1

Hi Guys

I am looking for a VPN solution for a small company - they have one site HQ and many filed workers. They have an ERP Software which is installed in a server at the HQ.

I am looking for a solution that will allow my users VPN into my coperate network to have access to that erp server . I considered installing the ERP on the cloud and users access it over the internet but management saying this is a no no .

My budget is $500 for this solution. I know this is very small but i am sure i can find something .

Guys please could you suggest to me something or somewhat i can achieve this ?

  • I was looking at logmein hamachi but people complain that this is very slow i havent used it and i dont know .

  • I was also looking at OPENVPN but im keen to see your views

Please try to suggest me any technology or a way to acchivee this .

15 Spice ups
2

I haven’t used OpenVPN in a while but it was fairly straight forward to setup. I never put it into production, just set it up for a proof of concept, but it worked as expected.

Not a big fan of Logmein Hamachi, have had clients with it before and it was indeed slow and dropped connections regularly and was overall kind of a pain to route correctly. In all fairness the last time I even saw Hamachi was years ago though.

3 Spice ups
3

Depending on the ERP solution, accessing over VPN may really suck. I’d check that first and then decide on VPN. If they already have a firewall installed (what’s the point of VPN without one, amirite) the firewall may already support VPN.

5 Spice ups
4

Logmein Hamachi is very easy to set up and not expensive.

Works fine for us.

5

If you have a Cisco firewall, then go with Cisco, very easy to implement, maintain, and it is reliable. Else, research with the vendor of your actual firewall, in these days most of commercial firewalls offer a VPN solution.

6 Spice ups
6

If you’re looking at individual VPNs then you could use OpenVPN or, if they’re Windows Clients and you have access to a Windows Server to managing things, you can use SSTP. Both solutions are free aside from Windows licencing for devices/users accessing the server.

7

Give https://www.zerotier.com/ a look over. See if that will fit the bill.

1 Spice up
8

A third for OpenVPN. It uses the most secure and “generic” protocol (SSL), IMO. It’s open source and free to use. If you want to make deployment easier, you can use their Access Server in the form of a downloadable, Virtual Machine appliance or you can install it very easily on a self deployed Ubuntu, CentOS, etc. The only limitation of the Access Server is that it only includes 2 free concurrent licenses (only 2 VPN users can be connected at the same time for free). You can purchase additional licenses, if necessary or desired. The other option is the OpenVPN server being installed on any number of Linux distributions (which is exceedingly easy) but will require a little more leg work on configuring. Yet another option is configuring a machine or VM with pFSense which makes configuration of the OpenVPN server software pretty easy and provides a method to download a self-extracting, self-installing, self-configuring executable for any given client configured. OpenVPN Access Server is very easy to configure for RADIUS authentication, as is pFSense. However, pFSense does not allow for the use of MSCHAP v2 with RADIUS, but pFSense does allow for authentication through LDAP over SSL (these things are for security for authentication to Active Directory domain). PM me if you need any more caveat-style details that I may be able to answer :-D.

9

What router/firewall do you have? It may be that there is a built-in VPN function on the router/firewall. You could just use that.

OpenVPN is good and easy to implement.

3 Spice ups
10

I’d assess what firewall you have, and if terminal services is going to be needed for performance reasons.

1 Spice up
11

OpenVPN , simple to set up and configure. free. proven.

12

As others have mentioned if you are faced with this small of a budget I am not sure that will get you what you might need. How many concurrent users would be on the VPN? What location(s) would they be in? etc. As others have suggested you should look at OpenVPN (maybe a merge with pfSense - this is a great enterprise level firewall that has VPN support built in).

pfSense Information here:

OpenVPN Information here:

1 Spice up
13

How is your ERP client setup? Is it a fat client app, thin client app, or web based?

Usually, ERP systems are super slow over VPN.

What is the manufacturer of the firewall that is currently in place?

2 Spice ups
14

I’m currently using pfSense firewalls with OpenVPN, which performs great for me. I would take special consideration about the requirements of the app though, typically speaking any dip in connectivity has the potential to cause data corruption/loss especially with SQL databases in my experience. Usually what I do is have a terminal server that users can login to at the head office (or site where the application server is based) and have users work in a remote session so no issues if connections drop.

You might be interested in some of the mini/micro firewall appliances from store.netgate.com such as the SG-1000 (decent for small offices of a few users, not recommended if you need more than 100mbps connections) or the SG-3100 which is a highly capable device at a reasonable price.

You could always go the DIY method of installing pfSense on a scrap PC if you have some old hardware lying around to pillage…

15

I didn’t see if anyone else had asked what kind of bandwidth the company has. I’m thinking not much, if your budget is that limited. But that isn’t the issue.

I’ve got both site-to-site and client VPNs set up with my WatchGuards. They work great! But for the client ones, speed could be a bit better. For instance, I have a user that VPNs from Alberta to our branch in Nova Scotia, Canada. When we copy files over the link using SMB, it is slow as molasses. If I use the server to upload those same files to a Cloud drive, and then get him to download them from there, it’s lightning fast by comparison.

I’m not a Cloud nut by any stretch, but if this solution is central to the business, and the employees are mostly mobile, ask them to SERIOUSLY reconsider hosting this in the Cloud. I’m thinking the payback will be worth the extra investment in the long-term…

1 Spice up
16

What’s your bandwidth?

Perhaps you already have a VPN you don’t know about through your firewall or network security appliance?

1 Spice up
17

We have a Barracuda X50 firewall which has VPN support and it works fine.

As others said you need to check if the ERP Workshop runs fine over VPN and if your bandwidth can handle it.

1 Spice up
18

Does your firewall already support VPN? If so then why not use the VPN that is built in to your current firewall?

If not using pfSense with OpenVPN is a great option.

Could also use OpenVPN with your current firewall.

Like others have said the ERP software may not run over VPN or maybe very slow, in this case a Remote Desktop server works will but there is cost in setting up this as you need the Hardware, Windows Server OS, and User or device CALs.

1 Spice up
19

Thank you for this - wasn’t aware of that product. I’m going to dig in and play with it a bit. Would be intersting to see if it is a valid replacement for Velolcloud.

@brianmonte

20

I do something similar to what you are asking for and I use OpenVPN Access Server behind a Unifi firewall. The firewall does have built in VPN functionality, but I really do like the OpenVPN system.

We have the users RDP into a virtual desktop over the VPN connection for access to their resources. Works great for us!