Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Which VPN is right choice for me???

    General pfSense Questions
    6
    15
    3964
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sierradump last edited by

      I have users wishing to work from home… They don't need access to anything at our office, but they need to be able to browse the internet with our office Public IP.

      We use IP Authentication for remote Colos and can't whitelist their home IPs because they are DHCP and change all the time.  It's super frustrating so I would like to see if this is a possibility.

      If it matters, they are all Apple (Mac) users...

      If I want users to connect from home, and be able to browse the web with our IP, which VPN is the right choice for us?

      Thanks for the help!

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi last edited by

        Do you have ssh server? it would be good also

        Openvpn should work with mac also, but if you need to use proxy you should use tcp protocol instead of udp

        1 Reply Last reply Reply Quote 0
        • S
          sierradump last edited by

          @Metu69salemi:

          Do you have ssh server? it would be good also

          Openvpn should work with mac also, but if you need to use proxy you should use tcp protocol instead of udp

          Hey Metu69Salemi,

          Thanks for helping again!  Not sure I follow you though… SSH Server?

          Does Openvpn use udp?  Is there an option to use TCP?

          1 Reply Last reply Reply Quote 0
          • M
            Metu69salemi last edited by

            there is option to use tcp, but it slows vpn quite a lot, because tcp itself is heavier protocol than udp(more trafic)

            
            **** THIS PART DOESN'T BELONG TO THIS FORUM ****
            i mean't that you could a virtual linux(or whatever) server, where you give useraccounts for company workers.
            with using certificate logins and creating tunnel you could use socks proxy via that tunnel.
            you could google socks-proxy via ssh-tunnel
            **** THIS PART DOESN'T BELONG TO THIS FORUM ENDS ****
            
            
            1 Reply Last reply Reply Quote 0
            • T
              tommyboy180 last edited by

              If your users only need to browse the web with the work public IP then SSH is the best solution. If the users need to access more than the web than you will need a VPN.

              -Tom Schaefer
              SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

              Please support pfBlocker | File Browser | Strikeback

              1 Reply Last reply Reply Quote 0
              • Cry Havok
                Cry Havok last edited by

                OpenVPN is probably the simplest, cross platform, VPN solution.

                Use UDP with OpenVPN - you only use TCP when the client has to connect to the VPN server through a web cache (proxy server) - when they cannot connect direct. Using TCP can lead to major performance issues.

                1 Reply Last reply Reply Quote 0
                • D
                  darnitol last edited by

                  PPTP is easy to set up and is included in almost every desktop OS.  It's much easier than OpenVPN and SSH (though SSH is an excellent choice if you're into scripting!).  The drawbacks of PPTP are that it doesn't work if you have poor connection quality, and it doesn't work through Sprint's cellular service.  It works fine with Verizon and AT&T.

                  1 Reply Last reply Reply Quote 0
                  • M
                    Metu69salemi last edited by

                    @darnitol:

                    PPTP is easy to set up and is included in almost every desktop OS.  It's much easier than OpenVPN and SSH

                    In 2.0 openvpn is as easy to setup than pptp, atleast imho. but you're right about pptp that it is widely supported from out-of-box

                    1 Reply Last reply Reply Quote 0
                    • S
                      sierradump last edited by

                      Is OpenVPN a better solution than the L2TP?  We are an all Mac shop and I see L2TP is "built-in" to Mac OS X.

                      What are the differences?

                      If I want to use OpenVPN, then do my clients need to download 3rd party code?

                      1 Reply Last reply Reply Quote 0
                      • Cry Havok
                        Cry Havok last edited by

                        Define "better" ;) A quick Google search turned up quite a few articles giving comparisons, which should give you what you need to make your own decision.

                        1 Reply Last reply Reply Quote 0
                        • S
                          sierradump last edited by

                          Touche!

                          I am looking for a relatively simple deployment.  Since all my clients are using Apple, I figured L2TP since it is built into the OS.

                          I would prefer OpenVPN for overall "awesomeness"  (mainly the quicker speed) – BUT,  I can't seem to find a simple (and free) Mac OpenVPN Client (software) package which is easily installed by my "less technical" users.

                          Suggestions?

                          1 Reply Last reply Reply Quote 0
                          • Cry Havok
                            Cry Havok last edited by

                            I've used TunnelBlick before and it, to me, seemed ok. I've never used Viscocity - not having a Mac I've little experience. The OpenVPN mailing list may be a better place to get feedback.

                            All of it probably depends on how much you can package/automate and how much the end user has to do.

                            1 Reply Last reply Reply Quote 0
                            • S
                              sierradump last edited by

                              Right, I want the end user experience to be simple download of .dmg (.exe equiv) and install, run, enter creds = WORKING VPN.

                              1 Reply Last reply Reply Quote 0
                              • Cry Havok
                                Cry Havok last edited by

                                You can do that with OpenVPN's access server, but not with the open source version. It may be that L2TP is simpler for your users.

                                1 Reply Last reply Reply Quote 0
                                • C
                                  cmb last edited by

                                  Viscosity works nicely and has the config export. It doesn't pre-package it into a dmg but it's easy to get the dmg + export to the user.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post