The best point-to-point VPN?

Question

I'm working with a contractor in a different country.

We need some method to add his machine to the local network, using a point-to-point VPN.

Unfortunately, Hamachi, while very easy to use, creates stability problems as he is using Windows 7.

Whats the best method for us to use?

score 7 · Answer 1 · answered Jul 07 '09 at 12:39

7

You've tagged your question "OpenVPN", which is exactly what I'd suggest using. I've run OpenVPN on Windows 7 x64 with no problems, beyond needing to choose "Disable Driver Signature Enforcement" when starting Windows. The OpenVPN GUI needs to be started elevated in order to alter the machine's routing table, as well.

OpenVPN is pretty easy to setup with static keys, and only marginally more difficult to setup with certificates.

http://openvpn.net/static.html - Static key mini-HOWTO. Not recommended for security, but a great way to get a feel for how OpenVPN works before diving into simple PKI.
http://openvpn.net/howto.html

answered Jul 07 '09 at 12:39

Evan Anderson

141,881
20
196
331

1

I've also had great success with OpenVPN. Don't let the PKI scare you off. It's worth setting up from a security point of view. There is a NIS package for OpenVPN which you can customize if you need to do a rollout beyond this one person. It includes the "My Certificate Wizard" which you can customize and with that and a little documentation in a wiki users can generate their own certificate requests for you to sign. This is helpful if they aren't local for the setup b/c it is one way to prevent having to send their cert key over an untrusted network. – 3dinfluence Jul 07 '09 at 12:44
+1 re: not letting the PKI scare you off. People really should know how a PKI works anyway. It's dead simple math, but most people seem to be scared of it. – Evan Anderson Jul 07 '09 at 12:54
Tried OpenVPN but its so impossible to set up that we gave up. Another friend of mine who's a professional sys admin said a swear word when I mentioned OpenVPN as he never managed to get it working either. – Contango Oct 19 '09 at 22:06
@Gravitas: Sorry to hear that. I've had pretty good luck with it, and rather like how it's configured (re: the PKI, "pushing" options at clients, configuration in a text file). Fortunately, there are other things out there. – Evan Anderson Oct 20 '09 at 01:58

score 1 · Answer 2 · answered Jul 07 '09 at 12:19

1

If its at a static location, I really prefer hardware based point to point VPN. I like the Linksys (Now Cisco small business) RV042, they have served me well in the past, really reliably, and allows a fair bit of configuration.

answered Jul 07 '09 at 12:19

SpaceManSpiff

2,547
18
20

I actually own some Linksys branded equipment already (the WRT620N - but I don't think it does VPN). Question: if I purchase the RV042, do I need 2 of them? Or just one plus some software on the other end? – Contango Jul 07 '09 at 19:35
No, you can setup oine RV042 in your office and then have the contractor connect using their computer. It has more then one option for that as well. You can use the QuickVPN client which is based on IPSec, I've had mixed luck getting that to work. Or you can use the Windows PPTP client as well, which works pretty good. You in theory could also use any other IPSec client if you really want to and have nothing better to do for the next month. – SpaceManSpiff Jul 07 '09 at 23:17

Contango · Accepted Answer · 2009-10-19T22:21:19.147

0

We ended up setting up port forwarding on the router for the specific services we needed, and Hamachi 2 while we got the port forwarding working. Hamachi 2 is slow (seems to be limited to 8kbyte/sec), but it always works (unlike Hamachi 1, the subject of the original question).

edited Oct 19 '09 at 22:21

answered Oct 19 '09 at 22:13

Contango

1,150
5
15
31

The best point-to-point VPN?

3 Answers3