Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




565 posts

Ultimate Geek


# 128791 23-Aug-2013 12:29
Send private message

Problem:
I have a number of remote workers with mobile devices (laptops, tablets, mobiles etc) which all support VPN connections (PPTP at least) but don't all necessarily support specific proxy or gateway settings.

These remote workers could be anywhere in the world at any time however they all need to be connected to one another's devices as if on a local network (i.e. via a VPN).

Furthermore the business has three main offices in US, UK and AU.

Each worker must be able to access the internet via US, UK and AU regardless of what country they are physically in.


Solution?:
Setup VPN server in US.
Setup VPN server in UK.
Setup VPN server in AU.
*(VPN servers will be setup on Amazon AWS)

Link 3 VPN's together so devices on different VPN's can talk to one another. Somehow??

Remote worker selects the VPN appropriate to them on their mobile device based on which country they want to access the internet via.


Example / Use Case:
Remote worker is currently in India but wants to connect to the company network and the internet via an AU connection.

Remote worker selects the AU VPN on their device.


Question:
Will this work / is there a better way?
What VPN software do you recommend (pref free/open source)

Thanks


Create new topic
3496 posts

Uber Geek

Trusted

  # 883336 23-Aug-2013 12:36
Send private message

What is the size of the company?

I would suggest the easiest way would be to create IPSEC tunnels between all your main offices in a mesh (each to each other). Then have users VPN into their nearest office to enter the company network. This is surprisingly easy on PFsense and I run a similar setup for 2 networked sites in Auckland and 1 in Los Angeles. For the clients you are probably best to use OpenVPN or IPSEC (PPTP is NOT I repeat NOT secure). Planning how you want to do both your IPv4 and IPv6 addressing is critical as you will want to advertise routes correctly to OpenVPN.

So lets say you had one remote worker connected to the Indian office and another to the AU office the route would go:
Remote worker->OpenVPN->india office->india to Au IPSEC->Au office->openVPN->remote worker.




Speedtest 2019-10-14


2540 posts

Uber Geek


  # 883345 23-Aug-2013 12:47
Send private message

Please don't use PPTP. I'd probably go with Zeon's suggestion, or alternately a VPN appliance from Cisco or similar at each site as an endpoint.

 
 
 
 




565 posts

Ultimate Geek


  # 883351 23-Aug-2013 12:50
Send private message

Don't worry, most of our devices support IPSec also and current setup is actually OpenVPN direct to USA though.

Just thinking about how I could incorporate these suggestions.

1906 posts

Uber Geek


  # 883576 23-Aug-2013 20:02
Send private message

What is it that they need access to on another's device?

1 post

Wannabe Geek


  # 883734 24-Aug-2013 01:57
Send private message

I bought a home nas server and it is performing very well in my case. Got it from a local online dealer at very affordable price. My problem is whenever I attach the NAS to my main server, my VPN's stop working. Is it normal? Or do I need multiple VPN's to connect simultaneously? This is getting into a real problem day by day. Any solutions are welcomed. Site from where I bought NAS : http://www.wiseguys.co.nz

634 posts

Ultimate Geek


  # 883747 24-Aug-2013 03:59
Send private message

LettyLocke: I bought a home nas server and it is performing very well in my case. Got it from a local online dealer at very affordable price. My problem is whenever I attach the NAS to my main server, my VPN's stop working. Is it normal? Or do I need multiple VPN's to connect simultaneously? This is getting into a real problem day by day. Any solutions are welcomed. Site from where I bought NAS : http://www.wiseguys.co.nz


Hi Sara and welcome to Geekzone. I'm a bit of a night owl, been swining night shifts.

I would recommend starting a new thread/topic regarding your issues, just so the orginal posters queries don't go off topic. It could be that your NAS has the same IP as another device on your network has and is causing problems or within the same IP range as a VPN client.

It may have a DHCP server that is conflicting with one such as in your Internet router etc... and causing some issues. Or if you have multiple ethernet cards in your main server, it could be when you plug your NAS in that another gateway IP address is being added on connection and confusing something somewhere. You'd need to provide much more info on your setup. But for another thread perhaps.

To the original poster, yes I'd go for IPSec too. I still use the somewhat hackable PPTP but then I don't send sensitive information between VPN's.

I have cheap $100 Mikrotik routers that support OpenVPN and IPSec, but obviously not enough grunt/encryption chipset to handle the encryption for greater than 5-6Mbps throughput. You just need a router that can be both a VPN server, and a VPN client.

Even Windows servers can do this. In my example though, I have a Mikrotik at home as a VPN server (well call it on LAN 1). It has a few VPN user accounts that get dished out a dynamic IP on my home LAN when they connect.

I also have another account, that specifically hands out a static IP to the VPN user (we're going to assume this is another router connecting for another LAN), and when that account connects the LAN 1 VPN router automatically adds a specific route in to the main routing table for the another (we'll call it LAN 2) IP range/subnet that uses the static IP as the gateway to the other network.

The LAN 2 VPN client/router is another Mikrotik router in my case, or it could just as easily be a Windows PC acting as a gateway that connects to my main Mikrotik on LAN 1. You can enable IP forwarding in Windows, connect to your VPN server, then add a persistent route for the other main LAN's subnet and Bob's your uncle. You would then choose to send either all traffic through the VPN to the Internet router on LAN 1 or not - just the traffic meant for the other LAN's IP range.



Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.