Multisite VPN for small client

EirianPrice

EirianPrice

Member
Reaction score
2
Location
Mold, North Wales, UK
I have a small business that need a VPN connection to three sites, the one main office and two smaller depots.

I want to achieve this with hardware VPN routers as they dont have any servers and only have desktop computers, the reason for the VPN is so they can all access the main NAS box in the head office.

what would be your suggestions on the setup, each site does not have a fixed IP so would need to your DDNS for each connection, each site will have a different subnet obviously.

Cheers
EP
 
14049752 said:
Only the "main" site would need to use DDNS.


You could do this pretty easily with a good DD-WRT router. You can get a WRT54GL for about $40-50, flash the VPN version of dd-wrt on it, and follow this guide:
http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers

If you're looking for something out of box, there are lots of choices. Is there a budget, or are they looking for you to give an estimate?
Click to expand...

Budget is very small! but to be honest i dont think it needs to be and expensive setup.

But the employees also need to connect to the VPN when out of the office
 
DD-WRT can do that. OpenVPN for site-to-site following the guide. Then either change the configuration to enable more tunnels and ports to use OpenVPN, or set up PPTP for the individual connections.


Thought, that may be getting to the point where an out of the box vpn router is easier if you're unfamiliar with DD-WRT.
 
PFSense on some Netgate hardware, or MicroTik routers.

If you can convince them to use UTM appliances..Untangle does ROCK SOLID VPN tunnels with its OpenVPN implementation.

The central site, crank up the internet package to a higher speed package..especially important for the upload. Lots of good Docsis 3 cable packages now with 50 down/10 up. So the 10 meg upload is sweet for VPN clients.

I also prefer static business packages at all sites. Yes technically you can fudge it to work "fairly well" with freebie dynamic dns bubblegum and duct tape setups, but business packages have higher uptime, higher priority for support, and you don't get those hiccups with IP changes waiting for dynamic DNS to finally catch up. It's a business, they rely on the VPN tunnel. Save the dyndns stuff for home users.
 
dd-wrt looks like a nice cheap way to do it but i think it would be easier with an out the box solutions, problem is that these boxes will be piggybacking off the ADSL routers in each location.

Think i may have a VPN passthrough problem depending on the routers at the locations, they probably are only ISP given routers, any thoughts?
 
YeOldeStonecat said:
PFSense on some Netgate hardware, or MicroTik routers.

If you can convince them to use UTM appliances..Untangle does ROCK SOLID VPN tunnels with its OpenVPN implementation.

The central site, crank up the internet package to a higher speed package..especially important for the upload. Lots of good Docsis 3 cable packages now with 50 down/10 up. So the 10 meg upload is sweet for VPN clients.

I also prefer static business packages at all sites. Yes technically you can fudge it to work "fairly well" with freebie dynamic dns bubblegum and duct tape setups, but business packages have higher uptime, higher priority for support, and you don't get those hiccups with IP changes waiting for dynamic DNS to finally catch up. It's a business, they rely on the VPN tunnel. Save the dyndns stuff for home users.
Click to expand...

These two sub sites are pretty much home setups with only a couple of users in each location, there is only ever going to be a half a dozen people connected at anyone time. The odd hiccup is not going to be a problem, especially when you weigh it up against the extra monthly cost.

Also these sites are not running leased lines but only basic ADSL lines that already get their maximum speed.
 
The provided routers are almost never an issue. You'll just have to call their service provider(s) and ask them to put the routers into bridge mode to pass the public ip to your router.
 
EirianPrice said:
These two sub sites are pretty much home setups with only a couple of users in each location, there is only ever going to be a half a dozen people connected at anyone time. The odd hiccup is not going to be a problem, especially when you weigh it up against the extra monthly cost.

Also these sites are not running leased lines but only basic ADSL lines that already get their maximum speed.
Click to expand...


How will they access the NAS? UNC paths to folders?

The DSL package the standard 6,000/768 speed?
It's the speed at the central office that is most important...not so much the satellites, unless they're uploading lots of large items.
 
14049752 said:
Not always. But "calling the service provider" is hardly the point...the point was, the modem needs to be in bridge mode.
Click to expand...

Depending on the model...often, yes. Especially with the basic home models. With the proper business grade models, depending on the model, there are other methods for using your own firewall with them and obtaining the public IP on your edge appliances red interface.
 
Cyberoam 15wi or 25wi at main location and cyberoam 15wi or cyberoam netgenies at the remote sites.

I have been using this product line for about 6 months and love them support is great!!
 
You must log in or register to reply here.

Similar threads

HCHTech
Any advantage in using a dedicated static IP for a VPN tunnel (different than the main WAN IP)?
Replies
5
Views
752
YeOldeStonecat
YeOldeStonecat
HCHTech
Automating certificate deployment for RDP over VPN
Replies
11
Views
3K
sits
S
Big Jim
site to site vpn with draytek routers
Replies
6
Views
810
YeOldeStonecat
YeOldeStonecat
thecomputerguy
Which Unifi VPN should I be using here?
Replies
5
Views
879
Sky-Knight
Sky-Knight
callthatgirl
Chapters 1, 2 and 3 out for New Outlook Book (free to read)
Replies
0
Views
199
callthatgirl
callthatgirl
Back
Top