1

We have a small company and I’m trying to decide what VPN solution to go with so our 4-5 employees can VPN to the office server and access files while on the road.

Currently, I’ve setup OpenVPN on the server, but I just discovered we have access to two devices that were here before we moved in. They are a little old, but here they are:

SonicWALL TZ 200 APL22-06F

Firebox WatchGuard Model: T1AE4 X550e Core

Both of these state they support VPN, but I’m assuming this is only for like a VPN pass-through or something, rather than a full VPN solution.

Should we stick with OpenVPN or would we have better results with one of the others? Would love to hear any suggestions or recommendations!

5 Spice ups
2

I don’t know about Watchguard, but Sonicwall didn’t used to make their updated firmeware available without a subscription.

Personally I’d dump all that stuff and install a EdgeRouter firewall device. It can support OpenVPN. They start at $60 for ER-X and go up from there. Depending on your internet connection size will depend on what unit you buy.

2 Spice ups
3

We’re just looking for a VPN solution that is dead simple for the employees to use on their laptops. They only need to access one data share folder on the office server. Would be nice if it could disconnect automatically from the VPN also, if they forget to. Must support 4-5 users, maybe a few more later down the road. Do you think OpenVPN is sufficient for this type of setup or is there a VPN solution that is a slight step up from it?

4

I’d stick with OpenVPN. It’ll handle way more than 4-5 users, and you can change the config to disconnect after a period of inactivity. I’ve used some Sonicwall SSLVPNs but those are licensed and you generally only get one with the device.

5

When I was using Watchguard a few years ago, I had to have a contract/subscription in order to receive updates. The VPN will work without a sub, but if there are unpatched security issues on your box then I would either want to buy a sub or use something else.

1 Spice up
6

OpenVPN is fine for your use. You could also look at more modern solutions like DropBox or One Drive for Business or roll your own Nextcloud install.

1 Spice up
7

Exactly, this is why you want to skip any product that requires a subscription to get updates. Ubiquiti does not charge a subscription fee or any other fee for updates.

2 Spice ups
8

OpenVPN all the way! I love it and have been using it for quite a few years myself. From what I’ve read and believe, being SSL and open-source based, it provides better security than pretty much all other VPN solutions. It’s rock solid and reliable and there are client utilities for almost every major OS (including Android). Since you already have it in use, there shouldn’t be much in the way R&D&D (research and development and deployment :-)). From what I understand about the VPN solutions of SonciWall and the like, they usually require licenses for concurrent VPN connections which you don’t necessarily have to worry about. The other thing that can be implemented is integration through RADIUS using MSCHAPv2 (with the OpenVPN Access Server appliance for sure and I’m sure also with the open source Linux server software) which provides secure authentication with an Active Directory Domain Controller. The DC can also provide a connectivity time-out and/or an inactive connectivity time-out. I’m quite sure the options for OpenVPN can also be directly configured within the VPN server configs also…just haven’t personally done it that way. I like the idea of SSL certificate AND UN/PW authentication…almost as secure as 2 factor…almost. I think I’ve read elsewhere, also, that OpenVPN can be configured with Google Authenticator for true 2 factor authentication…adding that much more security to it.