Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Site-to-Site VPN Connection


128 posts

Master Geek


# 175261 23-Jun-2015 12:54
Send private message

Hi There,

I've got two offices A&B want to connect together via internet through VPN. 

Office A, Orcon UFB with NetComm nf4v router.
Office B, Spark VDSL(moving to UFG in a few weeks) with Huawei HG659b router.

Is it possible to connect them together that we can share Diskstations as network drives and printers PBX phones etc.?

Thank you very much for your helps in advance. 

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
1245 posts

Uber Geek
+1 received by user: 156


  # 1329866 23-Jun-2015 13:19
Send private message

Don't know about those routers but even if they could create a tunnel you really need a router that's capable of hardware acceleration to get the best speeds and QOS for your VoIP phones.

cisconz
1211 posts

Uber Geek
+1 received by user: 96

Trusted
Lifetime subscriber

  # 1329883 23-Jun-2015 13:42
One person supports this post
Send private message

I would not be using ISP supplied routers for VPN connections.
1 reason for this is that I have seen them have their configurations reset on multiple occasions when the ISP makes a changer on their end.
Secondly, you would be far better to have 1 ISP in both locations to ensure your VPN traffic is staying within 1 core network and not relying on ISP - ISP transit links.




Hmmmm

 
 
 
 


252 posts

Ultimate Geek
+1 received by user: 115


  # 1329918 23-Jun-2015 14:22
One person supports this post
Send private message

A pair of Cisco 897's will do this job very nicely.  Here is a tool to build the config's for them.
http://www.ifm.net.nz/cookbooks/890-isr-wizard.html




Try my latest project, a Cisco type 5 enable secret password cracker written in javascript!

2091 posts

Uber Geek
+1 received by user: 849


  # 1329920 23-Jun-2015 14:30
Send private message

pdath: A pair of Cisco 897's will do this job very nicely.  Here is a tool to build the config's for them.
http://www.ifm.net.nz/cookbooks/890-isr-wizard.html


What sort of throughput would you seen on that?

An 887VA struggled just routing and NAT on a 100Mbps UFB connection.

1245 posts

Uber Geek
+1 received by user: 156


  # 1330010 23-Jun-2015 15:52
2 people support this post
Send private message

Cheapest with hardware acc is Edge Router Lite - if you're going to go down that path then get someone skilled in using the ERL to configure it.

In fact i'd recommend that you consult an expert to get a good scope of your project requirements because VPN done wrong will frustrate everyone working in the business.



128 posts

Master Geek


  # 1330027 23-Jun-2015 16:11
Send private message

Thank you all for your replies!

Do I really need a pair of cisco c897s? 
They seem quite expensive. 

Is there any other alternative hardware I can choose, If I can not use ISP provided ones?

3817 posts

Uber Geek
+1 received by user: 1719

Subscriber

  # 1330322 24-Jun-2015 00:29
Send private message

CBSYS: Thank you all for your replies!

Do I really need a pair of cisco c897s? 
They seem quite expensive. 

Is there any other alternative hardware I can choose, If I can not use ISP provided ones?



The Ubiquity Edge router lite. As mentioned above.

I have one on my own connection. Works really well on UFB.





 
 
 
 


5442 posts

Uber Geek
+1 received by user: 2516

Trusted
Lifetime subscriber

  # 1330332 24-Jun-2015 07:39
2 people support this post
Send private message

I use Draytek 2800 series for site to site VPN




Chorus has spent $1.4 billion on making their xDSL broadband network faster and even more now as they are upgrading their rural Conklins. If your still stuck on ADSL or VDSL, why not spend $195 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

4014 posts

Uber Geek
+1 received by user: 1730

Subscriber

  # 1330335 24-Jun-2015 07:45
One person supports this post
Send private message

Mikrotik rb2011. Fine for 100Mbps.
Set up an L2TP tunnel, encrypt with IPSec. Put in appropriate routes for each subnet. Done. Would take no more than half an hour to set up from scratch.

Edgerouter lite is an ok piece of kit but compared to a Mikrotik it's like comparing a corolla with a Ferrari.

252 posts

Ultimate Geek
+1 received by user: 115


  # 1330338 24-Jun-2015 07:46
Send private message

wasabi2k:
pdath: A pair of Cisco 897's will do this job very nicely.  Here is a tool to build the config's for them.
http://www.ifm.net.nz/cookbooks/890-isr-wizard.html


What sort of throughput would you seen on that?

