VPN Solutions for Small/Medium Businesses?

← Back to Stories (view on slashdot.org)

VPN Solutions for Small/Medium Businesses?

Posted by ryuzaki0 on Tuesday April 25, 2006 @03:29PM from the a-network-in-a-network dept.

artbeall asks: "I work for a small company and we are looking at various commercial VPN solutions, however many seem to be too expensive for us. I am interested in what solutions other small/medium size companies are using for their VPN. Of course, we want a SECURE system that is compatible with common network gear like Cisco as well as being able to run the VPN client on Linux, Solaris, and Windows. Does anyone have suggestions or ideas?"

8 of 126 comments (clear)

Min score:

Reason:

Sort:

Openvpn by Anonymous Coward · 2006-04-25 15:50 · Score: 4, Informative

Why not use openvpn ? We run this on Linux, Openbsd and Windows.
Cisco VPN 3000 by anderiv · 2006-04-25 15:57 · Score: 5, Informative

At work (~90 employees...I guess that would qualify as medium-sized??) we use a Cisco VPN 3000 Concentrator. It's been rock-solid for us for two years now, and I'd highly recommend it. If you want to go the VPN-client route, cisco has official clients for Mac, Windows and Linux, but the box is also compatible with the PPTP vpn clients that come with most modern operating systems and it's also fully IPsec compatible. So...for example, if you wanted to, you could set up a linux gateway at home that would connect to your work VPN and establish a LANLAN VPN link.

If this proves to be too expensive, you ought to look ag OpenVPN. It's quite stable at this point, and they have clients for Windows, Mac and Linux as well. You'll have to have some amount of knowledge of linux networking/firewalling to get it set up right, but there's plenty of documentation out there to guide you.
Re:One word: PIX by zerocool^ · 2006-04-25 16:00 · Score: 4, Informative

Yeah, either that, or you could tell your boss you need a Pix, buy the same thing, with the same innards, by the same company, and buy yourself a nice 24" LCD with the leftover $700.

30 concurrant VPN connections. Dual internet ports that can function as failover or load balancing. Built in 4-pt switch. $180. That's small business.

~Will

--
sig?
OpenVPN by peacefinder · 2006-04-25 16:17 · Score: 4, Informative

Go to openvpn.net. It's very straightforward to get a multiuser openvpn server up, using pre-shared keys or certificates. It's free, it's simple, it's multiplatform, and it's sufficiently secure for business purposes.

(However, if by "compatible with common network gear" you mean you need to host a VPN endpoint on a Cisco box, then OpenVPN probably won't work. If you can pass the connection through a firewall to a DMZ server, though, it should work fine.)

If you want a completely free solution, use OpenVPN hosted on an OpenBSD (or other free OS) firewall.

--
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
OpenVPN rawks the Casbah by Xenophon+Fenderson, · 2006-04-25 16:33 · Score: 5, Insightful

I really like OpenVPN. It works as a client or a server on Windows, Linux, FreeBSD, Mac OS X, and other operating systems, and it is pretty easy to install, configure, and run. I just followed the how-to. It operates over UDP or TCP, you can tunnel it through HTTP or SOCKS proxies, and the server can use any cipher or hash available in the OpenSSL library. PPTP is ubiquitous, but it has serious flaws. IPSEC is supposed to be standard, but interoperability is a configuration nightmare (especially if you try to do something complex, like use X.509 certificates, or something non-standard, like authenticate users against RADIUS). Firewall/NAT traversal can present serious challenges in some cases as well, as some firewalls can't handle non-TCP/UDP protocols. CIPE requires special support in the operating system kernel and only works on Linux and Windows, and tunneling TCP over TCP (when running PPP over SSH) is a really bad idea.

I'm using OpenVPN to tie routers running OpenWRT (Linux), routers running FreeBSD, and workstations/laptops running Windows, FreeBSD, and Mac OS X together. It works flawlessly.

--
I'm proud of my Northern Tibetian Heritage
M$oft. by ikejam · 2006-04-25 17:42 · Score: 4, Funny

MS ISA Server.

HEY I'm just providing an alternative.
Re:My Experience by youngerpants · 2006-04-26 00:40 · Score: 4, Informative

I have very recently (last week) set up an OpenVPN service for one of my clients on an Ubuntu box.

http://www.itsatechworld.com/2006/01/29/how-to-con figure-openvpn/

That site has a very easy to understand howto with plenty of client and server examples. After a day of trawling through the OpenVPN documents, this howto was a breath of fresh air.
Re: IPCOP -- I Second That by InitZero · 2006-04-26 01:45 · Score: 4, Informative

I have used IPCop for many, many months. With
the OpenVPN addon, it makes a sweet RoadWarrior
setup. The OpenVPN GUI is even easy enough for
our executives to use.

For us and our 30-something employees, it cost
us nothing to put IPCop online. It ran for a
year on a P-III/700mHz/256M Dell. We recently
upgraded the RAM to 768M so we could make better
use of the Squid cache.

You can get an IPCop server online with VPN in
under an hour. As long as you have a computer
in the spare parts closet, IPCop is far less
expensive than any other solution.

Matt