Slashdot Mirror

← Back to Stories (view on slashdot.org)

VPN Solutions for Small/Medium Businesses?

Posted by ryuzaki0 on from the a-network-in-a-network dept.

artbeall asks: "I work for a small company and we are looking at various commercial VPN solutions, however many seem to be too expensive for us. I am interested in what solutions other small/medium size companies are using for their VPN. Of course, we want a SECURE system that is compatible with common network gear like Cisco as well as being able to run the VPN client on Linux, Solaris, and Windows. Does anyone have suggestions or ideas?"

4 of 126 comments (clear)

  1. OpenVPN rawks the Casbah by Xenophon+Fenderson, · · Score: 5, Insightful

    I really like OpenVPN. It works as a client or a server on Windows, Linux, FreeBSD, Mac OS X, and other operating systems, and it is pretty easy to install, configure, and run. I just followed the how-to. It operates over UDP or TCP, you can tunnel it through HTTP or SOCKS proxies, and the server can use any cipher or hash available in the OpenSSL library. PPTP is ubiquitous, but it has serious flaws. IPSEC is supposed to be standard, but interoperability is a configuration nightmare (especially if you try to do something complex, like use X.509 certificates, or something non-standard, like authenticate users against RADIUS). Firewall/NAT traversal can present serious challenges in some cases as well, as some firewalls can't handle non-TCP/UDP protocols. CIPE requires special support in the operating system kernel and only works on Linux and Windows, and tunneling TCP over TCP (when running PPP over SSH) is a really bad idea.

    I'm using OpenVPN to tie routers running OpenWRT (Linux), routers running FreeBSD, and workstations/laptops running Windows, FreeBSD, and Mac OS X together. It works flawlessly.

    --
    I'm proud of my Northern Tibetian Heritage
  2. Re:M$oft. by Habahaba · · Score: 1, Insightful
    I agree. MS ISA is easy way to go and small / medium sized company is likely to have Exchange and / or Windows 2003 server anyways.

    Besides, the client is already included with WinXP...

  3. Re:More about OpenVPN behind a NAT firewall. by dwater · · Score: 3, Insightful

    You might want to try contacting the author to see if he is available for consultation. My company hired him to build our prototype system - his rates are very reasonable, and obviously he is the authority since he wrote it.

    --
    Max.
  4. Home office users, NATs, and multiple users by WuphonsReach · · Score: 2, Insightful

    One of the big issues with VPN technologies is the NAT routers that protect home offices. The corporate office side is easy, just punch the appropriate holes in the firewall and the remote clients can easily connect to the network.

    Where things fall apart is that you have multiple laptop users who are behind their own NAT routers at their homes. You need to use VPN software on the laptops (not on the NAT routers) because you only want their work machines connecting in. That's easy enough, until you run into a situation where you have 2 or 3 users who get together and collaborate frequently behind a single NAT router.

    It seems like PPTP (maybe SSL?) was better suited for situations where you might have multiple users VPN'ing in from the same source IP address (hidden behind a NAT router, such as an ad-hoc meeting in someone's house or multiple users meeting in a coffee shop). All of my readings on IPSec indicated that IPSec can't handle that particular usage style.

    --
    Wolde you bothe eate your cake, and have your cake?