ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Considering a New VPN

    Scheduled Pinned Locked Moved IT Discussion
    openvpnvpnipsechamachizerotierubiquitiedgerouteredgeosubntnetworking
    26 Posts 5 Posters 7.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      ZeroTier is essentially no effort to deploy, think Hamachi or Pertino there, but because it is a full SDN not just a VPN, it's not going to do the hub and spoke you are used to and you'll have that networking complication to deal with.

      1 Reply Last reply Reply Quote 0
      • C
        Carnival Boy
        last edited by

        Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Carnival Boy
          last edited by

          @Carnival-Boy said in Considering a New VPN:

          Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?

          ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            OpenVPN is very likely what you want to be using. IPSec tends to be better for site to site, OpenVPN for hub and spoke.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              But both will do both, of course.

              1 Reply Last reply Reply Quote 0
              • C
                Carnival Boy
                last edited by

                Would there be an argument for not using hub and spoke and using ZeroTier?

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Carnival Boy
                  last edited by

                  @Carnival-Boy said in Considering a New VPN:

                  Would there be an argument for not using hub and spoke and using ZeroTier?

                  Not likely. SDN involves totally revamping your entire network to be on ZT. It's an "all in" approach. It's great and can work wonders, but it's not trivial.

                  DashrenderD 1 Reply Last reply Reply Quote 3
                  • C
                    Carnival Boy
                    last edited by

                    Thanks. Looks like OpenVPN on an EdgeRouter FTW then. Is it easy to set up?

                    1 Reply Last reply Reply Quote 0
                    • PenguinWranglerP
                      PenguinWrangler
                      last edited by

                      Edgerouters are great. I have used them at clients places in the past, along with OpenVPN. You could also look at Untangle NG Firewall. I virtualized the firewall and the OpenVPN aspect of Untangle is very easy to setup. Of course you can use any firewall you want and just have a OpenVPN server. Turnkey Linux has a great OpenVPN appliance that you can download and run in any hypervisor. Also if you have a Raspberry Pi you can check out http://www.pivpn.io/

                      1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @scottalanmiller
                        last edited by

                        @scottalanmiller said in Considering a New VPN:

                        @Carnival-Boy said in Considering a New VPN:

                        Would there be an argument for not using hub and spoke and using ZeroTier?

                        Not likely. SDN involves totally revamping your entire network to be on ZT. It's an "all in" approach. It's great and can work wonders, but it's not trivial.

                        Quoted for truth!

                        1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender
                          last edited by

                          Let's ask another question - instead of deploying a new VPN solution - what exactly are users accessing? and can it be changed in such a way to make VPNs not needed anymore?

                          C 1 Reply Last reply Reply Quote 3
                          • JaredBuschJ
                            JaredBusch @scottalanmiller
                            last edited by

                            @scottalanmiller said in Considering a New VPN:

                            @Carnival-Boy said in Considering a New VPN:

                            Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?

                            ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.

                            This is not true, ZeroTier has gateway functionality.
                            https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

                            scottalanmillerS C 2 Replies Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller @JaredBusch
                              last edited by

                              @JaredBusch said in Considering a New VPN:

                              @scottalanmiller said in Considering a New VPN:

                              @Carnival-Boy said in Considering a New VPN:

                              Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?

                              ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.

                              This is not true, ZeroTier has gateway functionality.
                              https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

                              I was leaving that out for simplicity as he's not going to build custom Linux systems for this.

                              JaredBuschJ 1 Reply Last reply Reply Quote 1
                              • JaredBuschJ
                                JaredBusch @scottalanmiller
                                last edited by JaredBusch

                                @scottalanmiller said in Considering a New VPN:

                                @JaredBusch said in Considering a New VPN:

                                @scottalanmiller said in Considering a New VPN:

                                @Carnival-Boy said in Considering a New VPN:

                                Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?

                                ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.

                                This is not true, ZeroTier has gateway functionality.
                                https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

                                I was leaving that out for simplicity as he's not going to build custom Linux systems for this.

                                Why? Because a single VM setup as a gateway means that ZT now meets all needs also.

                                No different than replacing a router, etc.

