![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
VPN noob
- Thread starter Jaykuai
- Start date
You may already have everything you need. Describe the connections for us, what type are they, what type of router is on each connection, firewalls, etc...
Basically the most simple way is to have a router at each location and build your tunnels off of those...
Basically the most simple way is to have a router at each location and build your tunnels off of those...
In your situation I would recomend a firewall with VPN capabilities at each location. This can be done very cheap or it can cost you an arm and leg. The cheap scenario would involve purchasing 5 small machines (x86 based) and installing/configuring an OS such as Linux, OpenBSD, etc to handle your VPN tunnels as well as protect your network. The more expensive way would be to purchase equipment such as PIX or Checkpoint firewalls, but these are overkill for a handfull of dial up connections.
It also depends on the type of connection that you need from the remote offices to the main one. Do you need a constant connection? Is your aim to just make it 1 big network? Or just provide access for branch employees to connect at will, using the "road warrior" senario.
If you want a constant connection, Like PHUNBALL said you could go anywhere from cheap VPN routers, Like Linksys's BEFVP41, at all locations. You could also use 5 PC's (not necessarilly new, but new will be more reliable) and use a software(Linux) firewall. I found Smoothwall for this purpose about 4 months ago and love it. Or you could go with a higher end solution. If this is the case, I'd reccomend the Sonic wall products. A little pricy and liscense heavy but utterly reliable.
the other possibility is using PPTP, or a "dial-up" type VPN. Basically you'll have 1 server @ your main office that every remote person will initiate a manual connection to at will. Now you can set restrictions on the times, and logins and such, but the most common allows people to make a connection no matter where they are at and with no other software. Even Win98 with all the updated patches is happy creating and operating a PPTP connection.
but more info is needed. Any estimated budget for this project?
If you want a constant connection, Like PHUNBALL said you could go anywhere from cheap VPN routers, Like Linksys's BEFVP41, at all locations. You could also use 5 PC's (not necessarilly new, but new will be more reliable) and use a software(Linux) firewall. I found Smoothwall for this purpose about 4 months ago and love it. Or you could go with a higher end solution. If this is the case, I'd reccomend the Sonic wall products. A little pricy and liscense heavy but utterly reliable.
the other possibility is using PPTP, or a "dial-up" type VPN. Basically you'll have 1 server @ your main office that every remote person will initiate a manual connection to at will. Now you can set restrictions on the times, and logins and such, but the most common allows people to make a connection no matter where they are at and with no other software. Even Win98 with all the updated patches is happy creating and operating a PPTP connection.
but more info is needed. Any estimated budget for this project?
scientificTHEgreat
Limp Gawd
- Joined
- Sep 24, 2003
- Messages
- 240
at each location just place nice cisco pix 501s so that you have VPN/firewall/routing capabilities
and for your own benefit as well as theirs..upgrade them from dialup
and for your own benefit as well as theirs..upgrade them from dialup
aprox budget is 1 to 2k...
upgrading dial ups right now is not an option because some offices are 1 PC only..
i want to have big network, i like the idea of a server and offices connect to it, but for that i would need individual lines right?...
also, i need them to be constant connected ( i know dial up would suck for this but its the only option right now)
about firewalling, what products do you recomend? (i need a scalable solution, bussiness is growing fast)
edit: thanks for all your replies
upgrading dial ups right now is not an option because some offices are 1 PC only..
i want to have big network, i like the idea of a server and offices connect to it, but for that i would need individual lines right?...
also, i need them to be constant connected ( i know dial up would suck for this but its the only option right now)
about firewalling, what products do you recomend? (i need a scalable solution, bussiness is growing fast)
edit: thanks for all your replies
Originally posted by Jaykuai
aprox budget is 1 to 2k...
Ok, that's doable.
upgrading dial ups right now is not an option because some offices are 1 PC only..
Fair enough.
i want to have big network, i like the idea of a server and offices connect to it, but for that i would need individual lines right?...
Not for each individual workstation. With your scenario (one central private network, plus five other private networks consisting of various numbers of machines), you can get by just as well with VPN connections between each network gateway.
