We are brining in a new client whose desires are pretty simple, just want a file server setup...but they want to be able to access it from anywhere, securely and easily. I need it to be able to handle 25 VPN connections, preferably requiring zero proprietary software. My boss originally bought a Cisco RV 220W and while the thing supports 25 VPN sessions using their Quick VPN client, that software is a raging pile of shit to get working and if you use any kind of software that replaces Windows Firewall, forget about it. So what do you guys have to recommend that also won't cost an arm and a leg? I was looking at Zyxell stuff last night but I'm not sure they'd go for buying a $600 device with $1,200 in VPN client licensing fees and $300 a year revolving licensing fees (for UTM).
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
VPN Router/Gateway
- Thread starter USMCGrunt
- Start date
I've spent the last month or so working with OpenVPN running on my home router, and also learning pfSense. Seems like getting a dedicated pfSense appliance for a few hundred dollars and running OpenVPN would be an easy way to go. Likely more upfront labor to get running, but I can't imagine it wouldn't be a more cost-effective option in the long run.
I've spent the last month or so working with OpenVPN running on my home router, and also learning pfSense. Seems like getting a dedicated pfSense appliance for a few hundred dollars and running OpenVPN would be an easy way to go. Likely more upfront labor to get running, but I can't imagine it wouldn't be a more cost-effective option in the long run.
I'd prefer not to use any proprietary VPN software and use whats built-in to the OS. Are there any pfSense products out there that support the use of Windows'/Apple's built-in VPN client?
Cmustang87
Supreme [H]ardness
- Joined
- Oct 4, 2007
- Messages
- 4,498
You could use Zywall 110 SMB VPN Appliance and use the SSL VPN in Windows. Just set up a new connection in Windows after you configure the SSL VPN on the Zywall.
Ah, I understand now. To my knowledge, only PPTP is supported by Windows "out of the box". Not sure about Apple. Only concern is that PPTP isn't what I would call enterprise-grade security, at least from what I've read. So, I would personally avoid it for anything but home/personal type uses. From a bit of Googling, it looks like you can make PPTP more secure using different types of authentication, but they require a PKI and is therefore not simple either.
pfSense supports both PPTP and OpenVPN. I personally haven't used PPTP on it, but PPTP works fine on my ASUS router. If I was talking to a client, I would suggest a pfSense appliance and offer both PPTP and OpenVPN options. Let them decide if the usability of PPTP is worth the security risk.
Personally, setting up OpenVPN is very simple. I've done it on all my machines, and my cell phone too. You save maybe 5 minutes of initial setup, and then both PPTP and OpenVPN are equivalent in actual use.
EDIT: Correction - It appears Windows (7) does support more VPN options: PPTP, L2TP/IPSec, SSTP, IKEv2. Reading I've done says IKEv2 is the preferred option, with SSTP as a fallback.
pfSense supports both PPTP and OpenVPN. I personally haven't used PPTP on it, but PPTP works fine on my ASUS router. If I was talking to a client, I would suggest a pfSense appliance and offer both PPTP and OpenVPN options. Let them decide if the usability of PPTP is worth the security risk.
Personally, setting up OpenVPN is very simple. I've done it on all my machines, and my cell phone too. You save maybe 5 minutes of initial setup, and then both PPTP and OpenVPN are equivalent in actual use.
EDIT: Correction - It appears Windows (7) does support more VPN options: PPTP, L2TP/IPSec, SSTP, IKEv2. Reading I've done says IKEv2 is the preferred option, with SSTP as a fallback.
Last edited:
You could use Zywall 110 SMB VPN Appliance and use the SSL VPN in Windows. Just set up a new connection in Windows after you configure the SSL VPN on the Zywall.
Ya, that's one of their products I was looking at but I'm hesitant about presenting that as it will have an upfront cost of $600 to purchase the hardware and about $1,200 in VPN Client licensing. I understand that if that's the cost to do business then so be it but if there is a more economical means to accomplish my goals I'd like to find it. I'm talking about a CEO who was been very adamant against paying a couple hundred dollars for two wire drops for wireless access points in a new building (that was built and wired with no Ethernet...)
Cmustang87
Supreme [H]ardness
- Joined
- Oct 4, 2007
- Messages
- 4,498
Your choices are going to be pretty slim if you want a "real" VPN solution for your business and keep it at a couple hundred bucks.
