Simplest client(s) to site VPN solution on ERLite‑3?

[aznphatb0i]

Hey fellas!

1. My office internet is powered by an ERLite-3
2. There are a couple of devices on my LAN that can only be accessed via local IP (think Android ADB)
3. I would like to allow 2-3 remote users who live geographically far away to access the office local network so they can access these devices. They are trusted users.

What is the simplest solution here? I think a VPN is the right tool for the job - if so what are the steps of the simplest ERLite-3 VPN option for the described problem?

Appreciate your expertise!

 

[ch33zw1z]

https://community.ubnt.com/t5/EdgeMAX/Set-up-ER-Lite-3-as-OpenVPN-Server/td-p/1335535

section 6 of the first guide:

https://www.google.com/search?q=erlite-3+guides&ie=utf-8&oe=utf-8

 

[aznphatb0i]

Thanks for the response!

1. I read that SoftEther is a better version of OpenVPN
2. I read that only L2TP has hardware acceleration on the Edgerouter Lite 3

Is there a reason to use OpenVPN instead of the other solutions?

 

[ch33zw1z]

From your link, softether will take more expertise to setup. If you're familiar and somewhat confident with Linux cli, give it a shot.

 

[aznphatb0i]

It looks like L2TP/IPSEC is available and hardware accelerated. Would running that directly on my ER3L be the best option?

 

[freeskier93]

It looks like L2TP/IPSEC is available and hardware accelerated. Would running that directly on my ER3L be the best option?

Yes, just use the baked in VPN, it's going to give you the best performance.

https://help.ubnt.com/hc/en-us/articles/204950294-EdgeRouter-L2TP-IPsec-VPN-Server#port forwarding

You might want to look at a dedicated machine for running the VPN though. I have L2TP set up on my Edgerouter Lite, it works fine for occasional personal use, but it's not exactly rock solid reliable.

 

[aznphatb0i]

Yes, just use the baked in VPN, it's going to give you the best performance.

https://help.ubnt.com/hc/en-us/articles/204950294-EdgeRouter-L2TP-IPsec-VPN-Server#port forwarding

You might want to look at a dedicated machine for running the VPN though. I have L2TP set up on my Edgerouter Lite, it works fine for occasional personal use, but it's not exactly rock solid reliable.

Thanks for that advice! Would you recommend that I instead install SoftEther on an older AMD E-Series / 2GB machine? Would I just have to install SoftEther on it and use the GUI interface to configure everything?

Would that be better than L2TP on the ER3L?