VPN for a small organization [closed]

I am in charge of a small office network that has < 10 users. I want to be able to offer them access to the network from their home internet connections. At the moment we have a regular ADSL-router-firewall to provide local network access and a fixed IP address.

I know there are enterprise-level VPN solutions, but these obviously won't be available to us because of the cost and complexity.

What small-scale solutions are around that you could recommend, what would we need to deploy on the client side, and what would the clients need to do to access the VPN?

Simplicity and low cost need to be the keys here.

Thanks

I'd recommend looking at something like Untangle. It's a UTM that offers a free module called "Open VPN." Since you're a small business, this might be perfect for you because all of the default software (including Open VPN) is free. They do offer some modules and support services that require a license, though.

OpenVPN : open source, cross-platform, proven & documented

(You will need to deploy it on a server and on clients with the proper configuration)

how does FREE sound to you? :)

The Vyatta Community Edition (VC) is award-winning, Linux-based, open source software providing routing, firewalling, VPN, intrusion prevention, and WAN load balancing services, among others, for your network. When you run Vyatta on a standard x86 hardware system, you'll create a powerful network appliance that can run circles around proprietary systems.

well, you'll need a spare box but the software is free.

There are plenty of different ways to accomplish this. Most versions of Windows (yes, even XP Home), allow for a VPN connection to take place. To do this you create a new network connection that allows for incoming connections, and make sure the IP addresses they are assigned are on your local network.

If you have an extra computer laying around with >512MB RAM, you could try setting eBox as your main router/gateway. It supports VPN connections as well as file sharing, password authentication, etc.

If you have a computer with more than 1GB RAM, try untangle, as Russ mentioned. I found it a little easier than eBox to setup, but a lot of the cooler modules require $. The basic software and modules are free, however.

If you don't mind replacing your router, check into purchasing a Linksys WRT54GL. The benefit of this device is that you can put the DD-WRT firmware on it, which allows for advanced network setups including vlan's, wireless bridging, and VPN's. The WRT54GL will set you back about $60, and the DD-WRT firmware is free, so this is a rather inexpensive option.

Because your office is so small, I would recommend using an SSH tunnel instead. I won't go into too much detail, but when you create a VPN tunnel, there is a chance of all network traffic going from the home network to the work network. This becomes a problem when the home machines are infected with trojans/virii/malware. With an SSH tunnel, only specific traffic gets forwarded to the remote machine. So when the users browse the internet, their traffic never hits your network. But when they want to remote control their own machines, the traffic goes to the work network.

Good luck!

Smoothwall. Wonderful firewall, gives tons of control, and Zerina allows client->server VPN connections and works great. (Uses OpenVPN).. At my work, I have it set up on an old P3 with 256mb of ram, serving about 7 users, and there's no issues at all.

Realize of course, if you do this, you should put a policy in place that requires all users that connect via VPN to keep an anti-virus running and up to date with a full system scan at least once a week. And other various things...