Which VPN is right choice for me???



  • I have users wishing to work from home… They don't need access to anything at our office, but they need to be able to browse the internet with our office Public IP.

    We use IP Authentication for remote Colos and can't whitelist their home IPs because they are DHCP and change all the time.  It's super frustrating so I would like to see if this is a possibility.

    If it matters, they are all Apple (Mac) users...

    If I want users to connect from home, and be able to browse the web with our IP, which VPN is the right choice for us?

    Thanks for the help!



  • Do you have ssh server? it would be good also

    Openvpn should work with mac also, but if you need to use proxy you should use tcp protocol instead of udp



  • @Metu69salemi:

    Do you have ssh server? it would be good also

    Openvpn should work with mac also, but if you need to use proxy you should use tcp protocol instead of udp

    Hey Metu69Salemi,

    Thanks for helping again!  Not sure I follow you though… SSH Server?

    Does Openvpn use udp?  Is there an option to use TCP?



  • there is option to use tcp, but it slows vpn quite a lot, because tcp itself is heavier protocol than udp(more trafic)

    
    **** THIS PART DOESN'T BELONG TO THIS FORUM ****
    i mean't that you could a virtual linux(or whatever) server, where you give useraccounts for company workers.
    with using certificate logins and creating tunnel you could use socks proxy via that tunnel.
    you could google socks-proxy via ssh-tunnel
    **** THIS PART DOESN'T BELONG TO THIS FORUM ENDS ****
    
    


  • If your users only need to browse the web with the work public IP then SSH is the best solution. If the users need to access more than the web than you will need a VPN.



  • OpenVPN is probably the simplest, cross platform, VPN solution.

    Use UDP with OpenVPN - you only use TCP when the client has to connect to the VPN server through a web cache (proxy server) - when they cannot connect direct. Using TCP can lead to major performance issues.



  • PPTP is easy to set up and is included in almost every desktop OS.  It's much easier than OpenVPN and SSH (though SSH is an excellent choice if you're into scripting!).  The drawbacks of PPTP are that it doesn't work if you have poor connection quality, and it doesn't work through Sprint's cellular service.  It works fine with Verizon and AT&T.



  • @darnitol:

    PPTP is easy to set up and is included in almost every desktop OS.  It's much easier than OpenVPN and SSH

    In 2.0 openvpn is as easy to setup than pptp, atleast imho. but you're right about pptp that it is widely supported from out-of-box



  • Is OpenVPN a better solution than the L2TP?  We are an all Mac shop and I see L2TP is "built-in" to Mac OS X.

    What are the differences?

    If I want to use OpenVPN, then do my clients need to download 3rd party code?



  • Define "better" ;) A quick Google search turned up quite a few articles giving comparisons, which should give you what you need to make your own decision.



  • Touche!

    I am looking for a relatively simple deployment.  Since all my clients are using Apple, I figured L2TP since it is built into the OS.

    I would prefer OpenVPN for overall "awesomeness"  (mainly the quicker speed) – BUT,  I can't seem to find a simple (and free) Mac OpenVPN Client (software) package which is easily installed by my "less technical" users.

    Suggestions?



  • I've used TunnelBlick before and it, to me, seemed ok. I've never used Viscocity - not having a Mac I've little experience. The OpenVPN mailing list may be a better place to get feedback.

    All of it probably depends on how much you can package/automate and how much the end user has to do.



  • Right, I want the end user experience to be simple download of .dmg (.exe equiv) and install, run, enter creds = WORKING VPN.



  • You can do that with OpenVPN's access server, but not with the open source version. It may be that L2TP is simpler for your users.



  • Viscosity works nicely and has the config export. It doesn't pre-package it into a dmg but it's easy to get the dmg + export to the user.


Log in to reply