Looking at setting up a VPN between home and office

Mark M

Mark M

Mark M

Soldato
Joined
6 Jan 2006
Posts
3,423
Location
Newcastle upon Tyne
Can ayone suggest any options to look into to set up a VPN between my home and my office please? There will only be me using it but who knows about the future I guess, it will never be large scale though as there are only 3 of us in the business. There is a Synology NAS currently operating as a file share in the office but the existing setup couldnt be anymore straighforward really.

Not sure if it makes any difference but I have Sky broadband at home and Virgin in the office. No real kit at either end other than a Synology NAS at the office and one at home (they arent connected although I know this is possible).

Happy to spend what it takes to get a secure and reliable connection if the office Synology isnt the best option. I have Ubiquiti AP's at both and happy to roll out more of their kit if thats a sensible route or if there is an alternate supplier.

Many thanks for any help.
 
I actually tried to set that up a while ago but didn’t get it working. I’ll have another look at it if it’s going to do the job thanks.
 
You'll need to forward the relevant VPN ports from your router to the Synology if you go about it that way. On the face of it though it seems like the easiest, simplest and least cost approach so worth a bit of effort to get right.
 
What do you actually want to do on this VPN?

Do you want it to be secure? Ubiquiti make it incredibly easy to set up a VPN tunnel between two USGs. You literally just tick the box on each controller and enter the IP addresses of each USG and that’s it.

https://www.youtube.com/watch?v=cFcsOqCdfg0 Shows you full process in under 6 minutes.

OK, the USGs are ~£100 each but it’s a good, fast, secure VPN implementation. And best of all, its really easy.
 
It’s so that I can work from home. Emails are fine via outlook and some programs are web based but some need to access the files at the office and also the usual word and excel files which are stored on the Synology at the office.

It definitely needs to be secure, most of what we do (accountancy) is confidential and with the new GDPR rules I don’t want to get into hot water so happy to pay £200 if it’s a better/more secure solution to the Synology VPN?
 
For that sort of use I’d be looking at a Remote Desktop solution. All the files stay on the machine in the office but you work with them remotely. Have a look at TeamViewer or Google Chrome Remote Desktop as free solutions or there are lots of paid options. Citrix used to be the option for this but I’m sure things have moved on since I last used it.
 
I had a look at TeamViewer but it’s £30 a month which means after 6 months it would be cheaper to go for the USG route.

Plus TeamViewer doesn’t work perfectly with 3 monitors so it’s slower working which defeats the object really.
 
Mark M said:
I had a look at TeamViewer but it’s £30 a month which means after 6 months it would be cheaper to go for the USG route.

Plus TeamViewer doesn’t work perfectly with 3 monitors so it’s slower working which defeats the object really.
Click to expand...

Ask yourself this. Would you want your accountant taking your files home? Nope. Me either. Certainly, options like Citrix are expensive, but they’re completely secure (or near as darn it).
 
WJA96 said:
Ask yourself this. Would you want your accountant taking your files home? Nope. Me either. Certainly, options like Citrix are expensive, but they’re completely secure (or near as darn it).
Click to expand...


Well I see your point but at the same time when everything was paperbased it was common to take the full accounts file home to work on. It’s in our agreement with the client that work can be carried out at multiple locations by company employees.

Teamviwever isn’t a long term solution due to the multiple monitor issue but I’ll check out Citrix thanks.

Is the USG not a secure option however?
 
The USG to USG tunnel will be secure enough for what you need. It would allow you to demonstrate due diligence because you made a reasonable attempt at data security.

If you were being EXTRA careful you might go with an L2TP tunnel (insecure) with IPSec (very secure) on top of that.
 
WJA96 said:
The USG to USG tunnel will be secure enough....
Click to expand...

What's the reason for site-to-site with the USG? Can you not do device-to-USG?

@Mark M Typically for small businesses we just use the edge router/firewall (usually Draytek's) to handle L2TP/IPSEC VPN duties and then configure individual clients accordingly.

We've tried using the VPN implementation on Synology's previously but frankly, it's finicky at the best of times.
 
Interesting thanks. As I’m on Virgin business at the office can I still use the Edge router and switch the Virgin router to modem only mode?
 
As much as the UBNT stuff is really good, this kind of situation is ideal Draytek territory. Small business wanting some basic business functionality. The UBNT stuff is great "if" it works first time, if not then you're spending hours picking through CLI.
 
What Draytek kit would you recommend that would work with Virgin broadband and I’ll have a look into the options thanks.
 
Mark M said:
Interesting thanks. As I’m on Virgin business at the office can I still use the Edge router and switch the Virgin router to modem only mode?
Click to expand...

You'll need to get the 5 static IP option from Virgin business for using a VPN as it gives you a routed subnet. You can't use modem only mode on Virgin business unless you have a dynamic IP. With the 5 IP option it doesn't matter about modem mode.
 
pcfarrar said:
You'll need to get the 5 static IP option from Virgin business for using a VPN as it gives you a routed subnet. You can't use modem only mode on Virgin business unless you have a dynamic IP. With the 5 IP option it doesn't matter about modem mode.
Click to expand...

I thought there were speed issues (or possibly other problems) with the Hitron and the GRE tunnels Virgin Media use?
To be honest, i can't say i've had the pleasure of dealing with a VM for businesses connection but i guess you could always continue with the 'sticky' IP address and use a Dynamic DNS services over the top for VPN duties - not ideal but would work.

Mark M said:
What Draytek kit would you recommend that would work with Virgin broadband and I’ll have a look into the options thanks.
Click to expand...

We typically deploy 2926's or the older 2920/2925 (dual WAN) but the 2862 and 2832 (xDSL + WAN) would also work as long as you don't need more than 32 tunnels. Otherwise you're looking at the 2952+ range.
Do note there's usually a handful of variants for each model - usually a vanilla non-wireless, a wireless 'n' or 'ac' and then a VoIP 'v' version.
https://www.draytek.co.uk/products/routers/firewalls
 
visibleman said:
I thought there were speed issues (or possibly other problems) with the Hitron and the GRE tunnels Virgin Media use?
To be honest, i can't say i've had the pleasure of dealing with a VM for businesses connection but i guess you could always continue with the 'sticky' IP address and use a Dynamic DNS services over the top for VPN duties - not ideal but would work
Click to expand...

They resolved the GRE tunnel speed issues some time ago. They are quite decent these days, they've haven't got much competition for a business provider at 500/35 Mbps for £62 per month.
 
Steveocee said:
As much as the UBNT stuff is really good, this kind of situation is ideal Draytek territory. Small business wanting some basic business functionality. The UBNT stuff is great "if" it works first time, if not then you're spending hours picking through CLI.
Click to expand...

Have you done a USG to USG VPN connection? It’s effectively UBNTs version of EoIP and it’s totally “click and it works”. You do need a USG at each end running identical firmware and controller versions but it’s very good and very robust.
 
WJA96 said:
Have you done a USG to USG VPN connection? It’s effectively UBNTs version of EoIP and it’s totally “click and it works”. You do need a USG at each end running identical firmware and controller versions but it’s very good and very robust.
Click to expand...

I can't say I have but what if OP decides to work from parents or Starbucks? Carrying a USG wouldn't work and a "simple" router VPN solution for a road warrior would by far be a better solution and scale better compared to providing every home worked a USG.

That's before any of us get into using SMB/CIFS mounts over a WAN connection, VPN or not it'll be painful for anything more than a small document.
 
You must log in or register to reply here.
Back
Top Bottom