Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


563 posts

Ultimate Geek
+1 received by user: 89


Topic # 128791 23-Aug-2013 12:29
Send private message

Problem:
I have a number of remote workers with mobile devices (laptops, tablets, mobiles etc) which all support VPN connections (PPTP at least) but don't all necessarily support specific proxy or gateway settings.

These remote workers could be anywhere in the world at any time however they all need to be connected to one another's devices as if on a local network (i.e. via a VPN).

Furthermore the business has three main offices in US, UK and AU.

Each worker must be able to access the internet via US, UK and AU regardless of what country they are physically in.


Solution?:
Setup VPN server in US.
Setup VPN server in UK.
Setup VPN server in AU.
*(VPN servers will be setup on Amazon AWS)

Link 3 VPN's together so devices on different VPN's can talk to one another. Somehow??

Remote worker selects the VPN appropriate to them on their mobile device based on which country they want to access the internet via.


Example / Use Case:
Remote worker is currently in India but wants to connect to the company network and the internet via an AU connection.

Remote worker selects the AU VPN on their device.


Question:
Will this work / is there a better way?
What VPN software do you recommend (pref free/open source)

Thanks






Create new topic
3415 posts

Uber Geek
+1 received by user: 405

Trusted

  Reply # 883336 23-Aug-2013 12:36
Send private message

What is the size of the company?

I would suggest the easiest way would be to create IPSEC tunnels between all your main offices in a mesh (each to each other). Then have users VPN into their nearest office to enter the company network. This is surprisingly easy on PFsense and I run a similar setup for 2 networked sites in Auckland and 1 in Los Angeles. For the clients you are probably best to use OpenVPN or IPSEC (PPTP is NOT I repeat NOT secure). Planning how you want to do both your IPv4 and IPv6 addressing is critical as you will want to advertise routes correctly to OpenVPN.

So lets say you had one remote worker connected to the Indian office and another to the AU office the route would go:
Remote worker->OpenVPN->india office->india to Au IPSEC->Au office->openVPN->remote worker.





2525 posts

Uber Geek
+1 received by user: 939

Subscriber

  Reply # 883345 23-Aug-2013 12:47
Send private message

Please don't use PPTP. I'd probably go with Zeon's suggestion, or alternately a VPN appliance from Cisco or similar at each site as an endpoint.




Windows 7 x64 // i5-3570K // 16GB DDR3-1600 // GTX660Ti 2GB // Samsung 830 120GB SSD // OCZ Agility4 120GB SSD // Samsung U28D590D @ 3840x2160 & Asus PB278Q @ 2560x1440
Samsung Galaxy S5 SM-G900I w/Spark



563 posts

Ultimate Geek
+1 received by user: 89


  Reply # 883351 23-Aug-2013 12:50
Send private message

Don't worry, most of our devices support IPSec also and current setup is actually OpenVPN direct to USA though.

Just thinking about how I could incorporate these suggestions.





1634 posts

Uber Geek
+1 received by user: 418


  Reply # 883576 23-Aug-2013 20:02
Send private message

What is it that they need access to on another's device?

1 post

Wannabe Geek


  Reply # 883734 24-Aug-2013 01:57
Send private message

I bought a home nas server and it is performing very well in my case. Got it from a local online dealer at very affordable price. My problem is whenever I attach the NAS to my main server, my VPN's stop working. Is it normal? Or do I need multiple VPN's to connect simultaneously? This is getting into a real problem day by day. Any solutions are welcomed. Site from where I bought NAS : http://www.wiseguys.co.nz

623 posts

Ultimate Geek
+1 received by user: 124


  Reply # 883747 24-Aug-2013 03:59
Send private message

LettyLocke: I bought a home nas server and it is performing very well in my case. Got it from a local online dealer at very affordable price. My problem is whenever I attach the NAS to my main server, my VPN's stop working. Is it normal? Or do I need multiple VPN's to connect simultaneously? This is getting into a real problem day by day. Any solutions are welcomed. Site from where I bought NAS : http://www.wiseguys.co.nz


Hi Sara and welcome to Geekzone. I'm a bit of a night owl, been swining night shifts.

I would recommend starting a new thread/topic regarding your issues, just so the orginal posters queries don't go off topic. It could be that your NAS has the same IP as another device on your network has and is causing problems or within the same IP range as a VPN client.

It may have a DHCP server that is conflicting with one such as in your Internet router etc... and causing some issues. Or if you have multiple ethernet cards in your main server, it could be when you plug your NAS in that another gateway IP address is being added on connection and confusing something somewhere. You'd need to provide much more info on your setup. But for another thread perhaps.

To the original poster, yes I'd go for IPSec too. I still use the somewhat hackable PPTP but then I don't send sensitive information between VPN's.

I have cheap $100 Mikrotik routers that support OpenVPN and IPSec, but obviously not enough grunt/encryption chipset to handle the encryption for greater than 5-6Mbps throughput. You just need a router that can be both a VPN server, and a VPN client.

Even Windows servers can do this. In my example though, I have a Mikrotik at home as a VPN server (well call it on LAN 1). It has a few VPN user accounts that get dished out a dynamic IP on my home LAN when they connect.

I also have another account, that specifically hands out a static IP to the VPN user (we're going to assume this is another router connecting for another LAN), and when that account connects the LAN 1 VPN router automatically adds a specific route in to the main routing table for the another (we'll call it LAN 2) IP range/subnet that uses the static IP as the gateway to the other network.

The LAN 2 VPN client/router is another Mikrotik router in my case, or it could just as easily be a Windows PC acting as a gateway that connects to my main Mikrotik on LAN 1. You can enable IP forwarding in Windows, connect to your VPN server, then add a persistent route for the other main LAN's subnet and Bob's your uncle. You would then choose to send either all traffic through the VPN to the Internet router on LAN 1 or not - just the traffic meant for the other LAN's IP range.



Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.