Need to setup a VPN between two offices

bledd

bledd

bledd

Don
Joined
21 Oct 2002
Posts
46,829
Location
Parts Unknown
How do I go about doing this, I can do port forwarding etc

In the past I've just used Hamachi as it's been for personal use, now I need to do it between two offices

All machines are running Windows XP/2003, and I can manage both offices from here at the moment to set them up (over hamachi)

Router on the other side is a BT2700HGV if that makes any difference
 
Another solution to consider is to use a hardware Firewall at both ends and site up a site to site nailed up tunnel.
I have used Sonicwall TZ190's to setup site to site VPN's between 3 offices.
Basic Sonicwall goes for around £350 and gives you up to 15 site to site licenses. Can be a bit trick to setup at first, but if you go for support (around £200 for 3 years) they will connect to the sonicwall and sort it out for you.

Once setup, you leave it alone.
 
I've got a site to site link between home and my flat in london. One end is a mini itx box running pfsense (variant of m0n0wall), home is a Draytek Vigor.

Lots of routers seem to be able to do this if you don't want to go to the expense of a Cisco/Sonicwall box.
 
Personally i think you're better off with OpenVPN, set up a point to point tunnel, use dedicated firewall boxes at each end (eg pfsense/endianfw/ipcop etc (or a more plain linux if you know what you're doing)) and then just set up routes on each one.

There are hundreds of openvpn howto guides around, but basically its much easier if your vpn box is the default gateway as it makes routing a lot simpler.
 
dave-lew99 said:
but basically its much easier if your vpn box is the default gateway as it makes routing a lot simpler.
Click to expand...
Just a bit! My tunnel is always up - it's just like having one network, just with a slower link. I have occasionally forgotten to change default printer and printed stuff 300 miles away. Completely seamless.
 
Is it a business? Can they afford the link to be down/troublesome?
No messing, get a proper vpn endpoint for each site, my preferencre being cisco kit.
 
It depends on how well you test/implement it, last time i had to do somthing that invasive i got the downtime to around 30 seconds because i'd had it running for some time in an isolated environment.

As for being stable, my 3 openvpn sessions that are running permanently have never gone down due to application crash (ie only as stable as the internet has been) and have reconnected straight away if the internet has gone down.

I'm going to open myself up to fire here, but, Cisco isn't the be all and end all of networking, i recently had to vpn into a client's site to fix a problem they were having with one of our systems and the company who manages their network took 4 days to open a port and only managed that with the help of Cisco themselves. As a result our client wasn't best pleased that we couldn't sort the problem straight away.
 
dave-lew99 said:
The company who manages their network took 4 days to open a port and only managed that with the help of Cisco themselves. As a result our client wasn't best pleased that we couldn't sort the problem straight away.
Click to expand...

So basically the support company didn't know how to configure the hardware? doesn't sound like a Cisco problem to me ;)
 
Actually, for SME networking Cisco pretty much is the be all and end all, nobody makes kit which is as good for the market. As said, it's nothing to do with Cisco if some dumb idiot can't do basic config work.
 
bledd. said:
All machines are running Windows XP/2003, and I can manage both offices from here at the moment to set them up (over hamachi)
Click to expand...

If you have a 2003 server at oth ends then why not use RRAS to set up a site to site VPN? Google RRAS VPN for more info. Done with lots of times for many companies and other than Cisco hardware is the best way to do it.
 
tonyyeb said:
If you have a 2003 server at oth ends then why not use RRAS to set up a site to site VPN? Google RRAS VPN for more info. Done with lots of times for many companies and other than Cisco hardware is the best way to do it.
Click to expand...

Other than a dedicated firewall it's the best way yes, not terribly hard to set up either.
 
from the specs
http://www.btbroadbandoffice.com/broadband/router-information/2700hgv-technical-specification
it seems like it'll just do VPN passthrough.

As it's for a site-site office link, I'd go for hardware.
Get two drayteks (http://www.draytek.co.uk/) as they do VPN termination and are solid.
Maybe one of the firewall models if one end is providing the net access for both offices

Sonicwall to Draytek VPN works OK too, but it's easier to configure if both sides look the same.

OpenVPN looks really nice, not used it though,
(IMHO) Server-Server VPN is OK if you happen to have one at both ends or need some funny config, but this is really what routers were made for.
 
thanks for the info guys

for now i've just created windows 2x hamachi connections for 2 users (that's all they basically need)

will look into what you've suggested, but i doubt my boss wants to spend much money, for what they need it for, sending files over email wouldn't be that much of a bother..

i hope he does want to spend the money tho, so i can get a bit more experience in networking, i've got home networking to a tea now (really not much to it though)


edit, will look into getting two draytek routers, can anyone suggest ones that'll work (one of the directors will want wireless for one office), not much traffic goes through them tbh, at the moment one office is using a usb1.1 modem -> firewall box :E so that really needs replacing -max adsl in the area is 1.5, but the modem limits it to 1.1 :)
 
Last edited:
If you are going to do it yourself then don't go down the Cisco route. Yes it may be the best kit but its going to cost you money to get them up and running. Something like a Sonicwall or zyxel would be a decent cheaper alternative.
 
You must log in or register to reply here.
Back
Top Bottom