Best way to set up a VPN for a small office

Are the offices related?
What servers exist at each location?
What Hardware router/firewall exists at each location?
The ISP;s in use does either side have a static IP from their ISP.
Bandwidth?

If these are related offices, can be using the same domain, but one is the HQ and one is the Branch. and each has their own local AD DC.
using DFS might simplify things. the Servers will replicate between them, while the users will be accessing their local copy,

one could have two Shares for each branch that replicates to the other, to avoid the two people working on the same document at each location.

Using a firewall such as a sonicwall which commonly comes with at least two site to site VPN options. and possibly a certain amount of remote VPN (user remote access to one or both ...)

In the age of ransomeware, windows shares and VPN based access should still limit the type of access....


For a single user at each side, have you looked at using MS office, onedrive for business as the intermediary through which to share documents securely?

Arnold,

Both offices are related in that they are owned by the same company.

There are no servers.  There is just one simple Win10 PC at each office they use for Quickbooks and email and web browsing etc.

All they have is the basic router that Centurylink provides at each office.  Nothing high-tech, and I think just the next step up from old DSL service.  Note that this worked fine with the Radmin software VPN

Neither have a static IP from their ISP, and I'm not sure if Centurylink even offers static IPs.  Note that I did not need static IPs with the Radmin software VPN.

I don't know what DFS is, but since they don't have any servers I assume this would not apply?

I'm not looking for replicating, but simply the ability for the Office 1  PC to map a drive letter to the share on the Office 2 PC--just as if both computers were in one office both connected to a switch.  This is what I was able to do with the Radmin software VPN, but it was not reliable.  Now I want to get away from software VPNs and go with some type of hardware that will do a more reliable job per my questions.

You need to buy a harsware firewall that provides VPN support
Much depends on your reliability and complexity. I think the you can look at zyxel or cisco retail router that include a firewall/VPN/
rv160, sonicwall Z180 or the like.

mapping drive means the credentials on your side are allowed on the other side.

What is being shared?
the Quickbooks file/s?

As you can see this is a very simple setup in terms of the equipment they have and with the software VPN setup from Radmin.  What is the simplest and lowest cost routers I can get for the customer that will do the job?

Is there one you recommend that does not require an annual subscription?

Will these replace their existing Centurylink routers?

With whichever one you recommend, exactly how will I get learn how to set it up, keeping in mind that I (obviously) know nothing at all about how to set up a hardware VPN?  Do any of the vendors offer paid tech support where you can you can actually understand the tech on the phone, and who will lead me through it step by step?

Most simple way for LAN to LAN VPN, and also most cost effective way, including a very simple setup, it to use Draytek routers.

Are you looking for a good experience or a crappy one?  Sharing files (besides Word docs and small excel files) with a VPN is problematic at best.  Your LAN network would almost certainly be connecting to computers in the same physical office at speeds of 1000 Mbit. I don't know what kind of service (throughput) centurylink offers, but MOST ISPs offer VERY limited upload speeds (FiOS being the exception I know of). UNLESS you're using something business class in nature costing $500-$1500 PER MONTH at EACH SITE JUST for internet!  What this means is that while your download speeds may be high - 100 Mbit or better, maybe even 400 Mbit, your upload speeds COULD be as low as 10 Mbit.  This is painfully slow to open documents.  And you mentioned quickbooks - YOU DO NOT WANT TO USE QUICKBOOKS OVER A VPN.  Certainly not a slow one.  And frankly, I wouldn't want to use it over a fast one either.  Quickbooks is AWFUL with it's network performance.

Once you've confirmed your upload and download speeds are acceptable (AT LEAST 100 Mbit on each, at BOTH offices), then you could look into setting up the site-to-site VPN.

Assuming you have acceptable internet speeds, I use Untangle as a router and while the paid version has a LOT of features you likely SHOULD be using (and requires an annual subscription), the FREE version includes OpenVPN which can be easily setup for site-to-site configurations (you'd need Untangle at both sites or to play with OpenVPN configs).  Untangle can be installed on an old PC with two network cards.

What is probably a better solution is to setup a VPN server at one end and a client-based VPN that gets installed on the PC.  This is potentially slower than hardware based, site-to-site VPNs, BUT, you don't want to opening files.  Instead, just have the user RDP into their remote computer (Remote Desktop).  This requires the remote computer to run a PRO version of Windows 10, but then everything is done on one computer all the time.  The same programs are there, he's just transferring the mouse, monitor, and keyboard to the remote location.  This is by far a simpler, cheaper solution that doesn't potentially require new hardware, new software (other than MAYBE an upgrade to a Windows Pro version) or tricky configuration.

Or use some other remote access software like Splashtop.  For ONE person needing access to things, this really is the best solution in my opinion.

They are using a proprietary app named Remote Bale Entry from eCotton Inc. which has to be installed on a computer at Office 2 where its small files are in a shared folder, and the only way for Office 1 to access those files is by mapping a drive letter to that share.  The import process is slow using Radmin software VPN at every cotton gin where I have set this up, but the slow speed is not a problem.  For this gin they have intermittent problems with data integrity, and I don't know why, so that is why I want to try a more "normal" hardware approach.

So due to the app requirements, unfortunately I can't use a file transfer app such as Splashtop.  I wish I could.

If I buy two of these devices, one for each office, I assume they will be replacing the existing routers?  If someone will clarify this for me I do need to know.

For small rural offices like these, are local ISPs normally OK with a customer using their own router?

So if I go with Draytek or Untangle or Sonicwall or anything else, how will I learn how to use them without spending everyone's time here at e-e with me asking for help?  Exactly how will I get learn how to set up the VPN from end to end, keeping in mind that I (obviously) know nothing at all about how to set up a hardware VPN?  Do any of the vendors offer paid tech support where you can you can actually understand the tech on the phone, and who will lead me through it step by step?