Suggestions on a VPN Solution
-
Hi Guys,
I have a client who is in the process of opening a satellite store for his Maaco. The store will be just a few miles from his current shop. The plan is that this small store will be in a far more visible area and that they can evaluate and quote repairs and paint jobs for any cars that come in, and as such we need to connect it up, via a VPN to his current network.
Currently he has 5 workstations and a SBS2011 server, connected via a Comcast Business connection that has a static IP. The router her has currently is a Netgear something or the other (SOHO class, not off the shelf). The satellite store will also have a Comcast business network connection and hopefully a static IP. There will most likely be an additional 2 or 3 workstations there.
So here is my question, what would be the current recommended solution for this? I want to do edge to edge on the VPN, so I am wondering what hardware I would need to do this, are there some go-to routers/firewalls that people recommend?
And as usual the budget for this is the typical "as cheap as possible," which is always so much fun to work with.
-
-
If you have Static IPs at both ends - and why not... Go with the ERL.
-
@jrc said in Suggestions on a VPN Solution:
Hi Guys,
I have a client who is in the process of opening a satellite store for his Maaco. The store will be just a few miles from his current shop.
If you have nice LOS - Line of sight - you could also with with a Point to Point Bridge using the UBNT Bridge
-
Does the ERL do NAT/firewalling and what not? Or would it be a device that I would need to put behind a more robust NAT/Firewall solution?
-
@gjacobse said in Suggestions on a VPN Solution:
If you have nice LOS - Line of sight - you could also with with a Point to Point Bridge using the UBNT Bridge
Not a bad idea, but I think it is unlikely we will have a line of sight between the two.
-
@jrc said in Suggestions on a VPN Solution:
@gjacobse said in Suggestions on a VPN Solution:
If you have nice LOS - Line of sight - you could also with with a Point to Point Bridge using the UBNT Bridge
Not a bad idea, but I think it is unlikely we will have a line of sight between the two.
Google Maps will give you more detail, and your direct LOS distance.
If not possible,.. Run the ERL
-
Looking at the Edge routers I think this is the way to go. I am going to suggest we get a ERL for the satellite store and and ER-8 for the main store to replace the Netgear that is currently there and quite old.
Looks like the total cost for the two is under $400, which I think I can justify pretty easily.
-
@jrc said in Suggestions on a VPN Solution:
Does the ERL do NAT/firewalling and what not? Or would it be a device that I would need to put behind a more robust NAT/Firewall solution?
Yes, everything does. You literally can't buy anything that doesn't do that.
-
What kind of data and traffic will go between the sites? What will the satellite be accessing from the main office?
-
Given the number of workstations and the single server, why not use ZeroTier and go to something more advanced and flexible? Why deal with the complication of the site to site VPN when you could easily go to a full mesh?
-
@scottalanmiller said in Suggestions on a VPN Solution:
What kind of data and traffic will go between the sites? What will the satellite be accessing from the main office?
They use a custom quoting software, near as I can tell it's more or less a standard database back end with a custom front end. But they also need the ability to upload high resolution photos to the server. These are catalogued and used as a sort of before and after thing, which they archive for about 6 months after the job is done.
-
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
Does the ERL do NAT/firewalling and what not? Or would it be a device that I would need to put behind a more robust NAT/Firewall solution?
Yes, everything does. You literally can't buy anything that doesn't do that.
Yes, good point, but I meant are the edge routers appropriate to use as the sole internet gateway, but given the name (Edge router) I am guessing this may be a silly question...
-
@jrc said in Suggestions on a VPN Solution:
But they also need the ability to upload high resolution photos to the server. These are catalogued and used as a sort of before and after thing, which they archive for about 6 months after the job is done.
That would be a bad use case for a VPN. Moving to something like NextCloud would seem like a better system, even for the main office users.
-
@jrc said in Suggestions on a VPN Solution:
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
Does the ERL do NAT/firewalling and what not? Or would it be a device that I would need to put behind a more robust NAT/Firewall solution?
Yes, everything does. You literally can't buy anything that doesn't do that.
Yes, good point, but I meant are the edge routers appropriate to use as the sole internet gateway, but given the name (Edge router) I am guessing this may be a silly question...
That's what I mean, though. No one makes a router that doesn't do that stuff. Not on the high end and not on the low end. I mean there literally might not be any product on the market that doesn't do that.
-
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
But they also need the ability to upload high resolution photos to the server. These are catalogued and used as a sort of before and after thing, which they archive for about 6 months after the job is done.
That would be a bad use case for a VPN. Moving to something like NextCloud would seem like a better system, even for the main office users.
Well we are not talking Gigabytes of data here. I'm talking maybe two dozen or so images over the day, in the 3 or 4 mb size range each.
The bigger need here is the ability for the clients at the satellite store to be able to communicate with the quoting software. Which is why VPN was my first thought.
-
@jrc said in Suggestions on a VPN Solution:
That's what I mean, though. No one makes a router that doesn't do that stuff. Not on the high end and not on the low end. I mean there literally might not be any product on the market that doesn't do that.
Sounds like their "custom application" was written long, long ago in a pre-Internet style? It's not a web front end?
-
@jrc said in Suggestions on a VPN Solution:
Well we are not talking Gigabytes of data here. I'm talking maybe two dozen or so images over the day, in the 3 or 4 mb size range each.
It's the overall business impact and complication and cost that I'm thinking about. Running Windows servers and so forth for something that something free would do better and then no need for the VPN, at least not for that portion, anyway.
-
@scottalanmiller said in Suggestions on a VPN Solution:
Given the number of workstations and the single server, why not use ZeroTier and go to something more advanced and flexible? Why deal with the complication of the site to site VPN when you could easily go to a full mesh?
That looks like something you setup on each client, which I think they would not be happy about. They do not take kindly to new ways of doing things, hell they'd still be running Windows XP and Server 2000 if I had not pushed very hard to get them moved to Windows 7.
The other issue is the corporate franchise entities IT department is staffed and run by people who actually know very little about IT. So the tech mandates that come from there are a joke at best. So having the VPN as transparent as possible will help me stave away the "we don't support that" mentality they have, which to them really means "we won't help you with anything we don't understand, even if it's not a factor in the issue you are having"
-
@gjacobse said in Suggestions on a VPN Solution:
If you have Static IPs at both ends - and why not... Go with the ERL.
Nah - ER-X.. save the money.
