[aklug] Re: OT(?): Remote Access VPN

From: Royce Williams <royce@tycho.org>
Date: Tue Oct 20 2015 - 12:42:58 AKDT

On Tue, Oct 20, 2015 at 11:18 AM, Christopher Howard
<christopher.howard.asi@gmail.com> wrote:
>
> So, now I am trying to figure out if it is worth monkeying around with this some more to get it working, or if I should look at some other approach. Maybe just put a small Linux box on the network and run a FOSS VPN server from it? (I'm imagining complications down the road trying to get user authentication tied into the AD system if we eventually get multiple users.) I looked on our gateway router but didn't see any kind of VPN functionality.

pfSense -- hands down. GUI, functionality, performance. The OpenVPN
setup wizard is great. You can cobble together a proof of concept
with any PC with two NICs and a hard drive. Give it a spin and you'll
see what I mean.

Since you want the box to just run 24x7, going fanless and motionless
(CF or SSD) would be good.

Board (Google for APU1D4):

http://www.pcengines.ch/apu1d4.htm

I used to only get them straight from Netgate, but they're only
offering in bulk right now because they're biasing towards pfSense
store boxes instead -- same people.

Other sellers:

http://www.pcengines.ch/order.php

... or order direct from PC Engines:

http://www.pcengines.ch/order1.php?c=4

For ~$250 shipped, you can be up and rolling with an enterprise-grade
firewall. Buy two and you can set them up in HA. :)

Also, buy an inexpensive UPS at Costco, get a new battery from Frigid
every ~22 months, and hook up the modem, wireless, and firewall to it
so that you have good uptime - and connectivity during local power
outages.

Royce
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Oct 20 12:43:50 2015

This archive was generated by hypermail 2.1.8 : Tue Oct 20 2015 - 12:43:50 AKDT