VPN for multiple mobile PCs (for actual vpn, not websurfing)

weird_dave · 16 Mar 2019 at 13:34

I'm looking at options for connecting multiple remote mobile PCs to a vpn so that I can treat them like I would any other PC on my network (obviously assuming I also connect to the vpn!).
Is OpenVPN on a hosted server the way to go?

BigT · 16 Mar 2019 at 16:45

Yes you need an VPN server on your local network and your router to route appropriate traffic to it and around your network. OpenVPN is as good a standard as any. You may also need a dynamic DNS service to give you a consistent address to connect your clients too. I do all these things on my router for simplicity.

weird_dave · 16 Mar 2019 at 17:23

I don't plan on hosting this myself, so I'm looking at something like:
https://www.ovh.co.uk/order/vps/#/v...os~'openvpn__debian8-openvpn~osLanguage~'en))
The data rate will be fairly low but there will be >30 PCs connecting in.

bledd · 17 Mar 2019 at 18:39

You can have a raspberry pi on site to do the openvpn server.

Avalon · 17 Mar 2019 at 20:47

It depends on your local connectivity, the other clients connectivity, location, peering, security requirements and what sort of IO load you are expecting. Personally I prefer to have physical control of the server all things being equal, but it depends on your needs - 30 people all grabbing a 1GB file at the same time isn’t going to work if you only have a 20Mbit uplink to use an extreme example.

30 users sounds more commercial than personal, that being the case it can get more complex in terms of company policy/security/auditing/logging for compliance etc. can you be any more specific about what you’re doing and why? OpenVPN is a single threaded process, it’s affected by core speed and hardware instructions such as AES-NI can help, but it scales badly. Other technologies such as IPSec may be acceptable, on a personal basis you could use other more bleeding edge stuff, but commercially that’s generally a bad idea.

weird_dave · 19 Mar 2019 at 11:45

Thanks for the responses

OK, some more background information...
I have installed dataloggers (a PC recording data) on a bunch of trains. I'm trying to come up with a solution for looking at things remotely but without using the company network, too much red tape, so I'm going it alone, which also means it needs to be cheap

Security is of some concern, I don't want anyone gaining access and breaking the logging.
I was considering a trial using a raspberry Pi at home to start with

I'd probably want each to have separate logins so if someone does manage to get a valid set of login details, I can disable just the one and go change it rather than have to change all of them.

BigT · 19 Mar 2019 at 11:59

Most big companies, and I assume this includes Network rail and train firms, have that red tape in there for a reason and doing what you're considering doing would get you fired in my experience. I don't have a great solution for you and I hope it works out how you want but be careful. I mean imagine it is Hitachi as the train manufacturer and you're sending performance stats to yourself and Bombardier got hold of it.

Still this isn't meant to be a condescending lecture - just looking out for you. Good luck.

weird_dave · 19 Mar 2019 at 12:11

Fortunately, my boss is quite aware of this, I did say we should ask IT if they can help but we both know that's a joke

The data doesn't really contain anything that's useful to outside parties, things like engine hours and fuel levels would be of use to the train operator and we may end up offering that as a service, but to start with we just want to be able to look at things ourselves.