If your small business has multiple offices, you can create a Virtual Private Network (VPN) over the Internet to connect them. This will let you share files and resources as though you were physically connected on the same network. We'll discuss the common VPN methods and review a couple of solutions you can consider using for your small business network.
Common VPN Protocols
To connect entire networks together via a VPN (commonly called site-to-site connections) it's best to make the connection at each location's main network router or gateway, which requires a router or a gateway with built-in VPN functionality. You'll find most VPN solutions also support remote access to users outside of the office; for example, when your employees use Wi-Fi hotspots at hotels, airports, or even their home. This requires that their computer or mobile device supports the same VPN method as your company's VPN solution.
Here are the main VPN protocols or methods you'll find:
PPTP: Generally the least secure method. However for providing remote access to users outside of your offices, PPTP is natively supported on Windows and most other operating systems and mobile devices. But there can be connection issues when employees connect from networks that don't allow VPN pass-through.
L2TP/IPsec: Better security than PPTP, but usually more complicated to setup. For providing remote access to users outside of your offices, it's natively supported on most computers and mobile devices but also has similar connection issues to PPTP.
SSL: Typically designed for providing remote VPN access to users outside of your offices, not connecting entire networks. The connection is made via a Web browser and doesn't require a VPN client on the computer or device.
OpenVPN: Typically only included on routers with an open source firmware or operating system. To provide remote access to users outside of your offices, users would have to have an OpenVPN client installed on their device, since it's not natively supported by Windows, Mac OS X, or mobile devices. But it doesn't suffer from the connection issues PPTP and L2TP/IPsec do.
Buy Off-the-Shelf VPN Routers
There are many network routers (wired and wireless) that have VPN functionality built-in, which can also be called VPN gateways or VPN firewalls. These are great for long-term reliable use, and they require minimal effort. They usually also support remote connections for employees who want VPN access when out of the offices.
Here are three VPN routers worth your consideration:
ZyXEL ZyWALL 802.11n Wireless Internet Security Gigabit Firewall (USG20W): A business-class 802.11b/g/n wireless router with Gigabit Ethernet providing IPsec and SSL VPN. It also supports VLANs, multiple SSIDs, and 3G WAN backup. It also features content filtering and anti-spam, which require a yearly subscription.
Cisco Wireless Network Security Firewall Router (RV220W): A business-class wireless router offering IPsec and SSL VPN with support for Cisco's Small Business QuickVPN software. It also features dual-band 802.11a/b/g/n Wi-Fi and Gigabit Ethernet. It also supports VLANs and multiple SSIDs.
Netgear ProSecure UTM Firewall with Wireless N (UTM9S): This is a Unified Threat Management (UTM) wireless router offering IPsec and SSL VPN support. It features dual-band 802.11a/b/g/n Wi-Fi and Gigabit Ethernet. And it also provides anti-virus, anti-spam, content filtering and intrusion protection. It offers dual WAN support, VLANs, and multiple SSIDs.
Upload After-Market Firmware to a Consumer Router
If you'd like to save some money you can create your own VPN router by loading after-market firmware, such as DD-WRT or Tomato, on a cheaper consumer-level wireless router. Both DD-WRT and Tomato come with an OpenVPN server and client, so you can do site-to-site connections and also offer remote access to users outside of the offices. However, not all wireless routers support these types of firmware.
Though both of these firmware options add enterprise features, wireless routers generally aren't designed for heavy office use and have minimal CPU, memory, and storage resources. I recommend this solution only for smaller networks that have up to a dozen users per location.
Convert PCs into VPN Routers
If you'd like to build your own VPN router but need a more powerful solution to support a dozen or more users per location, consider turning a spare PC into a router with a router operating system. Here are a couple free or open source options:
Untangle: Installs on your PC via a bootable CD, providing free OpenVPN support and a paid app for IPsec.
Zeroshell: Runs from a bootable live CD or you can permanently install, provides free L2TP/IPsec and OpenVPN.
RouterOS: Installs on your PC via a bootable CD, offering PPTP, L2TP/IPsec, and OpenVPN free for a single tunnel, but you can purchase a subscription for more tunnels.
If you want to delve more deeply, you can read these articles on how to setup the VPN server on Zeroshell, RouterOS, Untangle and Endian.
- Bonded VPNs for Higher Throughput and Failover with Zeroshell Linux
- Creating a VPN Server with RouterOS
- Secure VPN the Easy Way With the Linux-based Untangle Router
- Setting Up an Open Source Server, Firewall and Router on Endian
Use a Software Solution
If you need to connect only a dozen or fewer users via a VPN, you might consider using a software solution instead of purchasing or creating a VPN router for each location. These software solutions can support file and resource sharing, text chat, and remote desktop connections.
Eric Geier is a freelance tech writer. He's also the founder of NoWiresSecurity that helps businesses protect their Wi-Fi with enterprise (802.1X) security and On Spot Techs that provides on-site computer services.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|