An 887VA struggled just routing and NAT on a 100Mbps UFB connection.


An 887VA will do 50Mb/s to 70Mb/s.  An 897 can flat line a 100Mb/s circuit with a little breathing room.




Try my latest project, a Cisco type 5 enable secret password cracker written in javascript!

1245 posts

Uber Geek
+1 received by user: 156


  # 1330367 24-Jun-2015 09:01
Send private message

chevrolux: Mikrotik rb2011. Fine for 100Mbps.
Set up an L2TP tunnel, encrypt with IPSec. Put in appropriate routes for each subnet. Done. Would take no more than half an hour to set up from scratch.

Edgerouter lite is an ok piece of kit but compared to a Mikrotik it's like comparing a corolla with a Ferrari.


Are you using the 2011 for VPN in a production environment?

I can tell you that it can only pull 10mbps and at that puts the CPU at 100% and the router becomes unresponsive when transferring large files.

If the OP puts in a 2011 into each site and runs voip phone and NAS etc IMO is asking for trouble.

I agree that Mikrotik would be good but unless you put in an RB1100 you're not going to get VPN hardware acceleration and the link would be swamped causing unhappiness in the workplace.

4014 posts

Uber Geek
+1 received by user: 1730

Subscriber

  # 1330433 24-Jun-2015 09:54
Send private message

nitrotech:
chevrolux: Mikrotik rb2011. Fine for 100Mbps.
Set up an L2TP tunnel, encrypt with IPSec. Put in appropriate routes for each subnet. Done. Would take no more than half an hour to set up from scratch.

Edgerouter lite is an ok piece of kit but compared to a Mikrotik it's like comparing a corolla with a Ferrari.


Are you using the 2011 for VPN in a production environment?

I can tell you that it can only pull 10mbps and at that puts the CPU at 100% and the router becomes unresponsive when transferring large files.

If the OP puts in a 2011 into each site and runs voip phone and NAS etc IMO is asking for trouble.

I agree that Mikrotik would be good but unless you put in an RB1100 you're not going to get VPN hardware acceleration and the link would be swamped causing unhappiness in the workplace.


Actually yea that's a good point. More referring to PPPoE throughput. And you are right, with IPSec they seem to top out around 10-12Mbps.

So instead of the 2011 perhaps the 850Gx2?

1245 posts

Uber Geek
+1 received by user: 156


  # 1330458 24-Jun-2015 10:09
Send private message

chevrolux:
nitrotech:
chevrolux: Mikrotik rb2011. Fine for 100Mbps.
Set up an L2TP tunnel, encrypt with IPSec. Put in appropriate routes for each subnet. Done. Would take no more than half an hour to set up from scratch.

Edgerouter lite is an ok piece of kit but compared to a Mikrotik it's like comparing a corolla with a Ferrari.


Are you using the 2011 for VPN in a production environment?

I can tell you that it can only pull 10mbps and at that puts the CPU at 100% and the router becomes unresponsive when transferring large files.

If the OP puts in a 2011 into each site and runs voip phone and NAS etc IMO is asking for trouble.

I agree that Mikrotik would be good but unless you put in an RB1100 you're not going to get VPN hardware acceleration and the link would be swamped causing unhappiness in the workplace.


Actually yea that's a good point. More referring to PPPoE throughput. And you are right, with IPSec they seem to top out around 10-12Mbps.

So instead of the 2011 perhaps the 850Gx2?


No hardware acceleration on the 850 until V2 is released and this could be some time away.

3463 posts

Uber Geek
+1 received by user: 455

Trusted

  # 1330460 24-Jun-2015 10:11
One person supports this post
Send private message

You could go PFsense and build your own. A pre-built device is probably easier in which case look at Mikrotik or maybe Ubiquiti?

BTW thinking of something as "expensive" can actually cost you more in the long run. Investing up front for a more reliable service is usually good business sense.





cisconz
1211 posts

Uber Geek
+1 received by user: 96

Trusted
Lifetime subscriber

  # 1330487 24-Jun-2015 10:41
Send private message

The other option would be to outsource it to someone like Mako Networks. They provide a managed firewall service with 2 click VPN's




Hmmmm

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20

New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09

ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05

New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35

Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39

TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18

E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34

Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51

Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47

100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35

5G uptake even faster than expected
Posted 12-Jun-2019 10:01

Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24

Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24

Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10

Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.