We help IT Professionals succeed at work.

I need a reliable VPN solution

fixitnick asked
Hello fellow techies,

I'm look for a RELIABLE vpn solution for an install.  I have a two part question.  Let me give a brief explination of the situation and network.  I have a client that has a Mac Pro network in her office.  This network consists of 2 Mac Pro systems, gigabit switch, NAS, Time Capsule, cable modem 1/10mbps, static IP and multiple printers.  They backup to the Time Capsule several time daily.

The client would like to also setup a Time Capsule or NAS at thier house to provide offsite backups & redundency.  They would also like to access thier office NAS via the web or VPN.

I'm considering setting up the NAS for FTP to provide file access out of the work office.

Can anyone advise on a reliable VPN router around the $400 price range?  Can anyone advise on setting up two Time Capsules in remote locations via VPN?

I assume I'm going to need a VPN router or appliance in both the work and home location for a "always live" connection. (please bear in mind that the home location has a dynamic IP).  

I'm just not sure how the two Time Capsules would work with each other.

I know that some cheaper "off the shelf" VPN routers are not so reliable.  

I'm sorry but, I don't really work on Mac networks and this is a little different for me.  I must say though; the more I work on this network the more the Mac OSX is really interesting me.  It's kinda like learning everything all over again.

Thanks in advance for any advice.
Watch Question

The SonicWall TZ100 offers the ability for site-to-site VPN connections, and i believe you can have the "remote" site on a dynamic connection.  I know for sure that Cisco has many routers that are able to perform site-to-site with a remote dynamic.

You would need to make sure the two locations are on different IP subnets.  Like 192.168.1.x at the office and 192.168.2.x at the  house.  The time capsule should have the ability to enter the address of the remote capsule for synchronization.  You would static-assign to the capsule at the office and (for example) at the house.  With the vpn setup between the SonicWalls, the devices should sync without a problem.

The site-to-site VPN config on the SonicWalls are Wizard-based and quite simple to construct.


I have researched the SonicWall TZ series and it does appear to a good solution for my situation.
Can anyone verify that the remote site can operate with a dynamic IP address?  As an example: If I buy two TZ100... one on a static and the other on a dynamic.

rehamris: I believe that the with the time capsule you have to point the software "time machine" to different IP addresses.
I'm sure that someone else out there know more than what i'm figuring out alone.

Any additional advise?

Sonicwall Knowledgebase to setup a Site-to-Site VPN with one site using dynamic ip address:   http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7895

Note that the tech notes there require SonicOS Enhanced version of the SonicWall software be running at the site with the static IP Address in order for this to work.  
nappy_dThere are a 1000 ways to skin the technology cat.

NOTE Sonicwalls will cost you at least $300USD per site for the TZ100 and then you may want to include a wireless version to which the price then goes up.  The Enhannced OS is an additional charge on top of that.  WIth this option you are looking at around $800 re: http://www.cdw.ca/shop/products/default.aspx?EDC=1837638

A lower cost solution is:
- the Buffalo WHR-G300N unit http://www.cdw.ca/shop/products/default.aspx?edc=2024841&enkwrd=ALLPROD%3a%28whr-g300n%29
-Add the DD-WRT special router firmware http://www.dd-wrt.com/shop/catalog/product_info.php?manufacturers_id=&products_id=31

This will total around $200.  

Here is a list of features for the DD-WRT firmware which includes VPN(PPTP) and other features such as QOS for prioritizing traffic.

Now Time Machine does not play well across VPN and subnets.  You may have to manually mount the necessary volume across the WAN for it to be properly connect, which is a pain as this would have to be done every time you restart your computer.

Things to consider with WAN backups:

- The first backup is the biggest and even on a 1Mbps stream the data transferred is huge(in the GIGs), depending on the install.
- Restoring data from across a WAN is also equally slow if you have alot of data to restore.
- You may want to consider local backups and transport it off site nightly.