Page 1 of 8 12345678 LastLast
Results 1 to 13 of 96

Thread: VPN Routers

  1. #1
    Join Date
    Jan 2008
    Location
    In the work truck
    Posts
    3,250
    Post Likes

    VPN Routers

    I was wondering what products you are using the securely access remote site via a VPN server such as OpenVPN.

    Is anyone using TosiBox?

    I bought a Ubiquity Edge Router and spent way too much time with support and in the command line trying to set OpenVpn Server up with my last failed attempt tonight. I want to move on to option B. It pains me to do this as I have heard good things about ubiquity but after a while it gets tiring.

    So. If you don't mind sharing. What are you using? Pro/cons?
    Gotta have the right tool for the job!

    Where is all the stuff MADE IN THE USA?

    "Thats what we do Troy. Incredible, Invisible, Imbelivable things. We are an Unseen, Unknown, Unvincible fraternity of craftsman.."

  2. #2
    Join Date
    Jan 2003
    Location
    USA
    Posts
    5,197
    Post Likes
    The ERX isn't the easiest to get up and running, it is however very flexible. Once you get it up and running, there isn't a configuration I haven't been able to sort out with it.

    We have about 12-15 Peplink BR1s deployed as well. Mainly we use these as internet in a box with 4g as the internet connection. They can however use a wired connection just as well.

    Pros
    Rock solid, never have connection issues unless signal is lost and even then it connects automatically.
    PPTP & L2TP VPN included.
    Can use multiple SIMs as fail over or if data caps exceed switch to the other
    Firmware is still updated regularly
    "cloud" management
    External antenna connections for remote mount

    Cons
    Expensive ~$600 (before admin cries about pricing, its all on amazon and many other sites)
    Cloud management is free under initial warranty, after that its something like $150/yr/device
    While PPTP works perfectly with the builtin MS VPN client, L2TP was a problematic at least a few firmware revs ago
    Not din rail mount or 24vac power

    Contemporary controls also has a new router with VPN that's standalone, not VPN SaaS.
    Last edited by orion242; 08-14-2018 at 08:13 PM.
    Propagating the formula. http://www.noagendashow.com/

  3. #3
    Join Date
    Sep 2002
    Location
    Hampton Roads, Virginia
    Posts
    1,996
    Post Likes
    Got one site using Tosibox, seems OK so far. Hardware key a bit of a pain, but "Softkey" makes it a lot less hassle especially if using virtual machines. Setup is a breeze compared to other VPN solutions.

    Controls is a lifestyle not a job

  4. #4
    Join Date
    Jan 2008
    Location
    In the work truck
    Posts
    3,250
    Post Likes
    Thread Starter
    Thank you Orion for the detailed reply.

    Have you set up the ER for as an OpenVPN server?

    I am working still so on brain overload. Ill digest the rest of what you wrote tomorrow. Just curious if you got the Open VPN server working and what/ if any struggles you faced with that procedure.
    Gotta have the right tool for the job!

    Where is all the stuff MADE IN THE USA?

    "Thats what we do Troy. Incredible, Invisible, Imbelivable things. We are an Unseen, Unknown, Unvincible fraternity of craftsman.."

  5. #5
    Join Date
    Jan 2008
    Location
    In the work truck
    Posts
    3,250
    Post Likes
    Thread Starter
    klrogers, so you prefer the softkey. Good to know! Thanks
    Gotta have the right tool for the job!

    Where is all the stuff MADE IN THE USA?

    "Thats what we do Troy. Incredible, Invisible, Imbelivable things. We are an Unseen, Unknown, Unvincible fraternity of craftsman.."

  6. #6
    Join Date
    Jan 2003
    Location
    USA
    Posts
    5,197
    Post Likes
    Quote Originally Posted by Pascone10 View Post
    Have you set up the ER for as an OpenVPN server?
    Several. Remote site dial in and remote site phone office VPN, both sides behind NAT. I also use an ER8 at home. I spent a good 8-16hrs to setup the few different use cases required, but the cost per device out weighs the labor pretty quick if you need more than one. Once you have a working config, its just a restore and tweak on the next units. Peplink PPTP takes less than an hour to work out with win7-10. After the first, about 5 min.

    At some point I'll put something together explaining typical BMS setups, but that's got 4-5 half finished projects ahead of it in the queue.
    Last edited by orion242; 08-14-2018 at 09:13 PM.
    Propagating the formula. http://www.noagendashow.com/

  7. #7
    Join Date
    May 2017
    Location
    Boston Area
    Posts
    5
    Post Likes
    I had tested out the TosiBox, and it's by far the easiest way to implement a VPN, but they are very expensive, especially when you consider that your client, and anyone else there who needs to be able to access the system from different machines will also need to buy a hardware key.

