dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1602
share rss forum feed

Mack25

join:2007-11-24

Telecommuting VPN

Right now we use OpenVPN to let our telecommuters connect to our server. I wanted to phase out OpenVPN and move to a hardware VPN solution that is on the affordable side for a small business. Would I just need some kind of SSL VPN Gateway appliance and the telecommuters could connect through software or would I need to buy them all some kind of vpn router with a VPN router on the server they connect to? Just kind of confused as to what a good telecommuting VPN solution would be. Thank you for any help.

MaCk


SoonerAl
Premium,MVM
join:2002-07-23
South Padre Island, TX
kudos:5
Speaking as a small office/home office user I would think a SSL VPN appliance solution would make sense, at least to me. I think offloading the VPN server function to a dedicated hardware device is a big advantage. Ease of access for your clients, ie. using the so called clientless connectivity, for remote file access and access to their workstations using Remote Desktop via a web browser is another, IMHO.

Here are some examples of dedicated SSL VPN appliances in no order whatsoever. There are probably a ton of others and I am sure the real SSL VPN experts will help more...

»www.sonicwall.com/us/products/446.html

»us.zyxel.com/web/product_family_···50FE96E7

»www.juniper.net/products_and_ser···ess_700/
--
"When all else fails, read the instructions..."
MS-MVP Windows Networking 2003-2007

Mack25

join:2007-11-24
Thank you SoonerAl. so I get one like the Sonicwall and it comes with software that I have to put on the telecommuters workstations correct? If i am reading the products right that is what i have to do.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

1 edit
(generically) The software, applet or SSL connectivity piece is usually just a quick download and no cost. You may have to pay for the SSL licenses at the router end. Also if you want to use rolling code devices on top, they would also be an additional cost.

mudtoe

join:2005-10-09
Cincinnati, OH
reply to Mack25
said by Mack25:

Right now we use OpenVPN to let our telecommuters connect to our server. I wanted to phase out OpenVPN and move to a hardware VPN solution that is on the affordable side for a small business. Would I just need some kind of SSL VPN Gateway appliance and the telecommuters could connect through software or would I need to buy them all some kind of vpn router with a VPN router on the server they connect to? Just kind of confused as to what a good telecommuting VPN solution would be. Thank you for any help.

MaCk
Just out of curiosity what issues were you having with OpenVPN? I've never had a problem with it, but I could see that in an environment where there is significant turnover of roadwarriors and/or their laptops, the hassle factor of setting up the new certificates and installing the software could become an issue.

mudtoe

DocLarge
Premium
join:2004-09-08
kudos:1
reply to Mack25
I realize that you are looking for a hardware SSL VPN appliance, but I thought this may interest you being that it is *ahem* "FREE" and can be installed on a windows box that can be your "dedicated" SSL vpn engine:

»www.tomsnetworking.com/2006/07/2···rer_pt1/ (SSL Explorer)

Tom's Networking has provided a video tutorial on how to do an install.

Now, for an actual device that can do SSL VPN, I do know Netgear offers one (SSL 312):

»www.newegg.com/Product/Product.a···2bssl312

Linksys has one also (RVL200):

»www.newegg.com/Product/Product.a···k=rvl200

CISCO has the ASA 5500 series firewall/router that has SSL VPN but now you're talking "money:"

»www.cisco.com/en/US/products/ps6···dex.html

There's a video that gives you an overview...

Jay


bky
moof moof
Premium
join:2002-07-05
San Francisco, CA

1 edit
reply to mudtoe
said by mudtoe:
Just out of curiosity what issues were you having with OpenVPN?
I was wondering the same thing.

Mack25

join:2007-11-24

1 edit
none really but one of our telecommuters is moving to the US and my boss wants us to switch to something with more security. you don't really want to hear her slippery slope argument for it. I just said ok i will look into getting a new one. so i came here to ask the experts.


SoonerAl
Premium,MVM
join:2002-07-23
South Padre Island, TX
kudos:5
said by Mack25:

none really but one of our telecommuters is moving to the US and my boss wants us to switch to something with more security. you don't really want to hear her slippery slope argument for it. I just said ok i will look into getting a new one. so i came here to ask the experts.
What security issues is he talking about? OpenVPN is as secure as it gets AFAIK.
--
"When all else fails, read the instructions..."
MS-MVP Windows Networking 2003-2007


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
The only additional security would be to add a rolling code device to an existing SSL VPN connection. Perhaps that is what is being sought here??

mudtoe

join:2005-10-09
Cincinnati, OH
said by Anav:

The only additional security would be to add a rolling code device to an existing SSL VPN connection. Perhaps that is what is being sought here??
I suspect that this is a case of the belief that a dedicated "black box" is by definition better than PC, even if it's dedicated to a single task and properly secured. Hardware vendors love this mind set.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
Not sure what your saying, but its a measure of security that many companies take. Even if someone's username and password are compromised (wrote them down) or keylogged at a public site, the rolling code changes and thus is effective as an insurance for company assets $$$$$


bky
moof moof
Premium
join:2002-07-05
San Francisco, CA
said by Anav:

Not sure what your saying, but its a measure of security that many companies take. Even if someone's username and password are compromised (wrote them down) or keylogged at a public site, the rolling code changes and thus is effective as an insurance for company assets $$$$$
I think what you are referring to is token based two-factor authentication, which I believe could also be combined with openvpn.
Mudtoe was just saying that there is this mentality by some people and companies that an expensive hardware manufactured device for a specific function out performs that of what could be built using a linux box (or whatever OS, you get the idea).

mudtoe

join:2005-10-09
Cincinnati, OH
said by bky:

Mudtoe was just saying that there is this mentality by some people and companies that an expensive hardware manufactured device for a specific function out performs that of what could be built using a linux box (or whatever OS, you get the idea).
Hardware vendors really hate it when a Dilbert type person in a meeting asks why they should pay for "black box X" and the ubiquitous annual maintenance agreement, when a discarded PC, Linux, and some open source software can do the job for free. It's kind of like pinning a cross on a vampire.