• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 678
  • Last Modified:

Is Openvpn Access Server a good option for remote and site-to-site VPN?

A client has two branch offices in different geographical areas that need to be connected to their headquarters, via VPN, primarily for data backup purposes.

The backup application is going to run on an in-house Windows server in the headquarters. The I.T administrator at the hq will log in to the systems at the branch offices remotely and perform the backup manually.

My original idea was to put UTM boxes in each location to create the VPN, but after looking at the OpenVPN Access server from Openvpn.net, it looks like it could do the trick for a much lower cost.

Does anyone here have any experience using OpenVpn Access server? Would you recommend it for my purpose? It looks like we will have to use the Virtual appliance as we will be running it on a Windows Server.

Thanks in advance.
0
scmeeven
Asked:
scmeeven
  • 2
  • 2
2 Solutions
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
For backup and maintenance purposes the free OpenVPN community edition should suffice, and that can be run on Windows, either in a point-to-point or client-server configuration. Both will allow full routing, but no firewalling.
The free edition is less comfortable, but still nothing difficult to set up.
BTW, Astaro hardware firewalls are one of many manufacturers who incorporate OpenVPN into their products.
0
 
scmeevenAuthor Commented:
@Qlemo, thanks for your comment, especially the point about the free edition allowing full routing but no firewalling.

At the moment, the client has no firewall at all in their central office, so it's an open connection.

Does the commercial edition of OpenVPN have firewalling capabilities?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The site says:
OpenVPN Access Server supports  a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control.
That is, you can secure remote access via OpenVPN, but nothing else. It is not a full-size multi-purpose firewall solution.
As said, if you just want to allow access, not restrict remote resources by user groups, you do not need Access Server.

I'm not clear about what the VPN is for (now), and what it should be capable of in the future. As-is, very simplistic approaches are sufficient, like Windows VPN (PPTP), which comes at absolutely no costs and with minimal setup effort.
However, not having a firewall in the HQ makes me quiver if it comes to always-on connections. It doesn't matter for the occassional Internet access, but whenever you want to do connect from outside, you'll usually need something able to protect the innocent, and restrict general availability of services.

And that is another point. If you need to contact a remote site, you need something able to forward dedicated traffic. Imagine you want to contact a VPN service, which is not hosted on the device managing the connection to the Internet. How should the device know where to send the request to?
Low budget routers allow for simple forwarding rules, and that might be enough here (for now). E.g. they can be configured to forward all inbound PPTP related traffic (to implement Windows VPN) to a single PC running the VPN server (RRAS). You would not be able to restrict that on the router, to allow only connections from the HQ, so using strong passwords and stuff is a requirement (else they will end up being hacked some day).
0
 
scmeevenAuthor Commented:
@Qlemo, thank you for the additional insights into the subject. They are helpful and I appreciate it very much.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now