Simple VPN solution/HW vs. Software

[noirfan]

I'm trying to decide on a solution to remote desktop back to my server at my home office when out on the road. I'd basically need something that supports 2-3 SSL VPN connections to the network. I have a Windows Home 2011 Server in place right now that I use (via it's builtin homserver.com function), but I don't see the point (or need) for a full-blown WHS when I'm only using it as a RDP solution.

I've looked at a couple of option, and pared it down to the following:

1. Untangle (I have a spare mini-itx box w/G620 laying around I could use this for)
2. ZyXel UGS 50
3. Sonicwall TZ100

I understand that Untangle would be the cheapest solution, but I thought I'd solicit feedback on it as far as a Hardware vs. Software solution? I don't need a lot of the bells and whistles that come with the TZ100 or UGS 50, but if overall it's a better solution than Untangle, I'm all for low maintenance.

If I went the Untangle route, I'm wondering what everyone's opinion of on-board NICs vs. add-on NICs (i.e. Intel EXPI9301CTBLK) would be for this?

Thanks, in advance, for your inputs.

 

[bill001g]

You are in effect building your own hardware appliance. The people that have issues try to run the VPN on the same server as another application that is already eating the system. You should have no capacity issues at all with only 2 or 3 sessions.

Many of the lower end VPN boxes do not even have specialized hardware to do encryption they pretty much load a cut down unix system in their box and charge lots of money for it. Only in high end system do you start to see the fancy encryption processors added.

The key reason to buy a appliance is ease of support and low skill employees can operate them.

Adding a second nic may make your configuration simpler rather than running with a single one for both your inside and outside network. I doubt you will see much difference in performance since your internet connection will tend to be the limiting factor

 

[eibgrad]

IMO, the simplest and easiest solution, by far, is LogMeIn Hamachi. You install it on the server and the laptop (using the default Mesh network type). It creates a virtual network adapter on each machine using the 5.x.x.x network, secured by SSL. You then join both machines to the same named network (a name of your choosing) to hook them up. Now you address each machine via their respective 5.x.x.x IP addresses. Optionally, associate those IPs w/ a hostname in your local hosts file for convenience. You can run any protocols over it you like; RDP, VNC, SMB (Windows File Sharing), telnet, ftp, anything, even LogMeIn remote desktop! No need to manage your firewall (it uses NAT traversal to navigate it), is never blocked by ISPs (since it uses port 443), and doesn’t require DDNS (because it provides its own discovery service). It’s even smart enough to create a local connection when both machines are behind the same firewall, so you could use the same configuration whether at home or remote! You could even use it w/ Privoxy to create a socks5 proxy for protecting your open wifi on the road. And it’s FREE (for up to 5 machines). There’s no better bang for the buck imo.

https://secure.logmein.com/products/hamachi/

 

[noirfan]

IMO, the simplest and easiest solution, by far, is LogMeIn Hamachi. You install it on the server and the laptop (using the default Mesh network type). It creates a virtual network adapter on each machine using the 5.x.x.x network, secured by SSL. You then join both machines to the same named network (a name of your choosing) to hook them up. Now you address each machine via their respective 5.x.x.x IP addresses. Optionally, associate those IPs w/ a hostname in your local hosts file for convenience. You can run any protocols over it you like; RDP, VNC, SMB (Windows File Sharing), telnet, ftp, anything, even LogMeIn remote desktop! No need to manage your firewall (it uses NAT traversal to navigate it), is never blocked by ISPs (since it uses port 443), and doesn’t require DDNS (because it provides its own discovery service). It’s even smart enough to create a local connection when both machines are behind the same firewall, so you could use the same configuration whether at home or remote! You could even use it w/ Privoxy to create a socks5 proxy for protecting your open wifi on the road. And it’s FREE (for up to 5 machines). There’s no better bang for the buck imo.

https://secure.logmein.com/products/hamachi/

Thanks for the suggestion. I'd actually thought about Hamachi, but I've read stories of reliability issues with it (i.e. when LogMeIn's servers go offline, sometimes for hours). I suppose in the endgame, it might not be any different than my ISP's network being down.

 

[eibgrad]

Thanks for the suggestion. I'd actually thought about Hamachi, but I've read stories of reliability issues with it (i.e. when LogMeIn's servers go offline, sometimes for hours). I suppose in the endgame, it might not be any different than my ISP's network being down.

Well sure, like anything else where you depend on a third party, there's the issue of uptime and availability. FWIW, I've been using it for many years now, and it's been no worse for me than anything else in that regard.

But even so, it's my opinion you should always give yourself at least TWO options for remote access (I usually have 3-4), for this and other reasons. You just never know if an ISP will block a port, or the VPN server/peer crashes, etc. I also run a PPTP VPN and SSH server. I tend to use them for other purposes, but they do give me the ability to run remote desktop too should it be necessary.

But at least for a starter solution and one that’s pretty easy to implement, it’s hard to beat. There are other similar solutions that don’t rely on third parties (e.g., NeoRouter).

 

[noirfan]

Best answer selected by noirfan.

 

[noirfan]

Thanks to both of you for your replies. In the end, I decided to "roll my own" - it was very easy to do and is working extremely well. I suppose it also appeals to the control freak in me, since I can monitor events, logs, etc.