We’re currently using openvpn, which has been working well for many of our employees, but not so much for our Mac users. (No need to discuss why that is the case here.) So, we’re considering other options, both paid and open source. What is your favorite VPN for remote employees, including traveling warriors? Please note, I’m looking at full VPNs, not just SSL-VPNs, or the like. It would need to handle lots of types of traffic including: SSH, VOIP, DB, Web, etc.
Thanks!
There is not enough detail here to begin to provide qualified answers.
I would recommend getting a consultant to spec out your needs
I would do everything in my power to get VOIP off the VPN.
At an old job a few years ago, we started using NetMotion Mobility VPN and have good luck with it stability-wise and performance-wise. I can’t comment on Mac clients, but I know it’s an option. It’s pricey, but gave us better throughput than Cisco’s at the time and was “always on” from machine boot
VPNs, not just SSL-VPNs
Uhh what? I am not sure how an SSL VPN is not a full VPN, or why it wouldn’t be able to do SSH, VOIP, DB, web, etc…
To answer your question, my first choice would be the VPN client that comes with the business/enterprise grade next gen firewall you have in front of your company’s infrastructure.
My second choice would be a Windows RRAS server with an L2TP or SSTP VPN.
Idk shit but we switched from Cisco to Palo Alto and it’s soooo much better for me working at home. Don’t use voip. So idk bout that but I’d guess it’s supported.
We’re a pretty small local company too but we run enterprise on prem stacks.
Ever since we switch all my connection issues went away and no more login I just click connect abs everything works.
Anyone that’s using correct encryption algos and is reliable software with support or hardware
Who makes your public facing edge firewall?
I would be happy to recommend Blokada 6 as a solid & privacy-friendly VPN.
Blokada is a popular ad blocker application that also offers a VPN service.
One of the main advantages of the Blokada VPN of the Blokada VPN is that it is integrated with the Blokada Adblocker, which makes things simpler. Additionally, it doesn’t keep any logs of your online activity by default, which further enhances your privacy.
Disclaimer: I am part of the Blokada team!
You know, I get that nobody here would be able to know exactly what would work for us and what wouldn’t, but at the same time, if you’ve had a vpn that you think I might consider, I would still appreciate knowing about it. I don’t think you need to worry that I’m just going to simply install anything suggested here without further investigation. We’re just looking for ideas.
I would also note, that it seems to me that this kind of answer could be used on just about any question in this sub. Obviously nobody asking questions here is looking for the kind of help a paid consultant could offer. I’ve used paid consultants, and they are awesome when we have the need. But I’ve also appreciated what I’ve learned from a supportive community who are happy to share their experiences, knowing that they may or may not be entirely relevant to the situation at hand. There is a place for each.
I felt that way as well, but we actually haven’t really seen any issues with voip. It seems to be holding up just fine.
Used this with Windows for years and like it a lot. We pay about $100/device/year.
It’s now called SecureAccess and owned by Absolute Software
NetMotion Mobility VPN
I’ll look into it, thanks!
Another vote here for netmotion. We have it deployed to several hundred users and it’s flawless. Upgrades of the server and client components are very easy. And they have so far managed to maintain great customer service after being purchased by absolute.
Sorry for the confusion. My understanding of the definition of “SSL VPN” is consistent with what is on this page: https://www.f5.com/glossary/ssl-vpn
According to this definition, SSL VPNs really only help give you access to resources that can be accessed via a web browser. Give how much you can do with a browser, these days, you may indeed be able to make calls and such through an SSL VPN, however, we are looking for something that isn’t restricted to a browser.
Thanks.
I appreciate your answer.
Still not enough detail.
If you just want ideas
Meraki
No problem. Out of curiosity, which client were you using on your Macs for OpenVPN? Tunnelblick?
The second part of that definition:
network-level access via an SSL-secured tunnel between the client and the corporate network.
An SSL VPN is just a VPN that operates through SSL.
SSL VPNs really only help give you access to resources that can be accessed via a web browser.
We are using Fortigate firewalls at my org.
The forticlient software supports IPSEC and SSL vpn, and ssl vpn options for Web mode (like you describe) and “full tunnel”
We prefer to use IPSEC. SSL VPN (full tunnel) gives the same level of access. Did some testing on web mode for some web based app but did not work as good as I hoped for
Yup. It seems that when a mac is on wifi, from time to time the dns settings will get messed up and they’ll need to restart their connection. One might think this is a fairly small issue, and for many it is. But for others, well, it seems it is not so small. ¯\_(ツ)_/¯