Simple Site-to-Site VPN recommendations

[aphex187]

I have two offices that used to be connected via a point to point T1 but after researching the amount of traffic crossing it, I couldn't justify the cost for it and have turned it down. I'm now researching ways to reconnect the two offices, ideally spending as little (or no) money as possible.

To keep it simple and quick - at first I tried using Hamachi and NeoRouter but neither worked and it just seems like such a 'dirty' way to do it.

Thanks to killing the T1 I do have a couple of Netvanta 3200 Routers and it looks like Adtran may offer a 'enhancement suite' for the router that adds VPN capability to it. My only concern with using those is configuration.

I'm also wondering if I should simply take 2 old machines off the shelf and try something like Untangle to connect the two offices. My only concern, as I haven't touched untangle is configuration.

Would any of you guys mind chiming in on what you think a good solution would be

 

[YeOldeStonecat]

Well, if budget is a concern....yes many of the *nix distros work well...very well.
As for concerns about configuring Untangle...their VPN setup is surprisingly simple, actually it's the easiest VPN I've ever setup. And as long as you install Untangle on quality hardware...it's very reliable.

PFSense is another great option.

Heck, on a super small budget with small existing hardware...if it supports DD-WRT...that's another great option.

 

[Jay_2]

draytek 2820s do a pretty good job, or maybe a couple of x700s with pfSense.

 

[Nate7311]

Surprisingly the Dray-teks that I used 2800 series, were more stable that I'd originally anticipated. I was doing a Dray-tek to PFSense 1.2.3 that was rock stable.

 

[Jay_2]

yup I use a 2820 to a firebox x1000 in the datacenter and its solid as well.

 

[hawk82]

What do you have for internet access at each office now? Those Netvanta's have ADSL interface modules that you can get for them, if you have DSL service at one or both offices. Then you should be able to eliminate the ISP's modem (one less device to troubleshoot or go bad). The VPN on both of those should be rock solid. I've used an older Netvanta product, the 344 with DSL service at 3 offices and it works great. No hiccups. Can see the DSL interface stats, to monitor the DSL signals, etc. May as well use existing equipment.

If you check out Adtran's support page, they should have a step-by-step walk through of how to configure the VPN. It's pretty easy using the web interface. You can also configure the VPN via CLI if you are more comfortable doing that. The commandline are almost identical to Cisco.

 

[RiDDLeRThC]

To Astaro endpoints would work great.

 

[marley1]

RV220W

 

[diizzy]

I've been running a few Asus WL500GPs, Netgear WNDR3700, Linksys WRT54GL connected to a FreeBSD box using OpenWRT and running vtun(d) to run SMB and printer services which works very good for the 8 Mbit ADSL lines in use. In my experience its much more reliable than OpenVPN which sometimes lost routes and just died. While the Asus and Linksys boxes are outdated by now the Netgear router is a very good hw platform and given the amout of flash and ram I don't see an issue using it as a server (hub) as well as a client. You might want to have a look at QuickTUN instead of vtun(d) since it's no longer maintained. Have in mind that this is a bit non standard configuration so it might be a bit hard to troubleshoot if you aren't on site or just have a replacement router configured on site in case it dies. You can go the IPSec route which is what most use for VPN but have in mind that it wont work in most cases behind NAT (needs NAT-T) which makes it a bit limited for mobile users.
//Danne

 

[agrikk]

Another vote for pfsense here.

I just hooked up a pfsense VPN to a Sonicwall 230 and a Sonicwall 2040 and it's been running fine on an old core2duo desktop with two 10/100 nics. Now that the proof of concept is done, I'll be moving the pfsense install to a dedicated Supermicro 1U box using an Atom processor for low power draw and low noise.

 

[k1pp3r]

I have tried several different solutions from Sonicwall to linksys and firebox. I always end up back at some piece of Cisco business hear, mainly the ASA 5505 series. Stability is a major factor in VPN's and other tech just hasn't been as solid as the ASA's have

 

[Nate7311]

In a former life I set up a rock solid 11 spoke VPN with a 5505 in the center and Linksys/Cisco RV082's at the edges. At long at you have the key timeouts set correctly, it was bulletproof and all for under $4k total.

 

[Valnar]

ASA5505, pfSense, Sonicwall. Any or all work perfectly.

 

[Deleted member 12106]

I use openVPN. I have an untangle box in the central office and then setup my office as a site to site and exported the network/dns and it is happy. It can get painful to pull docs over, but it is better than nothing.

The router at the remote office is an asus rt-n16 with dd-wrt.

 

[agrikk]

.
The router at the remote office is an asus rt-n16 with dd-wrt.

You have an office infrastructure based on dd-wrt? Ack. Is your budget stretched paper thin or something?

 

[Deleted member 12106]

You have an office infrastructure based on dd-wrt? Ack. Is your budget stretched paper thin or something?

It's cheap and easy to support 2 users on this temporary solution.