1

Evening all,

Working at a small office with 7 staff and it’s looking like we’re going into full lockdown shortly so I’m trying to push for everyone to move from fixed desktops to a laptop-plus-docking-station model.

Anyway, got the boss to agree to get a laptop, bag, docking station for one staff member as a trial run. Currently, I’m trying to find an affordable commercial VPN that would just encrypt traffic going to and from the office if the staff member is working off-site, and ensure that anyone connecting to the office is authenticated.

Problem is we don’t have a huge budget to get something like Pulse Connect Secure, and I definitely don’t have the skills to go into OpenVPN and build one from the ground up. Would anyone be able to recommend any middle-ground commercial options that would just present her with another login screen when she logs into the laptop on a home wifi network (and maybe some other basic functions like setting up a whitelist etc).

Many thanks in advance

13 Spice ups
2

Not sure if this is relevant, but forgot to mention - most of our resources are either in Team drives on our company’s Google Workspace account, or on a Synology NAS server located in the office (which I don’t think can be mapped to a Windows Explorer folder unless the laptop is on-site, so she would have to access those files through Diskstation - Synology’s cloud-based OS).

3

What type of firewall are you running? Most modern UTM / NGFW offer some type of VPN service. You would need to get a third-party SSL for it (if you don’t already have a wildcard cert) but those are very reasonable from someone like @SSL2BUY ​.

4

@jonahzona Recently got a Netgear BR200; I think the network switches also have firewall functionality (Mikrotik CRS312-4C+8XG-RM for the computers and Netgear GS418TPP for phones and other POE stuff)

5

It looks like that router utilizes OpenVPN for Client-to-Site connections, which is pretty straightforward to setup. User guide is here: https://www.downloads.netgear.com/files/GDC/BR200/BR200_UM_EN.pdf (page 133)

That would be the most economical option, as you already have the solution. With that said, I don’t know what kind of VPN performance the router can handle, so you will need to do some testing.

6

Was hoping that there would just be some $100 a year package I could just pay for :smiley: guess it’s time to go back to school… (In all seriousness, thanks for the help, much appreciated)

7

Use the office router, or the Synology NAS also supports VPN. Alternatively if the only thing required in the office is the NAS - 1) move it to google or MS cloud 2) use the synology cloud access. Then no vpn would be required at all.

8

Have a look at SoftEther VPN Project.

https://www.softether.org/

9

I suggest for your wireless solution

https://www.1stop.com/soho-wireless-n-base-appliance.html?language=en&currency=USD&gclid=EAIaIQobChMImqqEkZiI7gIV0MDACh0ESgPhEAQYAiABEgLXC_D_BwE

and hopefully, the remaining staff is using a wired solution; for $300 per user, you can install SONICWALL SOHO 250 https://www.firewalls.com/sonicwall-soho-250-appliance-only.html

10-minute set up in the office. 5 minutes or less to set up each router going home with a staff member. It has a wizard if you would like someone less skilled to do it.

For the user, it is plug and play. The company above is awesome. 30 day no questions asked returns, and they offer free support, not that you will need it.

If you are on a REALLY tight budget, NetworkTigers: Network Equipment and Data Center Supplier has

SonicWALL TZ 105 01-SSC-6942 200 Mbps 5x Fast Ethernet RJ-45 Secure Firewall for 59.99. However, it will need to be configured with an ancient browser.

The browser on XP worked. My colleague found a Mozilla version that worked.

I do not work for any of these companies. I really like SonicWall products.

10

If you are using a VPN you will be able to map network drives to Synology NAS, just make sure that you use the IP address of the server (rather than the server name) in the path

11

Take a look at Firewalla. They offer a nice lightweight firewall solution for home/small businesses with the ability to utilize OpenVPN.

The Firewalla Gold their Top of the line product which offers Routing functionality as well, and is only $418. No Service or Maintenance Fee’s

@spiceuser-4og1b

12

I have found Sonicwall VPN pretty simple to set up an manage. The appliances also provide firewall functionality, DHCP, etc . For a corporate environment I would definitely want something where one vendor is providing and supporting both the VPN server and client component. The newer models support an easy 2FA solution as well, which is really nice. You want to make sure that you get a model that supports the throughput of your internet connection. While a WAN connection might be 1Gbit, the processors on smaller models may be a bottle neck. If your internet connection is only say 50 Mb/s then this isn’t an issue.

You would not need to deploy routers to the users at home, since it doesn’t sound like you would need site-to-site VPN, just client-to-site VPN.

13

I set up a Watchguard T10 firebox for a separate network here in my building. It has built-in VPN service for 5 users without additional cost. You can get them pretty cheap on eBay.