Looking for VPN/Remote Access options

ernestbarnes · 2025-07-22T23:03:53.810Z

I am looking for suggestions and recommendations on something to replace a SMA410 as they are going to be EoS at the end of the year. It is currently used for both a remote access VPN, basically so remote users can mapped network drives, and a few remote desktop users, who remote in from their personal computer to one located on premises. I have been researching but cannot find a solid fit. Preferably an on premises option, but I see the majority of companies have moved away from hardware options so I am open to cloud options as well. Thanks in advance.

adrian_ych · 2025-07-23T03:56:13.459Z

EB97:

SMA410
VPN, basically so remote users can mapped network drives, and a few remote desktop users, who remote in from their personal computer to one located on premises.

There are always 3 sides to the coin…

Do you still need mapped drives ? How many users as that could really cause network constraints if users start using file servers “remotely” ?
How about using online file storage your email solution (OneDrive or Google Drive etc) ?

There is always a huge security issue when you allow users to map drives to remote machines as you do not know the level of AVs or firewalls thus literally opening your network to the Internet via the user machines ?

Rod-IT · 2025-07-23T11:08:26.979Z

OpenVPN or Wireguard are both free.

I agree about the personal devices though, these should not be allowed on the company network, for a start you have no idea if they are clear and virus/malware free, you’re risking the business by allowing this.

If the users can’t use company devices, then they should go in to the office or be provided another remote solution, something like VDI or TS/RDS server so they remain on company systems.

Allowing non-managed endpoints is also a quick fail in any penetration tests you may have to have. And if you don’t, you should.

Aimero · 2025-07-23T11:11:36.473Z

netbird.io

NetBird - Open Source Zero Trust Networking

WireGuard®-based overlay network and Zero Trust Network Access in one platform for reliable and secure connectivity

The Cloud version offers a free 5 User 100 Machines option

The self-hosted version is open source and free to use without any limitations.

github.com

GitHub - netbirdio/netbird: Connect your devices into a secure...

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.

ernestbarnes · 2025-07-23T14:23:53.370Z

Apologies, I see where I lacked clarity, the users that have mapped drives have company issued computer with our AV. The people that use their personal computers currently access the SMA for remote access into devices located in-house which are presented in a webpage for them.

systemsadministrator1446 · 2025-07-28T17:01:04.403Z

EB97:

that have mapped drives have company issued computer with our AV. The people that use their personal computers currently access the SMA for remote access into devices located in-house which are presented in a webpage for them.

We’ve recently moved from an RRAS VPN connection model to OpenVPN. I first POC’d the OpenVPN Community Edition on a demo VM to test functionality; once I had a successful connection to test, I appreciated the speed at which the client connected - lightening fast.

For full transparency, the “connection speed” is where that zippy behavior stops in many cases depending on user geography, ISP, and remote (home) router considerations. Even still, OpenVPN is more reliable than our RRAS method despite its [OpenVPN’s] speed degradation that can result in throttling/port blocking challenges and can negatively impact drive mapping to our local file shares. But this problem exists in any VPN solution to some extent.

After testing, I migrated to the built-in OpenVPN server on our on-prem firewall/router. Our firewall vendor has a very slick method to configure OpenVPN, download the client .*ovpn configuration, then distribute/import on end user devices. There are a few drawbacks that I would love to see improved like auto-pushing the *.ovpn file to users when server-side changes are made and some better approaches for robust split tunneling support, but generally I am happy with the outcome.

As a use case story, a percentage of our staff traveled to a destination for a meeting where they gathered to present and work on various strategic initiatives for our business. All reported problems accessing the drive maps while using a Full Tunnel config that had worked the week before in their respective remote offices across the US. I suspect the venue had some port/service blocks that caused some problems. Periodically some home users also have these challenges where OpenVPN connects very quickly but the drive mapping takes a very long time comparatively. In our case, we have one application that requires a VPN connection + the on-prem public WAN IP to be set before the app will load. This causes all sorts of mayhem when folks expect the app to respond as quickly as the “connection” itself.

Again, connection/access problems happen with any VPN solution not just OpenVPN. In the end, I have been campaigning for a full move of on-prem files to Azure Storage or SharePoint - where, coincidentally, most of our content already resides, but for this single app. My preference is to implement a VPN product like NordVPN (consumer)/NordLayer (business) for encryption and let file share/RDP access fall on other providers.

Good luck and keep us posted.