Basically, each private network ought to be on non-overlapping subnets--i.e. your central network would be on 10.x.x.x, one client network would be on 192.168.0.x, another would be on 192.168.1.x, etc. Then you'd have to configure a VPN router at each network location.
also, i need them to be constant connected ( i know dial up would suck for this but its the only option right now)
Or you could just get VPN routing equipment/software that can handle unstable or sporadically-dying connections. This isn't really too much trouble.
about firewalling, what products do you recomend? (i need a scalable solution, bussiness is growing fast)
I would actually set up OpenVPN connections.
For the multi-node remote networks connected via dialup, you can probably just run an old Pentium-class workstation with Linux/BSD+OpenVPN at each location to function as VPN routing clients. The VPN encryption phase is pretty CPU-intensive, but considering the speed of their network connections, there just won't be a lot of data to encrypt. At the same time, you could run an Linux/IPTables or OpenBSD/pf firewall on the VPN router.
For the single-node remote workstations, you can probably just install OpenVPN on each workstation and have it function as its own VPN router. You should generally have each client set up a personal firewall too, of course, since it's going to be handling sensitive corporate data. And of course, keep the software patched for security vulns.
For the VPN router at your central office, I would put together a moderately powerful system (say a 1GHz P3) with 256-512MB RAM and a small hard disk. You can probably put such things together for under a grand these days, and they're very power-efficient compared to the beefier Athlons and Pentium 4's. Install OpenVPN on it, plus an IPTables or pf firewall, and have it function as your VPN server/router plus a basic NAT firewall. You could later upgrade it to an AMD64-based system if you really needed encryption speed.
All the software for this is free (except for maybe the personal firewall on Windows clients--maybe just use ZoneAlarm?). The hardware is reasonably inexpensive. You should have someone available who knows how to admin it though, or be able to learn how yourself. The hardest part of learning to do it yourself is learning to manage OpenSSL certificates (used by OpenVPN for secure encryption).
thanks a lot Kelledin
So far i have checked out this:
Cisco PIX501: 450$
LinkSys BEFR41: 178$
Random Old PC: 100/120$
So far i have liked the idea of setting up a PC as router/firewall, but thats kinda pointless in some branches.
Main HQ are 18 PCs
Branch #1 is 3 PCs
Branch #2 is 1 PC - HERE
Branch #3 is 3 PCs
Branch #4 is 1 PC - HERE
kinda pointless adding a second pc.
Also, these branches are far from HQ (very far some ones), and if a OS error happens that would be over kill to go and fix or repair..
maybe i can do a mix of things?
like a VPN PC server at HQ and simple linksys routers and branches?
So far i have checked out this:
Cisco PIX501: 450$
LinkSys BEFR41: 178$
Random Old PC: 100/120$
So far i have liked the idea of setting up a PC as router/firewall, but thats kinda pointless in some branches.
Main HQ are 18 PCs
Branch #1 is 3 PCs
Branch #2 is 1 PC - HERE
Branch #3 is 3 PCs
Branch #4 is 1 PC - HERE
kinda pointless adding a second pc.
Also, these branches are far from HQ (very far some ones), and if a OS error happens that would be over kill to go and fix or repair..
maybe i can do a mix of things?
like a VPN PC server at HQ and simple linksys routers and branches?
Originally posted by Jaykuai
So far i have liked the idea of setting up a PC as router/firewall, but thats kinda pointless in some branches.
For the locations with just a single PC, I'd probably just have the that PC run OpenVPN on its own, along with a personal software firewall like ZoneAlarm.
Also, these branches are far from HQ (very far some ones), and if a OS error happens that would be over kill to go and fix or repair..
maybe i can do a mix of things?
like a VPN PC server at HQ and simple linksys routers and branches?
That would probably be doable, as long as the routers support some form of UDP forwarding (many current linksys routers run Linux on XScale, so this isn't a problem). Then just have each individual PC run as an OpenVPN client.
The main problem with that is that making every individual machine run OpenVPN requires more resources out of each machine, as well as an extra instance of the OpenVPN daemon on the server (and each OpenVPN instance typically needs a dedicated UDP port, along with other system resources).