Site-to-Site VPN Connection

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Site-to-Site VPN Connection

CBSYS

133 posts

Master Geek

#175261 23-Jun-2015 12:54

Hi There,

I've got two offices A&B want to connect together via internet through VPN.

Office A, Orcon UFB with NetComm nf4v router.
Office B, Spark VDSL(moving to UFG in a few weeks) with Huawei HG659b router.

Is it possible to connect them together that we can share Diskstations as network drives and printers PBX phones etc.?

Thank you very much for your helps in advance.

1 | 2

1285 posts

Uber Geek

#1329866 23-Jun-2015 13:19

Don't know about those routers but even if they could create a tunnel you really need a router that's capable of hardware acceleration to get the best speeds and QOS for your VoIP phones.

cisconz

cisconz
1341 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1329883 23-Jun-2015 13:42

I would not be using ISP supplied routers for VPN connections.
1 reason for this is that I have seen them have their configurations reset on multiple occasions when the ISP makes a changer on their end.
Secondly, you would be far better to have 1 ISP in both locations to ensure your VPN traffic is staying within 1 core network and not relying on ISP - ISP transit links.

Hmmmm

pdath

252 posts

Ultimate Geek

#1329918 23-Jun-2015 14:22

A pair of Cisco 897's will do this job very nicely. Here is a tool to build the config's for them.
http://www.ifm.net.nz/cookbooks/890-isr-wizard.html

Try my latest project, a Cisco type 5 enable secret password cracker written in javascript!

wasabi2k

2096 posts

Uber Geek

#1329920 23-Jun-2015 14:30

pdath: A pair of Cisco 897's will do this job very nicely. Here is a tool to build the config's for them.
http://www.ifm.net.nz/cookbooks/890-isr-wizard.html

What sort of throughput would you seen on that?

An 887VA struggled just routing and NAT on a 100Mbps UFB connection.

nitrotech

1285 posts

Uber Geek

#1330010 23-Jun-2015 15:52

Cheapest with hardware acc is Edge Router Lite - if you're going to go down that path then get someone skilled in using the ERL to configure it.

In fact i'd recommend that you consult an expert to get a good scope of your project requirements because VPN done wrong will frustrate everyone working in the business.

CBSYS

133 posts

Master Geek

#1330027 23-Jun-2015 16:11

Thank you all for your replies!

Do I really need a pair of cisco c897s?
They seem quite expensive.

Is there any other alternative hardware I can choose, If I can not use ISP provided ones?

Aredwood

3885 posts

Uber Geek

#1330322 24-Jun-2015 00:29

CBSYS: Thank you all for your replies!

Do I really need a pair of cisco c897s?
They seem quite expensive.

Is there any other alternative hardware I can choose, If I can not use ISP provided ones?

The Ubiquity Edge router lite. As mentioned above.

I have one on my own connection. Works really well on UFB.

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

coffeebaron

6231 posts

Uber Geek

Trusted

Lifetime subscriber

#1330332 24-Jun-2015 07:39

I use Draytek 2800 series for site to site VPN

Rural IT and Broadband support.

Broadband troubleshooting and master filter installs.
Starlink installer - one month free: https://www.starlink.com/?referral=RC-32845-88860-71
Wi-Fi and networking
Cel-Fi supply and installer - boost your mobile phone coverage legally

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

chevrolux

4962 posts

Uber Geek
Inactive user

#1330335 24-Jun-2015 07:45

Mikrotik rb2011. Fine for 100Mbps.
Set up an L2TP tunnel, encrypt with IPSec. Put in appropriate routes for each subnet. Done. Would take no more than half an hour to set up from scratch.

Edgerouter lite is an ok piece of kit but compared to a Mikrotik it's like comparing a corolla with a Ferrari.

pdath

252 posts

Ultimate Geek

#1330338 24-Jun-2015 07:46

wasabi2k:
pdath: A pair of Cisco 897's will do this job very nicely. Here is a tool to build the config's for them.
http://www.ifm.net.nz/cookbooks/890-isr-wizard.html

What sort of throughput would you seen on that?

