Author Topic: Setting up a VPN to telecommute - how do I do it?  (Read 3249 times)

frugalnacho

  • Magnum Stache
  • ******
  • Posts: 4033
  • Age: 37
  • Location: Madison Heights, Michigan
Setting up a VPN to telecommute - how do I do it?
« on: January 12, 2016, 02:53:28 PM »
The set up we have at work is one computer running windows server 2008 that is hosting all the files we need.  All the other computers in the office connect and work from this "shared drive".   

We have one guy that is a project manager and lives on the other side of the state about 3 hours away, so he rarely comes into the office.  He spends about 60% of his time in the field, and the other 40% he works from his home office.  It's a stupid cluster fuck and we are constantly emailing data back and forth.  It would be so much easier if he could simply connect to the shared drive via the internet, and have access to it the same way I do from my office.  Then he could retrieve any spread sheets or data he needs, and he could also park the data on the shared drive after he is done.  It would also be useful for the other project managers to be able to park the data they collect in the field on the shared drive from either their hotel room, or their home.  I think those are very compelling reasons to set up a VPN, plus it would then give me an excuse to telecommute once in awhile, although that is not driving my desire for a VPN.

So how would I go about setting up a VPN properly?  Will it require the purchase of new equipment?  I spoke with an IT professional and was unofficially quoted what I thought was an astronomical sum ($5k+) to set one up "properly", but I lack the knowledge and know how to comfortably set one up on the company equipment.  I'm sure my bosses would not approve of a $5k expense for this, but if it could be done much more economically I might be able to convince them.  Hoping some mustachians can guide me in the right direction rather me me wandering around the internet looking for information I need.

ketchup

  • Magnum Stache
  • ******
  • Posts: 4247
  • Age: 29
Re: Setting up a VPN to telecommute - how do I do it?
« Reply #1 on: January 12, 2016, 03:07:09 PM »
"IT professional" here.

Where I work, we use a Dell SonicWall firewall and their Virtual Office and NetExtender to do remote sessions and VPN.  We have an older one but it looks like new ones start around a few hundred bucks.  It's also possible you already have something in-house that could do the trick.

Of course, you have to set it up to get it working correctly and securely.  Do you not have IT personnel in-house?

BDWW

  • Pencil Stache
  • ****
  • Posts: 592
  • Location: MT
Re: Setting up a VPN to telecommute - how do I do it?
« Reply #2 on: January 12, 2016, 03:21:10 PM »
How much data?

If it's just spreadsheets and small amounts of storage, I would look to cloud storage rather than a VPN unless you need access to other network resources.

Also, how secure does it need to be?  A PPTP VPN is dead simple, and widely supported. Unfortunately, if it's very sensitive data, it wouldn't be considered secure enough. IPSEC and other VPNs are considerably more work.


frugalnacho

  • Magnum Stache
  • ******
  • Posts: 4033
  • Age: 37
  • Location: Madison Heights, Michigan
Re: Setting up a VPN to telecommute - how do I do it?
« Reply #3 on: January 12, 2016, 03:22:16 PM »
No, I am the IT professional here.  I'm not an IT professional by trade obviously, i'm just the most tech savvy person at the company.  I do all my own networking and computer stuff, but it's all personal level stuff.  They were using a shared folder on a windows xp computer when they hired me, but once we had more than 5 employees there were connection issues.  I purchase the windows 2008 server about 7 years ago, set it up, created and ran all the ethernet cables, set up and secured the wireless network, created scripts to automatically back up the shared drive multiple times a day to multiple sources*, and installed a firewall** between the modem and the rest of the office computers.

*I'm glad I decided it was critical to backup the data, and have multiple non-connected drives with the data.  We've survived a computer virus that infected most of the computers including the server, as well as multiple instances where data inexplicably goes missing (user error).  We now have antivirus on all the computers (I never personally used anti-virus [I do use microsoft security essentials now] before, I just practiced safe browsing habits.  Obviously my other coworkers need AV though).