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @JaredBusch
                                  last edited by

                                  @JaredBusch said in Considering a New VPN:

                                  @scottalanmiller said in Considering a New VPN:

                                  @JaredBusch said in Considering a New VPN:

                                  @scottalanmiller said in Considering a New VPN:

                                  @Carnival-Boy said in Considering a New VPN:

                                  Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?

                                  ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.

                                  This is not true, ZeroTier has gateway functionality.
                                  https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

                                  I was leaving that out for simplicity as he's not going to build custom Linux systems for this.

                                  Why? Because a single VM setup as a gateway means that ZT now meets all needs also.

                                  No different than replacing a router, etc.

                                  I've not used it, does it require you to change your IP range or can you keep what you have?

                                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                                  • C
                                    Carnival Boy @Dashrender
                                    last edited by

                                    @Dashrender said in Considering a New VPN:

                                    can it be changed in such a way to make VPNs not needed anymore?

                                    Yes, it can. But not as easily as implementing a new VPN.

                                    DashrenderD 1 Reply Last reply Reply Quote 0
                                    • C
                                      Carnival Boy @JaredBusch
                                      last edited by

                                      @JaredBusch said in Considering a New VPN:

                                      @scottalanmiller said in Considering a New VPN:

                                      @Carnival-Boy said in Considering a New VPN:

                                      Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?

                                      ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.

                                      This is not true, ZeroTier has gateway functionality.
                                      https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

                                      Thanks. I had a vague recollection that it could.

                                      1 Reply Last reply Reply Quote 0
                                      • JaredBuschJ
                                        JaredBusch @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in Considering a New VPN:

                                        @JaredBusch said in Considering a New VPN:

                                        @scottalanmiller said in Considering a New VPN:

                                        @JaredBusch said in Considering a New VPN:

                                        @scottalanmiller said in Considering a New VPN:

                                        @Carnival-Boy said in Considering a New VPN:

                                        Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?

                                        ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.

                                        This is not true, ZeroTier has gateway functionality.
                                        https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

                                        I was leaving that out for simplicity as he's not going to build custom Linux systems for this.

                                        Why? Because a single VM setup as a gateway means that ZT now meets all needs also.

                                        No different than replacing a router, etc.

                                        I've not used it, does it require you to change your IP range or can you keep what you have?

                                        The biggest recommendation is to make it inclusive of your LAN subnet so make life easier. I've not had the time to set it up on my lab yet.

                                        I use ZT in a number of places, but not using the gateway anywhere yet.

                                        DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 1
                                        • DashrenderD
                                          Dashrender @Carnival Boy
                                          last edited by Dashrender

                                          @Carnival-Boy said in Considering a New VPN:

                                          @Dashrender said in Considering a New VPN:

                                          can it be changed in such a way to make VPNs not needed anymore?

                                          Yes, it can. But not as easily as implementing a new VPN.

                                          easy of implementation shouldn't be the goal - sustainability and future proofing should be, tempered by costs.

                                          1 Reply Last reply Reply Quote 0
                                          • DashrenderD
                                            Dashrender @JaredBusch
                                            last edited by

                                            @JaredBusch said in Considering a New VPN:

                                            @scottalanmiller said in Considering a New VPN:

                                            @JaredBusch said in Considering a New VPN:

                                            @scottalanmiller said in Considering a New VPN:

                                            @JaredBusch said in Considering a New VPN:

                                            @scottalanmiller said in Considering a New VPN:

                                            @Carnival-Boy said in Considering a New VPN:

                                            Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?

                                            ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.

                                            This is not true, ZeroTier has gateway functionality.
                                            https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

                                            I was leaving that out for simplicity as he's not going to build custom Linux systems for this.

                                            Why? Because a single VM setup as a gateway means that ZT now meets all needs also.

                                            No different than replacing a router, etc.

                                            I've not used it, does it require you to change your IP range or can you keep what you have?

                                            The biggest recommendation is to make it inclusive of your LAN subnet so make life easier. I've not had the time to set it up on my lab yet.

                                            I use ZT in a number of places, but not using the gateway anywhere yet.

                                            Right, so being inclusive means that you did follow Scott's recommendation, only that you bent ZT to the current setup, instead of making a whole new IP setup with this in mind.

                                            Did that solve all of the Windows DNS issues?

                                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post