An 887VA struggled just routing and NAT on a 100Mbps UFB connection.

An 887VA will do 50Mb/s to 70Mb/s. An 897 can flat line a 100Mb/s circuit with a little breathing room.

Try my latest project, a Cisco type 5 enable secret password cracker written in javascript!

nitrotech

1285 posts

Uber Geek

#1330367 24-Jun-2015 09:01

chevrolux: Mikrotik rb2011. Fine for 100Mbps.
Set up an L2TP tunnel, encrypt with IPSec. Put in appropriate routes for each subnet. Done. Would take no more than half an hour to set up from scratch.

Edgerouter lite is an ok piece of kit but compared to a Mikrotik it's like comparing a corolla with a Ferrari.

Are you using the 2011 for VPN in a production environment?

I can tell you that it can only pull 10mbps and at that puts the CPU at 100% and the router becomes unresponsive when transferring large files.

If the OP puts in a 2011 into each site and runs voip phone and NAS etc IMO is asking for trouble.

I agree that Mikrotik would be good but unless you put in an RB1100 you're not going to get VPN hardware acceleration and the link would be swamped causing unhappiness in the workplace.

chevrolux

4962 posts

Uber Geek
Inactive user

#1330433 24-Jun-2015 09:54

nitrotech:
chevrolux: Mikrotik rb2011. Fine for 100Mbps.
Set up an L2TP tunnel, encrypt with IPSec. Put in appropriate routes for each subnet. Done. Would take no more than half an hour to set up from scratch.

Edgerouter lite is an ok piece of kit but compared to a Mikrotik it's like comparing a corolla with a Ferrari.

Are you using the 2011 for VPN in a production environment?

I can tell you that it can only pull 10mbps and at that puts the CPU at 100% and the router becomes unresponsive when transferring large files.

If the OP puts in a 2011 into each site and runs voip phone and NAS etc IMO is asking for trouble.

I agree that Mikrotik would be good but unless you put in an RB1100 you're not going to get VPN hardware acceleration and the link would be swamped causing unhappiness in the workplace.

Actually yea that's a good point. More referring to PPPoE throughput. And you are right, with IPSec they seem to top out around 10-12Mbps.

So instead of the 2011 perhaps the 850Gx2?

nitrotech

1285 posts

Uber Geek

#1330458 24-Jun-2015 10:09

chevrolux:
nitrotech:
chevrolux: Mikrotik rb2011. Fine for 100Mbps.
Set up an L2TP tunnel, encrypt with IPSec. Put in appropriate routes for each subnet. Done. Would take no more than half an hour to set up from scratch.

Edgerouter lite is an ok piece of kit but compared to a Mikrotik it's like comparing a corolla with a Ferrari.

Are you using the 2011 for VPN in a production environment?

I can tell you that it can only pull 10mbps and at that puts the CPU at 100% and the router becomes unresponsive when transferring large files.

If the OP puts in a 2011 into each site and runs voip phone and NAS etc IMO is asking for trouble.

I agree that Mikrotik would be good but unless you put in an RB1100 you're not going to get VPN hardware acceleration and the link would be swamped causing unhappiness in the workplace.

Actually yea that's a good point. More referring to PPPoE throughput. And you are right, with IPSec they seem to top out around 10-12Mbps.

So instead of the 2011 perhaps the 850Gx2?

No hardware acceleration on the 850 until V2 is released and this could be some time away.

Zeon

3916 posts

Uber Geek

Trusted

#1330460 24-Jun-2015 10:11

You could go PFsense and build your own. A pre-built device is probably easier in which case look at Mikrotik or maybe Ubiquiti?

BTW thinking of something as "expensive" can actually cost you more in the long run. Investing up front for a more reliable service is usually good business sense.

Speedtest 2019-10-14

cisconz

cisconz
1341 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#1330487 24-Jun-2015 10:41

The other option would be to outsource it to someone like Mako Networks. They provide a managed firewall service with 2 click VPN's

Hmmmm

1 | 2