Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


dbuckley

26 posts

Geek


#319250 6-Apr-2025 11:58
Send private message quote this post

I've got a few remote locations that want to connect to a central location over a site-to-site VPN, but the problem is, the central location is being shut down.  Is there a cloud provider that provides site-to-site VPNs as a service?  Google has provided little help.  I know I could knock something up in the cloud myself, but I'd like a commercial offering so it stops being my problem.


Create new topic
lxsw20
3530 posts

Uber Geek

Subscriber

  #3361273 6-Apr-2025 12:06
Send private message quote this post

Most business ISPs will provide a WAN service like this but you will pay for it. What are you trying to achieve? What traffic is going over the VPN? Do the sites actually need VPN? Assuming there is some sort of server at the hub (central location) where is that moving to?




Dynamic
3836 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3361278 6-Apr-2025 12:12
Send private message quote this post

I'm also curious about what you are looking to achieve here.  Give us more detail, please.  What do the regions need to access or what does each site need to access on another?  Are there servers at each location?  Traditionally linking sites is done by the ISP (expensive) or with firewalls on each site and basic internet connections (more expensive up front but less expensive long term).





“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.


acsylaa
36 posts

Geek


  #3361291 6-Apr-2025 12:45
Send private message quote this post

dbuckley:

 

I've got a few remote locations that want to connect to a central location over a site-to-site VPN, but the problem is, the central location is being shut down.  Is there a cloud provider that provides site-to-site VPNs as a service?  Google has provided little help.  I know I could knock something up in the cloud myself, but I'd like a commercial offering so it stops being my problem.

 

 

 

 

What is the Current Cloud managed VPN that you are using? (if its meraki or Forti some MSP's could take this over and carry on managing this)

 

Would you want the Cloud provider manage all the endpoint routers and VPN service? 

 

Are you wanting something that will work with your existing routers or are you looking at replacing your routers?

 

Would you prefer to set it up and manage it your self with some guidance?

 

What is the Current setup consist of such as Routers make model and so on? 

 

Where are the locations, and are they in fiber fed areas, how many remote sites are we talking about here?

 

There are many ways to skin this cat, i have a few ideas that i could point you towards but more information would be good to point you in the right direction.

 

I have a few sites setup with various VPN's and configurations as we offer this as a service to our Customers via our MSP.

 

 

 

 




djtOtago
1141 posts

Uber Geek


  #3361299 6-Apr-2025 13:17
Send private message quote this post

If you are looking for a way internet connected servers can easily and reasonably securely talk to each other then maybe Tailscale or a ZereoTier network may suit.


dbuckley

26 posts

Geek


  #3361301 6-Apr-2025 13:28
Send private message quote this post

OK, so this is for an small organisation that is closing it's main physical presence, where the rack with the current servers, PABX, firewalls etc are, and going all virtual, work from anywhere.  The current server-provided services in the rack are either migrated to commercial cloud offerings, with a few oddballs being moved to Linodes.  So far so good.

 

There are, however, a number of (tiny) remote sites that just have things in them, no people, but have devices that need to be connected to from the office-less people and monitoring systems.  This is all currently-planned to be done using a VPN, and the office end of the VPN was a router intended to be in the office rack.  But then it was decided the office rack would be no more, so where to put the VPN router.  There's lots of possibilities, but a better answer is to not have this VPN router at all, and have a cloud VPN router.  Which I could knock up on a Linode easy.  But... I'm trying to minimise the collection of custom stuff that needs expertise to manage.  Hence looking for a VPN provider that does site-to-site VPNs as a ready-to-go product.

 

So far, the only hopeful I've found is Catalyst Cloud, who can do SDN using OpenStack, but that still requires construction and maintenence, VPNs are not their core business.

 

 

 

 

 

 

 

 

 


acsylaa
36 posts

Geek


  #3361308 6-Apr-2025 14:05
Send private message quote this post

dbuckley:

 

OK, so this is for an small organisation that is closing it's main physical presence, where the rack with the current servers, PABX, firewalls etc are, and going all virtual, work from anywhere.  The current server-provided services in the rack are either migrated to commercial cloud offerings, with a few oddballs being moved to Linodes.  So far so good.

 

There are, however, a number of (tiny) remote sites that just have things in them, no people, but have devices that need to be connected to from the office-less people and monitoring systems.  This is all currently-planned to be done using a VPN, and the office end of the VPN was a router intended to be in the office rack.  But then it was decided the office rack would be no more, so where to put the VPN router.  There's lots of possibilities, but a better answer is to not have this VPN router at all, and have a cloud VPN router.  Which I could knock up on a Linode easy.  But... I'm trying to minimise the collection of custom stuff that needs expertise to manage.  Hence looking for a VPN provider that does site-to-site VPNs as a ready-to-go product.

 

 

Going by that picture im picking that the Remote sites that need access are PLC's?

 

And Client Machines and the office need access to those PLC's ?

 

I have a bunch of Remote Gallagher Access sites that are using Zerotier back to a central server in Hamilton, and a few that go to a AWS host in Sydney.