If you're not willing to install a thick client, your cost is going to go up, and OpenVPN becomes one of your very few options. Unless you want a lot of deployment pieces together, which will stick you with that administrative overhead.
If you're not willing to install a thick client, your cost is going to go up, and OpenVPN becomes one of your very few options. Unless you want a lot of deployment pieces together, which will stick you with that administrative overhead.
I've seen guides on how to run an OpenVPN server on a Raspberry Pi ($35). You then just have to spend the time creating certificates and managing them, which isn't largely different time-wise that using another appliance. You could always present that as an immediate option that is secure and cheap, but will take some labor to implement. You could also use any existing hardware, an OpenVPN server doesn't need much horsepower.
Your choices are going to be pretty slim if you want a "real" VPN solution for your business and keep it at a couple hundred bucks.
If you're not willing to install a thick client, your cost is going to go up, and OpenVPN becomes one of your very few options. Unless you want a lot of deployment pieces together, which will stick you with that administrative overhead.
Ya, I understand I'm asking for a lot...just trying to cover all the bases is all. This business is working towards centralizing their processes. Right now there are a few buildings and every building creates its own forms and documents for the same processes. The PC users can hesitantly navigate basic productivity software and it's a BYOD environment, so I want to keep configuration complexity to a minimum while also spending as little as possible....I want my cake and want to eat it too, lol.
I've seen guides on how to run an OpenVPN server on a Raspberry Pi ($35). You then just have to spend the time creating certificates and managing them, which isn't largely different time-wise that using another appliance. You could always present that as an immediate option that is secure and cheap, but will take some labor to implement. You could also use any existing hardware, an OpenVPN server doesn't need much horsepower.
MY boss isn't particularly fond of Linux and custom built solutions unfortunately...and I don't really have the time to learn anything at the moment attempting to manage a network, repair two more, and stand up another...I'm stretched pretty thin right now.
MY boss isn't particularly fond of Linux and custom built solutions unfortunately...and I don't really have the time to learn anything at the moment attempting to manage a network, repair two more, and stand up another...I'm stretched pretty thin right now.
Then a pre-built pfSense appliance would be one option. Not sure if that would fall under custom built or not for you. Upfront cost of $450, but then you don't have any reoccurring costs every year. This would still take time on your part to learn. If that's not an option, then I don't see you have many options that are cost-effective.
VK-T40E pfSense Appliance
Then a pre-built pfSense appliance would be one option. Not sure if that would fall under custom built or not for you. Upfront cost of $450, but then you don't have any reoccurring costs every year. This would still take time on your part to learn. If that's not an option, then I don't see you have many options that are cost-effective.
VK-T40E pfSense Appliance
How many concurrent VPN connections does something like allow for and does it have a management interface or strictly Linux CLI?
It definitely has a web interface. You can install pfSense on anything, even a virtual machine if you want to test it out. That's how I use it.
It doesn't impose a limit on connections, it's just a matter of hardware handling the load. For just using the VPN portion of pfSense, I doubt you'll hit a threshold on performance with the number of users you have. Would have to do some searching on performance testing though.
It doesn't impose a limit on connections, it's just a matter of hardware handling the load. For just using the VPN portion of pfSense, I doubt you'll hit a threshold on performance with the number of users you have. Would have to do some searching on performance testing though.
Cmustang87
Supreme [H]ardness
- Joined
- Oct 4, 2007
- Messages
- 4,498
How many concurrent VPN connections does something like allow for and does it have a management interface or strictly Linux CLI?
The initial install is a *Freebsd* console. But once you have your interfaces up and on the network, it has a web management just like any other appliance.
EDITED PER SHUMPH BELOW
Last edited:
The initial install is a Linux console. But once you have your interfaces up and on the network, it has a web management just like any other appliance.
It is not linux at all. pfSense is built on freebsd
Cmustang87
Supreme [H]ardness
- Joined
- Oct 4, 2007
- Messages
- 4,498
My mistake, Shumph. For some reason I confused it with Untangle.
My mistake, Shumph. For some reason I confused it with Untangle.
It's good, I just wanted the op to be sure. Your point remains, the web interface is usually good enough for all but the advanced users.