Free VPN software?

[Shadowknight]

The company I work for wants a VPN connection setup... I was wondering if there are any free solutions out there that can handle around 15-20 connections?

 

[gsaldivar]

OpenVPN Community Edition either standalone or as part of a distro like Zentyal would work. You'd have to coordinate with your IT to get that up and running in conjunction with whatever gateway/perimeter you are using.

 

[Crusty]

Regardless what software you pick, it's not going to be free for your company to run it. If you're not paying up front for license costs, you'll be paying on the back end for support, infrastructure maintenance, and training.

Using 'free' as the main criteria for choosing a VPN solution will not get you anywhere very far.

What about some of your real business requirements? Total users? Simultaneous sessions supported? End user OSes to be supported? Are you going to be using software VPN clients only or will there be a hardware firewalls deployed to some users/locations? Does the VPN need to tie into your current user authentication and authorization systems?

 

[gsaldivar]

Regardless what software you pick, it's not going to be free for your company to run it. If you're not paying up front for license costs, you'll be paying on the back end for support, infrastructure maintenance, and training.

Using 'free' as the main criteria for choosing a VPN solution will not get you anywhere very far.

What about some of your real business requirements? Total users? Simultaneous sessions supported? End user OSes to be supported? Are you going to be using software VPN clients only or will there be a hardware firewalls deployed to some users/locations? Does the VPN need to tie into your current user authentication and authorization systems?

All good and quite valid points. OP needs to think carefully about this implementation. :thumbsup:

 

[Shadowknight]

Regardless what software you pick, it's not going to be free for your company to run it. If you're not paying up front for license costs, you'll be paying on the back end for support, infrastructure maintenance, and training.

Using 'free' as the main criteria for choosing a VPN solution will not get you anywhere very far.

What about some of your real business requirements? Total users? Simultaneous sessions supported? End user OSes to be supported? Are you going to be using software VPN clients only or will there be a hardware firewalls deployed to some users/locations? Does the VPN need to tie into your current user authentication and authorization systems?

I can't really give much in terms of in-depth answers, as it's been 7 years since I got a degree in IT and my job description ISN'T computer related... it just got dumped on me because "I'm that guy who knows computers." The company outsources the IT stuff to an outside contractor, but he's become increasingly lazy and difficult to get ahold of. I've tried asking him for a solution, but haven't gotten any responses in weeks.

As for what's needed... Basically, it's so some remote satellite offices and users on laptops at different locations can remotely login to the network to access files on the server. The server, as currently, acts as both the domain controller (no backup) and the file server. I'm concerned about having the server fill too many roles, but I really need some backup before asking the owner to pitch in more money for an additional computers to take the load of the existing server. The business is small enough currently where there aren't any network issues yet, but one day...

Anyway, we'd probably need a pure software solution as the laptop users might be accessing the files remotely on different locations. The routers used are Linksys SOHO routers, and I don't know how much you can really configure then for in-depth security. As I said earlier, it would handle up to 15-20 connections simultanousely. The server run Windows 2003 Server, and the computers the would need to connect run a mix of XP and Windows 7.

I need something relatively simple to implement, as many of the employees have trouble using something like Internet Explorer or e-mail. If I can try a solution on a laptop in the main office, then we can look at rolling it out to other locations once it's confirmed to work.

I'll try to look at OpenVPN next week; if anyone has any other suggestions, please mention them so I can try to look at all alternatives in case that one doesn't work out.

 

[gsaldivar]

Here is a 3 minute setup video using Zentyal (formerly called "eBox").

http://www.youtube.com/watch?v=L_CUiicCwEU

Zentyal's installer allows you to configure a box any way you want, as a gateway, a file server, a workgroup collaboration server, a VOIP server, VPN server, or all of the above. For your purpose you might install with only the OpenVPN and IDS (intrusion detection) modules turned on.

The English is heavily accented in that video, but there are subtitles which help. You will see the admin logging into the Zentyal GUI, creating SSL certificates for the server and clients, creating a new VPN server within Zentyal, downloading the user cert to a Windows client, and then logging into the VPN from within Windows. Once your clients are on the VPN, you can drop them on a subnet and restrict them from seeing other VPN clients, etc.

This all assumes you coordinate with your IT to securely open up a gateway/perimeter port for this server, direct external traffic to the server, and configure it properly within Zentyal etc.

Good luck!

 

[theevilsharpie]

If you have Windows Server 2003, you can use the built-in Routing and Remote Access service to provide PPTP VPN functionality. The VPN client is built into every version of Windows, and you can use CMAK to create scripts that will automate the setup.

 

[LokutusofBorg]

Aye, RRAS built into Windows. I use it every day to connect and work from home. Can handle many times your desired user count, as long as you have the hardware. I wouldn't worry about running it on the DC for a small business like that. Just monitor the server load and if it's outpacing the hardware, then that's the determinant to buy new hardware. Just make sure you have regular backups going.

 

[sourceninja]

I setup a openVPN solution in about 15 minutes. It did require me (because of the method of setup I picked) to add a route to our network configuration.

More recently we starting paying for OpenVPN Access Server. It is a great product. A simple install on linux or windows (or just download a prebuilt vm image) and hooks right into your AD/LDAP. User's go to a webpage, login, and download a exe that creates their vpn. Or you can install the client yourself.

The cost was next to nothing with $5.00 per concurrent user per lifetime.

 

[Mide]

http://www.filehippo.com/download_hamachi/

 

[IndyColtsFan]

Aye, RRAS built into Windows. I use it every day to connect and work from home. Can handle many times your desired user count, as long as you have the hardware. I wouldn't worry about running it on the DC for a small business like that. Just monitor the server load and if it's outpacing the hardware, then that's the determinant to buy new hardware. Just make sure you have regular backups going.

I was about to mention this as well. If you have a Windows server, you can configure RRAS to be a VPN endpoint and then use the built-in Windows client to connect. It is easy to maintain and offers relatively high performance. Just beware that if you have multiple subnets (which doesn't sound like it is the case), you'll need to make sure you adjust RRAS routing accordingly. The easiest way is to add static routes to the destination gateways.

If you want something better (and you should), you could think about ISA server as well. ISA Standard (it is now in the Forefront family) would be adequate.

 

[Gillbot]

Real VNC

Edit: Nevermind, I read VPN and thought VNC, DOH!