 

Zerotier would be your best best as its pretty easy to get going, but also really easy to manage.

 

If its a PLC and there is'nt going to be much data you could use a IOT sim or if its got fibre to the location you can use a smart location connection to get it online.

 

If you want to discuss privately send me a private message and we can get in to more detail there.

 

 


freitasm
BDFL - Memuneh
79141 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3361322 6-Apr-2025 14:54
Send private message quote this post

Tailscale or ZeroTier. No central node required. 





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


 
 
 

GoodSync. Easily back up and sync your files with GoodSync. Simple and secure file backup and synchronisation software will ensure that your files are never lost (affiliate link).
lxsw20
3530 posts

Uber Geek

Subscriber

  #3361375 6-Apr-2025 18:56
Send private message quote this post

Are multiple people accessing them at once/are the nodes pushing data back to the clinets? If not you could put in the likes of a NUC as a jump box onsite with team viewer or something, and ditch the whole VPN setup. 


taneb1
509 posts

Ultimate Geek

ID Verified
Trusted
Mercury

  #3361466 6-Apr-2025 21:05
Send private message quote this post

Will also add a vouch for Tailscale and Zerotier. Currently run Tailscale connecting half a dozen cloud servers + my home subnet - Haven't done anything too crazy, but haven't had any issues (touch wood) in 2+ years its been running. They have some good documentation on site to site as well - https://tailscale.com/kb/1214/site-to-site





Any comments made are my personal views and does not represent those of my employer


deadlyllama
1259 posts

Uber Geek

Trusted

  #3361486 7-Apr-2025 06:52
Send private message quote this post

Zerotier is fake Ethernet. Tailscale is routed. Personally I find Tailscale gets in my way more. Zerotier let's you use whatever IP ranges you want, tailscale wants to assign out of 100/8.


Ragnor
8196 posts

Uber Geek

Trusted

  #3361558 7-Apr-2025 10:31
Send private message quote this post

I see Tailscale and Zeroteir have already been mentioned but you could probably solve this with Cloudflare WARP/Cloudflared/Zero Trust also.


freitasm
BDFL - Memuneh
79141 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3361572 7-Apr-2025 11:06
Send private message quote this post

The problem with using Cloudflare WARP is that it can give access to the LAN routes (as you want) but it will also be the exit point (all your client's traffic goes through the Cloudflare network), which might impact speed or not be desirable at all.

 

Tailscale will give you access to your LAN routes, and optionally use one of your clients as an exit node. 

 

Optionally is the keyword here. 

 

Also, Cloudflare Zero Tier is a lot more complex to configure. 





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


dbuckley

26 posts

Geek


  #3361580 7-Apr-2025 11:13
Send private message quote this post

deadlyllama:

 

Zerotier is fake Ethernet. Tailscale is routed. 

 

 

 

 

That's really helpful, thanks.

 

I'm going to give Zerotier a go.

 

 


deadlyllama
1259 posts

Uber Geek

Trusted

  #3361730 7-Apr-2025 14:43
Send private message quote this post

Also, on Linux Tailscale likes to futz with your iptables rules, add extra routing tables, ... which has broken things for me in the past.

 

If you're crazy enough to have a full IPv6 routing table on the same router as Tailscale, it likes to enumerate all your routes (all 212,324 of them) every so often, maxing your CPU in the process.

 

Zerotier will add a few static routes if you ask it to, and configure the interface if you ask it to, but you can also ask it to get out of your way.  It's fundamentally a virtual ethernet switch.


Create new topic





News and reviews »

Logitech G522 Gaming Headset Review
Posted 18-Jun-2025 17:00


Māori Artists Launch Design Collection with Cricut ahead of Matariki Day
Posted 15-Jun-2025 11:19


LG Launches Upgraded webOS Hub With Advanced AI
Posted 15-Jun-2025 11:13


One NZ Satellite IoT goes live for customers
Posted 15-Jun-2025 11:10


Bolt Launches in New Zealand
Posted 11-Jun-2025 00:00


Suunto Run Review
Posted 10-Jun-2025 10:44


Freeview Satellite TV Brings HD Viewing to More New Zealanders
Posted 5-Jun-2025 11:50


HP OmniBook Ultra Flip 14-inch Review
Posted 3-Jun-2025 14:40


Flip Phones Are Back as HMD Reimagines an Iconic Style
Posted 30-May-2025 17:06


Hundreds of School Students Receive Laptops Through Spark Partnership With Quadrent's Green Lease
Posted 30-May-2025 16:57


AI Report Reveals Trust Is Key to Unlocking Its Potential in Aotearoa
Posted 30-May-2025 16:55


Galaxy Tab S10 FE Series Brings Intelligent Experiences to the Forefront with Premium, Versatile Design
Posted 30-May-2025 16:14


New OPPO Watch X2 Launches in New Zealand
Posted 29-May-2025 16:08


Synology Premiers a New Lineup of Advanced Data Management Solutions
Posted 29-May-2025 16:04


Dyson Launches Its Slimmest Vaccum Cleaner PencilVac
Posted 29-May-2025 15:50









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.