    Contemporary Controls actually just released a router with a built in OpenVPN server (EIGR-V) which I had the honor of helping to beta test a little. It's really a great little device and I like OpenVPN. Whoever sets up the router will definitely need to know a thing or two about using OpenVPN but overall I'd say it's not half bad, and setup after the first try will become much easier.

    The ultimate low cost solution though would probably be something like a Nano Pi Neo running Ubuntu Server, if you're not afraid of the command line and can follow a guide it should only take a few hours to get your own VPN server running, I have one of these sitting under my desk at home running an OpenVPN server I use when I'm on public wifi, I added a $15 usb powered micro switch and I have an incredibly cheap and effective VPN router.

  8. #8
    Join Date
    May 2009
    Location
    SC
    Posts
    2,187
    Post Likes
    Ubiquiti ERX as OpenVPN client reaching back to our data center for an always on portion of the BMS system. I spent a lot of time getting it set up and secured but I think it was worth it to be able to use a $50 router and whatever ISP happens to be in the area to get it to work. We even have four sites on verizon now.

    Have also used Contemporary Controls BAS cloud in the past and it worked well too. Has monthly fees and the router portion is rather expensive for what it is. Underlaying tech is again OpenVPN.

    I do plan to put the info out there on how I did our solution but it's super dry at the moment with no pictures or diagrams. Does have lots of background on what we are doing and decisions made too. Just no time to work on it at the moment.

    I have had just about every single rep we have approach me about some sort of secure remote access device but most are super expensive or have recurring fees which our management didn't seem interested in.

    Edit:
    also this caught my attention recently; https://www.ccontrols.com/enews/2018/0818story3.htm

    I think my main complaint with these specialized routers Contemporary Controls is selling is they don't get firmware updates. For the EIPR-V models that I have CC doesn't post anything and they don't update or check for updates automatically. Security appliances that never get updates are sort of a red flag to me. If I have to contact support and beg for an update that's a fail. What I want is a distro list I can sign up to and an easy download page to get them. Ubiquity nails this, they will even let you participate in betas.
    Last edited by MaxBurn; 08-15-2018 at 02:55 PM.

  9. #9
    Join Date
    Sep 2002
    Location
    Hampton Roads, Virginia
    Posts
    1,996
    Post Likes
    Quote Originally Posted by MaxBurn View Post

    I do plan to put the info out there on how I did our solution but it's super dry at the moment with no pictures or diagrams. Does have lots of background on what we are doing and decisions made too. Just no time to work on it at the moment.
    When you do get the time to put this information together I would certainly like to see it.

    Thanks

    Controls is a lifestyle not a job

  10. #10
    Join Date
    Feb 2013
    Location
    Central Pennsylvania
    Posts
    78
    Post Likes

    Lightbulb Untangle NGFW

    I use Untangle. It is well supported (paid & unpaid), good community forum as well.

    It is continuously updated, and they tell you what they are up to and why. Very responsive to CERT alerts.

    It is billed as a "Next Generation Firewall".
    It is based on Linux, and will run older machines ~2MB RAM
    It is free for the download, other apps are paid subscription, but OpenVPN Server is in there.
    The graphical user interface is wonderful and ties the configuration for all the open source tools gracefully.
    I can't estimate your time to set it up 2-4 hours for the whole package, I guess, for the first time.

    They have inexpensive appliances, as well.

    https://www.untangle.com/get-untangle/

    disclaimer: I am not affiliated with them, but I have been known to volunteer time for the community support effort.
    I use it to protect my network at home, and at a non-profit facility.

  11. #11
    Join Date
    Feb 2005
    Posts
    1,671
    Post Likes
    looks like they use qotom h/w for their smaller appliances.
    I have a few of those mini pcs qotoms that I use for other purposes and they are pretty awesome.

    I looked the untangle command center cloud app, a bit pricey, do you use that? can do do server to multi-site grouping of the appliances and form one VPN across multiple remote sites?

  12. #12
    Join Date
    May 2009
    Location
    SC
    Posts
    2,187
    Post Likes
    A word on Qotom, they don't seem to ship firmware updates, ever. I got one before the whole Spectre thing hit and nothing Qotom so far. May not matter in this single user setting but just not suitable in a business setting due to this IMO.

    Maybe look at Shuttle for that, my DH110 has at least the first round of BIOS updates for Spectre last I looked.

    Meanwhile the very next email in my inbox;
    https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-10-6/ba-p/2466640

  13. #13
    Join Date
    Jan 2003
    Location
    USA
    Posts
    5,197
    Post Likes
    And the version before that was 6-27-18. Constantly updating, exactly what I want in network gear on the edge of the internet.
    Propagating the formula. http://www.noagendashow.com/

Page 1 of 8 12345678 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Contracting Business
HPAC Engineering
EC&M
CONTRACTOR