**When I went to check what model firewall we have it's a netgear FVS318N VPN firewall.  I'm guessing this bad boy has VPN capabilities built in?

frugalnacho

  • Magnum Stache
  • ******
  • Posts: 4033
  • Age: 37
  • Location: Madison Heights, Michigan
Re: Setting up a VPN to telecommute - how do I do it?
« Reply #4 on: January 12, 2016, 03:26:39 PM »
The entire shared drive is pretty large, like 100GB, but most of that is just archived data.  It's everything the company has done since inception 12 years ago.  The actual bandwidth being used to transmit data would be small, just spread sheets and word documents mostly.  Basically small stuff that can be emailed back and forth.  However I think it would be infinitely easier to be able to retrieve/drop the need data into the appropriate sub folders rather than hassle me with emails every day so I can do it manually.

The data is not that sensitive, and I don't think anyone would be interested in actively snooping on it, but obviously nothing short of a secure connection would do anyway. 

big_slacker

  • Handlebar Stache
  • *****
  • Posts: 1353
Re: Setting up a VPN to telecommute - how do I do it?
« Reply #5 on: January 12, 2016, 03:34:56 PM »
If you just want to share non-sensitive docs set up something like dropbox, onedrive, google drive, etc... And have the docs live there.

If you want an actual VPN you can do with with your existing device. Here is the doc on how to do so:

http://www.downloads.netgear.com/files/GDC/FVS318N/QSGVPN_4Apr2012.pdf

What you're looking for is the VPN client part.

I know you're trying to do it cheap, and cheap is what you're doing with the above. A 'real' VPN solution should use a better device and a better authentication method. :)
« Last Edit: January 12, 2016, 03:38:04 PM by big_slacker »

BDWW

  • Pencil Stache
  • ****
  • Posts: 592
  • Location: MT
Re: Setting up a VPN to telecommute - how do I do it?
« Reply #6 on: January 12, 2016, 03:40:23 PM »
The entire shared drive is pretty large, like 100GB, but most of that is just archived data.  It's everything the company has done since inception 12 years ago.  The actual bandwidth being used to transmit data would be small, just spread sheets and word documents mostly.  Basically small stuff that can be emailed back and forth.  However I think it would be infinitely easier to be able to retrieve/drop the need data into the appropriate sub folders rather than hassle me with emails every day so I can do it manually.

The data is not that sensitive, and I don't think anyone would be interested in actively snooping on it, but obviously nothing short of a secure connection would do anyway. 

Security is relative, PPTP is secure and encrypted, but has flaws that could be exploited.

Anyhow, your Netgear probably has either SSL VPN or IPSEC built-in.

Edit: looks like IPSec based on big_slacker's post. IPSec is finicky, but more secure than PPTP.
« Last Edit: January 12, 2016, 03:43:44 PM by BDWW »

frugalnacho

  • Magnum Stache
  • ******
  • Posts: 4033
  • Age: 37
  • Location: Madison Heights, Michigan
Re: Setting up a VPN to telecommute - how do I do it?
« Reply #7 on: January 13, 2016, 11:51:31 PM »
If you just want to share non-sensitive docs set up something like dropbox, onedrive, google drive, etc... And have the docs live there.

If you want an actual VPN you can do with with your existing device. Here is the doc on how to do so:

http://www.downloads.netgear.com/files/GDC/FVS318N/QSGVPN_4Apr2012.pdf

What you're looking for is the VPN client part.

I know you're trying to do it cheap, and cheap is what you're doing with the above. A 'real' VPN solution should use a better device and a better authentication method. :)

Unless we could move the entire shared drive to cloud storage (with 100GB) it would be a major pain in the ass.  The very thing I am trying to avoid is having duplicate copies, and data not consolidated in a single location.  Ideally everyone would work exclusively inside the office building and connect to the one shared drive so there would never be isolated data on anyone's computer other than the server, and no one would have to email documents back and forth, everything would just be accessible to everyone at all times regardless of location.

When I last checked into using cloud based storage in place of a local server it was cost prohibitive and promptly shot down by the bosses.  As wicked awesome as it would be, I kind of agree it's not the best move financially. 

I'll check into the pdf you posted and see if I can get it configured.

frugalnacho

  • Magnum Stache
  • ******
  • Posts: 4033
  • Age: 37
  • Location: Madison Heights, Michigan
Re: Setting up a VPN to telecommute - how do I do it?
« Reply #8 on: January 13, 2016, 11:57:40 PM »
I use dropbox for personal storage between multiple machines, and it's awesome, and would definitely be an elegant solution to not only backing up all our data all the time, but giving everyone access to all the files at all times.  Basically solve all of issues I am seeking to solve with no hassle or maintenance (assuming it works as smoothly as my personal drop box does).  It seems a bit steep though at $15/mo/user, especially with 13 employees.  $2,340/yr is nothing to sneeze at, and would certainly add up long term. 

