needs to be reliable and relatively simple to set up (go into its configuration and point it to the other one and set up a VPN).
I was thinking one of these
Background: A business hired me to network their offices, I've run into numerous problems involving viruses, cocked up updates, every windows OS from the last decade being involved, charter being total fuckups who can't figure out why a modem won't connect (and me being blamed for it, because i control the blinking internet light)
Anyway, finally got static IP addresses in the offices and now I want to VPN them
I was going to order a Charter VPN, but the owner and his wife refuse to be bothered looking up their account info or take five minutes to call Charter and have me authorized to speak for their account, so that's not an option (their opinion is that I should have everything working already and require nothing from them in terms of effort)
So in lieu of that I need a small business VPN/Firewall. Now I can't replace their existing routers, because he insists they are under contract with their printer manufacturer to use that exact router (whatever), but I should still be able to chain the modem, router and vpn/firewall
I have no experience purchasing these and since I'm paying for it I can't go too expensive, what's a good option here? I'm dealing with miniscule amounts of data and only a maximum of 12 computers, so it just needs to be reliable and relatively simple to set up (go into its configuration and point it to the other one and set up a VPN).
I was thinking one of these
override367 on
0
Posts
There will also be other headaches involved with getting the VPN server to work behind another router. We ended up not using the built in VPN Server and just figured out which ports we needed to forward to use the RAS service built into Server 2008.
That said, this restriction ("Now I can't replace their existing routers") I think is going to be a major hurdle in trying to do this with a cheap appliance, unless you've got 2 statics and can place the appliance upstream of the Charter router.
Site to site, the last one I worked with was a Cisco... something, I dont remember the model, but it had a very easy to use interface where I could set up on its configuration the ip address of the other VPN, did this with both of them and everything was handled on the (layer 3? it's been a while since Cisco class) level, no additional software or configuration on the clients was necessary, to the computers in the network each office was a different preconfigured subnet (192.168.1.X, 192.168.2.X, etc), which is already how their local addresses are set up
its driving me crazy trying to remember what I worked with before, I dont even remember if it was classified as a cisco router or a cisco firewall, but it was reliable and a solid piece of hardware. I called my old boss and he doesn't remember either, and they don't do site to site vpn anymore in that manner
Personally I've also used m0n0wall for site to site VPNs.
It's just a display bug, her software was working fine, the network is working fine, and she called me at home and wanted it immediately fixed. Straw,camel, etc.
So, combine that with your needy client and you'll be giving yourself a heart attack for $300.
Cisco ASAs are great for VPN (both kinds), but they're about $500 each. A secure, hassle-free, site-to-site tunnel via appliance is probably not something you'll be able to get in your price range. m0n0wall is likely your best bet, assuming you have some FreeBSD facility, especially given that you're looking for something to sit behind your edge NAT devices anyway.
Kind of hilarious that you're going to have a router that is going to NAT a single public to a single private and send all of the traffic to your Firewall/VPN anyway.