Sign in with
Sign up | Sign in
Your question

VPN solution for customer machines

Last response: in Networking
Share
July 29, 2011 3:49:04 PM

Hi guys,

I work for a small company that supports some customer machines. Currently to connect to these machines we use modem lines connected to a service laptop which is in the machine, which can be extremely slow. The service laptops also have regular network connections so I figured couldn't we be using some sort of VPN software to securely connect to these machines? This way we are not restricted to the unreliable and slow modem lines.

What kind of software suite could we use to do this? We want to avoid having to buy hardware to install at each customer because of cost, but if there is no other way I would appreciate if someone could explain it in detail how we would need to implement it.

As a lowly tech I just want to try and make our group's job easier.

Thanks all!
July 29, 2011 5:53:27 PM

I went through this same problem about 7 months ago. What we ended up doing was going with a hardware based VPN solution. We have come to dislike VPN's for its lack of speed and its lack of integrity when compared to dedicated lines (MPLS, T1, T3, etc.), but when comparing the costs of all the network solutions, a VPN simply cannot be beat from a small business standpoint.

When we started going through devices to see what we wer going to use, we started with Netgear Prosafe vpn firewall. This is a buisiness class series from Netgear and we fell in love with the FVS338. This only has 10/100 ports on the built in switch (but it has a 75Mbps full duplex Wan port which made this perfect) but that does not matter as though we are using Gb switches behind the router itself.

At first we tried the FVS318 which had a half duplex WAN interface limiting the speeds to 5Mbps and then we tried using the FVS318G which had a built on Gb switch, but the interface was not developed enough and it was giving us problems. Netgear support was not lacking but their solution to this problem was to use beta firmware, which was not acceptable in a business environment.

I recommend calling Netgear(or any other networking device company) and finding a comparable piece of hardware that would be acceptable for your needs. It only cost us about $90 per device and they are supporting about 50 users at 3 locations. A cheap and somewhat reliable solution when compared to a software based VPN.

Oh and also, the VPN setup wizard is a piece of cake and works like a charm every time (the vpn goes down like clock-work every 3 weeks and I just delete the IKE and VPN policies, and then run the wizard again. Inconvenient, yes. Easy, absolutely).

Good luck!
m
0
l
July 29, 2011 6:18:36 PM

Hmm so we would definitely have to have hardware for each customer location? A dedicated line would definitely be out the question cost wise, I may have a difficult enough time convincing them of the hardware.
m
0
l
Related resources
July 29, 2011 6:37:27 PM

No there are software solutions out there like Hamachi and Tunngle, but a hardware based VPN was better for our implementation. A hardware solution looks more professional than a software solution and I would imagine that it would have a higher bandwidth and latencies than a software based solution (there wont be a computer acting as the gateway that has to process all of the data as well as the data coming from the computer normally)

Also, you have to think about backups and uptime. If you have the VPN on a computer, and the computer dies, you have to get a computer up and running and reconfigure everything. you can easily export the configurations from a VPN router, and if it were to fail, you plug in a new one and it takes about a minute to upload the configuration file to it.

IMHO a hardware based VPN is going to be more reliable and professional. Also, once you are familiar with setting up the hardware VPN's, that is something that you can market about your skills as a tech.

Good luck!
m
0
l
July 29, 2011 6:41:20 PM

One of our biggest problems is that our customers are unwilling to put our hardware on their networks... I have no idea how we can work around this except to force them to agree to our terms. Thats why I brought up the solftware VPNs because usually the service laptop is already connected to a LAN in some way.
m
0
l
July 29, 2011 6:47:19 PM

What we did was we ordered the hardware and have our sales rep send our client the bill. This way they can see that there is no markup and that the hardware is theirs, not ours that they are "borrowing for the life of the contract". Once the hardware is setup, they don't have to worry about someones hardware because its theirs.
m
0
l
July 29, 2011 6:51:26 PM

I think it's more of a security concern not ownership, but that's part of the business I am not usually included in haha
m
0
l
July 29, 2011 6:54:17 PM

Aah, well it looks like your out of options then, hahaha. I guess the best thing to do now would weigh in all the pros and cons and present that to your client. I still have to recommend hardware, but I'm not the one that's going to be paying the bill.

Good luck with all of this mess haha!
m
0
l
!