BDWW

  • Pencil Stache
  • ****
  • Posts: 592
  • Location: MT
Re: Setting up a VPN to telecommute - how do I do it?
« Reply #9 on: January 14, 2016, 12:47:10 AM »
If you just want to share non-sensitive docs set up something like dropbox, onedrive, google drive, etc... And have the docs live there.

If you want an actual VPN you can do with with your existing device. Here is the doc on how to do so:

http://www.downloads.netgear.com/files/GDC/FVS318N/QSGVPN_4Apr2012.pdf

What you're looking for is the VPN client part.

I know you're trying to do it cheap, and cheap is what you're doing with the above. A 'real' VPN solution should use a better device and a better authentication method. :)

Unless we could move the entire shared drive to cloud storage (with 100GB) it would be a major pain in the ass.  The very thing I am trying to avoid is having duplicate copies, and data not consolidated in a single location.  Ideally everyone would work exclusively inside the office building and connect to the one shared drive so there would never be isolated data on anyone's computer other than the server, and no one would have to email documents back and forth, everything would just be accessible to everyone at all times regardless of location.

When I last checked into using cloud based storage in place of a local server it was cost prohibitive and promptly shot down by the bosses.  As wicked awesome as it would be, I kind of agree it's not the best move financially. 

I'll check into the pdf you posted and see if I can get it configured.

Is there a reason the archived data would need to be accessible outside?

At any rate I wouldn't use cloud storage to replace a drive. I use it to augment a network share. Most products allow you to sync folders between computers. So you would set up a cloud client on the network server, and tell it which files(folders) to sync. Then every person that needs to use that data remotely installs the client and syncs the folders to their local(remote) machine. When someone makes a change, it is synced back to everyone who is using the client, including the local(in office) network share.

Once it's set up, it's transparent and you just work the local files.

There's also ways to do this freely, but I don't know how in depth you want/can go. Also, not sure how easy it is on Windows, as I and our company run Linux exclusively.
« Last Edit: January 14, 2016, 12:51:24 AM by BDWW »

frugalnacho

  • Magnum Stache
  • ******
  • Posts: 4033
  • Age: 37
  • Location: Madison Heights, Michigan
Re: Setting up a VPN to telecommute - how do I do it?
« Reply #10 on: January 14, 2016, 08:16:47 AM »
If you just want to share non-sensitive docs set up something like dropbox, onedrive, google drive, etc... And have the docs live there.

If you want an actual VPN you can do with with your existing device. Here is the doc on how to do so:

http://www.downloads.netgear.com/files/GDC/FVS318N/QSGVPN_4Apr2012.pdf

What you're looking for is the VPN client part.

I know you're trying to do it cheap, and cheap is what you're doing with the above. A 'real' VPN solution should use a better device and a better authentication method. :)

Unless we could move the entire shared drive to cloud storage (with 100GB) it would be a major pain in the ass.  The very thing I am trying to avoid is having duplicate copies, and data not consolidated in a single location.  Ideally everyone would work exclusively inside the office building and connect to the one shared drive so there would never be isolated data on anyone's computer other than the server, and no one would have to email documents back and forth, everything would just be accessible to everyone at all times regardless of location.

When I last checked into using cloud based storage in place of a local server it was cost prohibitive and promptly shot down by the bosses.  As wicked awesome as it would be, I kind of agree it's not the best move financially. 

I'll check into the pdf you posted and see if I can get it configured.

Is there a reason the archived data would need to be accessible outside?

At any rate I wouldn't use cloud storage to replace a drive. I use it to augment a network share. Most products allow you to sync folders between computers. So you would set up a cloud client on the network server, and tell it which files(folders) to sync. Then every person that needs to use that data remotely installs the client and syncs the folders to their local(remote) machine. When someone makes a change, it is synced back to everyone who is using the client, including the local(in office) network share.

Once it's set up, it's transparent and you just work the local files.

There's also ways to do this freely, but I don't know how in depth you want/can go. Also, not sure how easy it is on Windows, as I and our company run Linux exclusively.

