Considering the current circumstances caused by the pandemic, a lot of employees are working from home and corporate VPN solutions are a must in order to ensure the security of communication between employees and company resources.
This website is mostly focused on personal VPNs, services provided by commercial VPN companies for privacy and security purposes of individuals. This article doesn’t highlight any benefit of using such services for business purposes. Actually, we find it rather better not to use such services as they aren’t designed to be used for business wise purposes.
Secondly, many corporations already have support for VPN connections using commercial-grade solutions. This won’t be covered, either.
The VPN solutions listed in this article might come useful to those who run small/medium-size businesses and are looking for free/cheap, easy to use VPN connectivity for their employees. Such solutions should be easily deployed and managed.
Installation and usage instructions are not included, but you can find many of resources/HOW-TOs in this regard.
SoftEther
SoftEther VPN is a free open-source, cross-platform, multi-protocol VPN client and VPN server software. It’s easy to install and manage, it runs on most common platforms such as Windows, Linux, Mac OS and mobile. SoftEther supports the most well known VPN connection types like OpenVPN, IPsec, MS-SSTP and others.
For server-side, it comes as software running both on Windows and Linux. So you can install it on pretty much any server, be it on-premise or hosted with a 3rd party (e.g. Cloud Service).
pfSense
pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, VPN support and more.
It is based on FreeBSD and has a very intuitive web-based GUI. It can be installed either on bare-metal servers, or as a virtual machine.
pfSense supports OpenVPN and it is quite easy to configure an OpenVPN server on it, then add the peers (clients). OpenVPN is very versatile and runs on pretty much any platform, like Windows, Mac OS, Linux, ChromeOS, Android, iOS and more. It isn’t supported out of the box on any OS except for Linux/*BSD/ChromeOS, but there are client apps available for all supported operating systems, such as OpenVPN GUI on Windows, TunnelBlick on Mac OS, OpenVPN For Android/OpenVPN Connect on Android, OpenVPN Connect on iOS.
Since pfSense can be used as a virtual machine, one may consider the scenario of deploying it on a cloud solution in order to act as a VPN concentrator, then limit the access to your corporate resources based on firewall rules and only allow connectivity from the pfSense cloud instance. In such scenario, it should run fine with many cloud/VPS hosting services. One that officially supports it is Vultr. Also note that pfSense isn’t a resource hog, so it runs fine even on a 1GB RAM cloud instance. Though, even if a 1GB machine comes cheap, at $5/month, you should look at the traffic included with each plan and choose accordingly, based on your traffic estimate. The good news is that you can upgrade at any time and choose a higher tier plan which comes with more traffic, or negotiate with the cloud provider for a custom package based on your own traffic needs.
OPNsense
OPNsense is a solution quite simialr to pfSense, but its advantage comes with the support for WireGuard VPN. WireGuard is arguably easier to configure and manage than OpenVPN, and it is supported on most platforms just like OpenVPN.
All listed solutions are good, actually very good for a sysadmin looking at a low budget way to implement a VPN for home working. I’d recommend MikroTik too. It is rock solid and very cheap. Once you get it to work to server your purpose, you’re not going back trust me.
indeed, Mikrotik is rock solid and extremely fast for its price. It can be a pain to get it configured right, but once done it just works.
I second MikroTik. It is supporting WireGuard VPN in beta firmware and it works great. Its only minor problem is that the WireGuard server port can’t be set in GUI but through CLI only. I guess they forgot to implement the port option in GUI xD