What is a good VPN to use and provide service to our clients?
We have a non-profit organization they are looking to implement VPN which would allow their users to work from home as needed.
Please let me know which VPNs are reliable and affordable and easy to implement
Thank you
Pfsense with roadwarrior vpn could do the trick
Been happy with our sonicwall sra appliance
Windows server RRAS works fine, is easy to setup, and is already built into windows so the client configuration is simple.
SonicWALL SRA units work quite well.
Openvpn, or whatever firewall you have should support a vpn.
Before we get into the woods too deep. You said you are a non-profit. First things first, what industry are you guys? Compliancy could determine your needs.
Pfsense ipsec road warrior vpn using Windows builtin client.
For extra points offload authentication to a radius server
The best from the end user point of view is no VPN at all. Pretend you’re Microsoft, Google, or whatever your favorite company may be and build your infrastructure with a cloud first mindset.
This means your services are accessible over the Internet with a secure TLS 1.2 connection. Throw in an SSO solution with MFA to better control and secure access. “It just works” is what customers (the end users you support) expect/want.
This means you also build your internal networks differently. The network your endpoints such as desktops, laptops, tablets connect to becomes an Internet only network. Maybe you allow the egress IP (or if you’re not living in the past, your IPv6 range) access to additional services that are blocked from most internet traffic. Printers are on a different network, accessed via cloud print, IPP, or similar means. Managing servers? Best way to go is to setup a jump box that admins can RDP into, or make admins use a limited VPN.
That said, the VPN solution is OpenVPN. Otherwise you generally go with whatever is built into your firewall appliance.
Depending on size, you can use Ubiquity’s firewall solution, it has built-in VPN. I’m setting this up for a client now.
They have a Cisco A5505 Firewall which they are not using anymore.
Do you guys suggest re-instating that firewall and pay for the VPN licence, that hardware is out of support and warranty. Is that going to be a more costly option compared to buying new hardware?
Thanks
Works like a charm - we are using openvpn on it
This or their SMA virtual appliance.
Separate authentication method is preferred. I would rather not have the bad guys access to internal network because a user had been phished for his email password .
+1 for this, I avoided DirectAccess due to performance issues through a NAT. Always-On VPN has worked flawlessly with machine certificates. Only took a day or two to get setup.
What I meant to say was our client is non-profit organization. Were a MSP providing them support for the past few years.
Ip6? Why bother with that headache when NAT is sufficient
5505 is end of support, go with something easier to manage, maybe look into a Sonicwall? the TZ300 or TZ400 is pretty decent- depends on your office size.
Like he said, get a Sonicwall. Very easy to manage and set up. Support is great too.