The archived data is archived in the sense that it is not usually being changed or actively edited, but it is frequently referenced for a variety of reasons.  Any time we do a job for a company that includes previously tested sources we need to reference the archived data.  Or if we do a job that involves the same methodology, etc.  It comes up frequently enough that access to anything less than 100% of the data and old reports would be unacceptable imo. 

I have set up something similar to a dropbox where multiple personal computers were synced up.  I set it up because I wanted my music folder (and a few other things) available to me in 3 locations* and I wanted to be able to add music to any of the locations and have it all synced up similar to dropbox without having to manually transport/add files to each computer.  These were all windows based computers, and initially I had success, but it seems that without constant tweaking of the settings that the functionality eventually breaks down and things stop syncing correctly.   It ended up being more effort, and less reliable, than manually transporting the files with a usb drive so ultimately I gave up.  It still works most of the time, but I have to check on it to verify some of the important stuff is in fact synced across the other computers.

*This also functioned as my back up plan.  I didn't need a separate drive to back up any of my personal files if there are 2 other computers with the same content.   If one computer gets fried I should have 2 complete back ups elsewhere.

Really the main functions I would like to solve with the VPN is being able to have my coworkers directly access the shared drive remotely so they could put the data they have on it rather than emailing me all of it and having me put it in the appropriate folder (or more likely they forget to email it until I go to work on the report and there is no data, so I call them in the field and it's a clusterfuck and I have to wait until they have internet access and they email it to me).  I also would like to eliminate the scenario where they need to work on a report, but are not in the office, so I have to email them all the data, along with any other template spread sheets and word documents they may need, and then when they are done they have to email it all back to me, and I have to delete the old data and replace it with the revised and manipulated data.  It would be much less of a headache if they could just remotely access the drive directly so when I go to work on it I know I have the most up to date version of everything.  It takes time from both parties to do this, and it interrupts my workflow.   I would say one of the these scenarios happens on a weekly basis, sometimes though it's much more frequent.  This week was particularly bad with 2 other people trying to work on the same report.  We ended up with multiple copies of some documents, some documents didn't make it back into the folder at all, and I had to hunt through multiple emails to sort it out, all while not doing the original project I was supposed to be working on.  This week is really what prompted me to set this up because it would have made my week much smoother and less stressful.

big_slacker

  • Handlebar Stache
  • *****
  • Posts: 1353
Re: Setting up a VPN to telecommute - how do I do it?
« Reply #11 on: January 14, 2016, 11:02:28 AM »
Sounds like bubblegum and bailing wire solution it is! :)

I sincerely hope based on experience that you don't end up with many frustrating hours supporting remote user's laptop/wifi connection/crappy hotel internet and the figuring out the logs on the router.

FWIW I wonder about your IT consultant's recommendation. Should be able to find a cisco ASA 5505 or 5506 for under a G and it's under 4 hours consulting time to set it up. What were the details of his proposal?

frugalnacho

  • Magnum Stache
  • ******
  • Posts: 4033
  • Age: 37
  • Location: Madison Heights, Michigan
Re: Setting up a VPN to telecommute - how do I do it?
« Reply #12 on: January 14, 2016, 11:20:05 AM »
Sounds like bubblegum and bailing wire solution it is! :)

I sincerely hope based on experience that you don't end up with many frustrating hours supporting remote user's laptop/wifi connection/crappy hotel internet and the figuring out the logs on the router.

FWIW I wonder about your IT consultant's recommendation. Should be able to find a cisco ASA 5505 or 5506 for under a G and it's under 4 hours consulting time to set it up. What were the details of his proposal?

I have no idea, it wasn't a formal proposal just a verbal ballpark. 

I've been hesitant to jump in and set something up because I was afraid it would end up eating up too much of my time and detract from my other responsibilities.  Occasionally computer issues come up, and I end up spending company time working on it.  I know I take longer than a farmed out IT consultant would because I lack the expertise and experience they do to get it done, but with the prices they charge it still ends up being way cheaper for the company to pay me my hourly rate to figure it all out, and so far in 10 years at the company there is yet to be a problem I haven't been able to get us past.  Plus it gives me a chance to deploy my engineering and problem solving abilities (which feels rewarding), and I feel like I end up getting some "free" knowledge out of it after it's all said and done.

We have been swamped the last few months though, so I probably won't be able to fully dive into this until we slow down a little and I can dedicate a half day or so towards it.  I really hate getting balls deep into a project or problem, and then having to abandon it and shift focus back to my real job.