VPN implementation

[Farabomb]

Since the free version of Logmein has gone away I need to find a better solution. Google's remote desktop works but it's like sucking concrete through a straw. I've tried others with limited success. I want to find a good solution that I don't have to subscribe to.

Matt Beals has given me the idea that a VPN would be the best solution. Here's some info from the Logmein thread.

http://www.amazon.com/s/ref=sr_nr_p_72_0?rh=n%3A172282%2Cn%3A541966%2Ck%3Acisco+vpn+router%2Cp_89%3ACisco%2Cp_72%3A1248879011&keywords=cisco+vpn+router&ie=UTF8&qid=1404837818&rnid=1248877011

http://www.cdw.com/shop/search/result.aspx?key=vpn&wclsscat=&b=&p=&ctlgfilter=&searchscope=all&sr=1

Cisco, Juniper, SonicWall, etc are all great brands with a variety of solutions depending on your needs. Much less expensive to implement now than it was a few years ago. Keeps getting less and less expensive.

If you want to be really frugal about it you can use tools like Untangle who has a free vpn as part of their free package. https://www.untangle.com/store/openvpn.html

Untangle also sells additional modules for various things like content filters, spam blockers, virus protection at the gateway, IP failover, load balancing, AD integration, caching proxy server, etc. Plus they have professional services to help get it up and running and stay running.

That has me quite interested. I do have some questions though.

1: Cost. There are some less expensive options. What do I get with the more costly options? I'd happily pay more for easier administration and possibly more speed if that's possible.

2: Administration. How difficult is it to configure and maintain? Do I need to be a CNA or can someone with good knowledge of computers implement it in a Mac/PC environment?

3: Security. Does it create a hole where hackers and exploit? If so what I do to mitigate the risks?

4: Ease of use. Can others here who's knowledge of computers ends at the big button turns it on use it easily? Are there apps for mobile devices? I do see VPN apps in playstore.

More questions to come as I try and learn more about this.

[mattbeals]

Different solutions offer different levels of performance, features, concurrent users, etc.

It's not difficult to maintain, having a network engineer/outsourced IT service put it in would be advisable. But anyone can do it.

There are http vpn's or client based vpn's. The whole point of a VPN is to create a secure connection into your network. There are several ways of doing it, all of them are encrypted to one degree or another. They're all considered very secure. Hackers can try to get in but they won't break it. What is easier to do is to hack the machine the VPN is running on. Be smart and you won't have a problem. If you find something has gone awry you can always regenerate the keys and certificates, change passwords, disable users, etc.

They're super simple to use if you have a client app. Run the client, put in the username/password or just the password and you're connected. http ssl vpn's you simply log into a webpage and the vpn tunnel is easily created. Works on phones, tablets, computers, etc. All depends on what you want and what your budget is.

[Farabomb]

In my reading I see there is a mobile VPN that's tailored to mobile devices. VPN works great when you're behind a device that isn't mobile but if you need an on the go solution then a normal VPN won't do what you need. VPN uses your IP to create a secure tunnel but when you are hopping from cell to cell or AP to AP it breaks the connection.

Still trying to get my head around the whole thing. The mobile sounds nice but it's probably cost prohibitive.

[mattbeals]

Behind a device that isn't mobile? I'm confused.

VPN tunnel on mobile phones work well. The cellular network is designed to keep connections persistent as one cell tower hands off to another. IP itself wants to be able to keep the connection established. Built into TCP/IP are checksums and bits of redundancy to retransmit lost or dropped packets. Your cell phone keeps a steady IP address for some period of time. The VPN software will generally attempt to re-establish the VPN tunnel  if it breaks. There are limitations to how well that can work. But generally you aren't in a moving car at 50 mph with a mobile hotspot logged into an RDC connection on your cell phone. If you're sitting at home, a restaurant, Starbucks, etc it's not a problem. Mobile doesn't mean more expensive.

Realistically where are  you accessing it from? A remote fixed location. You aren't likely to be truly mobile in that  you are moving when using the VPN. It is likely to be that you are mobile, then stop, make the vpn connection, work, disconnect, resume being mobile.

[Farabomb]

Behind a device that isn't mobile? Sitting at home behind my PC, at home on my laptop, sitting at a desk with a computer doing work remotely.

Normally I would be doing just that. Sitting in one spot taking care of a job. If I'm at my house, a friends, camping using my phone to tether or whatever and then returning to my life that isn't printing. For that VPN works fine.

I've been expected to send jobs through while I'm a passenger on a road trip to the track or something. If I'm not driving then I'm not doing anything as the boss thinks. I can interrupt my time off to take care of our most recent life or death printing job. From what I read the mobile VPN is more suited to that than a standard VPN.

It was just something that came up while researching. I also saw software solutions like SoftEther and Open VPN. but I'm not done looking into those yet.

I have no basis for my opinion but I want a hardware solution rather than software. I guess it stems from knowing hardware solutions tend to work better and are faster than software solutions. Example: If I had the choice between a hardware based NIC and a driver based NIC that offloads the processing to the CPU I'd go with the hardware option.

[Joe]

Farabomb, take a look at the link Matt posted for https://www.untangle.com/store/openvpn.html. You can install that on an old PC and make your own hardware device. I have about 3 unused PC's at work  so I can use one of them to put that on. You can set it up to use as your main firewall then. Haven't had time to start playing yet though.

[mattbeals]

Software based VPN's aren't really any different than  hardware VPN's. There are VPN accelerators and concentrators. But that's different than what you're looking for. A $400 SonicWall/Cisco/Linksys VPN router will  handle what you want. The Untangle UTM will handle what you want.

Using your phone while moving in a car you are not using the phone to log into the VPN. You are using the mobile hotspot feature to create a wifi network that your laptop can use. Your laptop establishes the VPN via your personal hotspot via the cellular modem.

If you're talking about signing into the VPN from your cell phone many phones have built into the OS support for VPN's. Others have client apps for doing that. For what you're doing there isn't much reason that you would need a vpn client on your phone to log into a webpage. Unless you want to surf privately at a hotel or something where you don't want your content filtered. But if you're doing that you probably shouldn't be using the work VPN to surf those sites.

Forget "mobile" devices and connecting. Think WiFi (which includes your phones WiFi hotspot feature) and wired connections.

[Farabomb]

Hmm, I do have 3 rackmounts sitting idle. They are old and from our old Apogee system but I have a feeling they will work. Are the hardware specs reasonable?

Off to go read that link.

Okay, mobileVPN is off the list then. It was more of something I saw while reading than something that I "needed".

[mattbeals]

Very reasonable. It'll run on most anything.

[Joe]

Hmm, I do have 3 rackmounts sitting idle. They are old and from our old Apogee system but I have a feeling they will work. Are the hardware specs reasonable?

Off to go read that link.

Okay, mobileVPN is off the list then. It was more of something I saw while reading than something that I "needed".

http://wiki.untangle.com/index.php/Hardware_Requirements

[Farabomb]

I'm still looking at VPN options and so far the Softether VPN seems to be a better choice than Open VPN. Softether supports the open VPN protocol along with 3 other protocols.

I'll post up more info as I try to understand it.

[Farabomb]

Well I've gotten the server up and managed to connect my netbook to it.

Now here is the question, how the hell do I use this to remotely control the computers on my network? I need to be like I'm sitting at my desk and as of now I can't figure that part out.

Damn my head hurts.

[Joe]

I was hoping you were going to tell the rest of us how that works. :tongue:

[Farabomb]

Yea, I'm a little lost on that bit right now.

[Joe]

What OS did you use on the server? And did you use Softether VPN?