Anyone have any idea of the rough costs of setting up a small VPN for about 15 - 20 users with a decent level of protection?
Is it stupidly expensive (£100k?) or do-able (£10k?)?
I would like an idea before I talk to some companies who use the word "affordable" on their websites.
Thanks for your help.
So you want to set up a termination that allows users to connect remotely to your company network over the internet?
All the available solutions I could suggest are doable under 10k (although I could certainly suggest some that go up much higher). Some are really easy, others are complex and carry different levels of experience pleasantness and security. All these things tend to be compromises against each other.
We can take this offline if you want. samur2@hotmail.com
WD: You could look at a Sonicwall firewall which works with their GlobalVPN client.
I use that system here and although the initial setup was a little sticky for me, once the box is configured actually connecting from a remote location is simplicity itself.
Total cost... les than £1000 depending upon the number of vpn licences you need.
We use OpenVPN ( http://openvpn.net/). $5 a seat (min 10), you'll need to do the install yourselves though, but it's not "too" hard 🙂
OpenVPN!
On the corp network, have a dedicated OVPN box at the periphery. Hardware requirements are TINY - a spare old PC (and I mean... old, as in pentium 2 would be plenty!!), and install monowall as the VPN server (www.m0n0wall.ch/wall) - and yes, OVPN can be installed on other platforms, but monowall is very handy/convenient.
Unlimited amount of seats... for free.
Each client PC would run OpenVPN client software, again which is free.
I can recommend you a company who will (well.. might, lol) be able to implement this (they have a Linux guru in-house)
Let me know if you want more info - email in profile.
And for the record, I have implemented OVPN here at work - for over 300 'remote' VPN clients... terminating on the same box.
I should clarify - we use the Access Server product, which only comes with 2 free seats, but IMO is easier to use than the full community version of OVPN that I think xiphon is talking about. Downloadable as a virtual appliance which makes deploying under VMWare really easy. If you have no Linux expertise in house I wouldn't recommend the community version TBH.
OVPN is very much a 'fit and forget' application IME.
Get someone to deploy it correctly, and it doesn't need maintenance (unless it's an essential security update).
There are various firewall distributions who have OVPN built in - many of which provide a simple GUI to generate new clients.
http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43
Supports OpenVPN, IPSec and PPTP (native Windows VPN clients, except OVPN)
I want one for my house - 1-2 users.. couldn't find much tho.
I've had some good experiences with Sonicwall at various client sites.
molgrips - Member
I want one for my house - 1-2 users.. couldn't find much tho.
Some routers have VPN servers built in - in fact, quite a few do these days.
I want one for my house - 1-2 users.. couldn't find much tho.
Serious question - why? What are the benefits over something like VNC?
I want one for my house - 1-2 users.. couldn't find much tho.
Serious question - why? What are the benefits over something like VNC?
If he has a NAS in the house, he won't need to keep the home PC switched on.
I've got a VPN back to my house at the mo... streaming audio over the interwebs 😀
VNC is pretty insecure, so using a VPN would be a preferable option.
I'd probably go for something like OpenVPN if it was me. I've heard good stuff about it from people I know, but there are other options if you want a dedicated hardware solution (Cisco, Citrix Access Gateway, that sort of thing).
Serious question - why? What are the benefits over something like VNC?
VNC would involve opening the FW and connecting in directly, wouldn't it? Could work, but is it secure? Can I copy files and so on?
And I don't necessarily want the overhead of having to stream a GUI... That's if I understand you correctly.
Will look at OpenVPN also, ta.. this would requier a computer on all the time too wouldn't it? I've got an old laptop with no screen or HD that might work well here.
I think my mobile me / drop box accounts do everything I need in't cloud TBH.
I once had a dabble with LogMeIn to fettle the outlaws computer and wasn't impressed.
molgrips - what router do you have?
Errr... Belkin Wireless N+ currently.
I have used OpenVpn with Ipcop and the OpenVpn add in.
Had a small fanless box running Ipcop as firewall and VPN gateway. All free and worked great.
molgrips - would you be prepared to by a new router, which had VPN termination support built in?
Draytek Vigor, Netgear ProSafe, ZyXEL...
Around £150 upwards.
Or if your current router is supported flash openwrt firmware on it and use openVPN with that.
I would yes, xiphon, but I coudl not for the life of me figure out ones which just supported you connecting OUT to a VPN and which were actual endpoints... will check out those suggestions.
No OpenWRT unfortunately 🙁
Thanks folks.
There are some pretty good routers that support openWRT for under £100 in fact come of the buffalo ones have it as standard firmware.
I know for sure the Draytek supports both VPN termination as a server, and also as a client.
We've got 3 LAN-to-LAN VPNs at work, using Draytek one end (as a client) and SonicWall the other (server).