I have a network that is comprised of our Head Office, 6 remote offices and about 50 to 100 remote users (about 200 users in total). Currently I have Juniper devices at the head office and 6 remote offices so that they are connected as a VPN. The remote users use Shrew VPN to Tunnel into the VPN when they are out of the office. This seems to work well, but the 6 remote officer have very slow internet connections, and no fail over
I am believe that I can replace the Juniper devices with peplinks at all the locations and use SeedFusion VPN Bonding so that I could have 2 or 3 internet connections per remote site combined into a faster connection with fail over support. My problem is the remote workers. How can I sent it us so that they can still VPN into the network? I have not seen any tutorials that covered that, so if anyone can help out it would be greatly appreciated!
That is right, Tim. With a Peplink at each office, we could take advantage of SpeedFusion VPN bonding for a fast and resilient VPN network.
And for your remote users, we could use PPTP VPN. All Balance comes with PPTP server built-in.
On a similar topic, what do you think of a light-weighted, compact endpoint router that supports SpeedFusion VPN? This way your remote users can take advantage of SpeedFusion VPN and they will always have access whenever they need it.
Thanks for your reply. I did see that it supported PPTP VPN, but I did not see anything that talked about how I could combine SpeedFusion VPN Bonding AND PPTP VPN for remote users. Like take my example. What I currently have is:
Data Center (2 10Mbps connections, Juniper Router for VPN)
Head Office (2 DSL connections using Peplink to load balance, Juniper Routers for VPN)
6 remote office (1 DSL, Juniper for VPN)
50 + Remote workers (4G Mobile Internet, Shrew VPN)
All remote Offices and Users connect to the Data Center. If Peplink can do it I would like to replace all the Juniper routers with Peplink devices and use SpeedFusion VPN Bonding at all Offices to provide better fail over and speed.
Something like this:
Data Center (2 100Mbps connections, SpeedFusion VPN Bonding)
Head Office (5 DSL connections, SpeedFusion VPN Bonding)
6 remote office (2 DSL, SpeedFusion VPN Bonding)
50 + Remote workers (4G Mobile Internet, Shrew VPN?)
Can I have the PPTP-VPN AND SpeedFusion both running at the same time at my data center? Is there any guides or examples that talks about what I am trying to set up?
I think there is a place for a light-weighted compact endpoint router. Of the 50 to 100 remote users I have about 15 of them probably work from the same location at their remote sites so having a simple router that supports the SpeedFusion VPN would be a good fit there. The other workers I have all drive around in trucks (Construction workers) and are in and out of them all the time, so having an additional device would be a bit of a pain. It would be nice if there was some Peplink VPN software that could tie into SpeedFusion VPN directly though.
Once a PPTP connection is established, the remote user will be connected as if it was a LAN client physically connected to the LAN port of your DC Peplink and it will have access to the LAN of HQ and other remote offices that are connected to DC Peplink by SpeedFusion.
Peplink will exchange the routes with one another automatically. There is no extra configuration. It is just a matter of configuring SpeedFusion and PPTP then we are up. It is this plain and simple.
Down the road, we will look at remote VPN endpoint and other options. Most enterprise have a mix of locations that have different other requirements. And that is where we are heading. For now, PPTP would be a good software VPN client solution to complete the picture I reckon.
That is what I was thinking of I just was not sure about the PPTP and SpeedFusion both at the same time and if I can simplify by removing the Juniper devices that are currently for VPN. As your diagram shows I will get PepLinks for each site and setup a SpeedFusion Bonded VPN for application and user data, and then establish a separate dedicated connection for VoIP and Surfing data.
I wonder how successful (from a network perspective) that might be? If the user is at home, he likely maxes out his ISP link speed, so it hardly matters if that connection is spread over one or three bindings. When the user calls in from the Overload motel, best to not try too much concurrent net activity, as it will get dropped / lost in an overloaded system. The multi binding VPN could be doing more overhead for dropped packets, than actual new data transfer.
The main reason we looked at the Peplinks (we ended up with a 710 (our thinking was 2-3 ADSL’s + 2 FTTC/P) was the abiltiy to combine cheap ADSL connections, thus removing the need for an expensive pipe (I’m still trying to get one though).
So through any of our current ADSL connections our HQ is able to push out upto 600Kbps, eventually if fibre is ever rolled out (or I can get a bit fat pipe) I could eventually flood my home connection.
But upto this point I belive Peplink is missing a device (or the Balance 20/30 range is missing a feature).
I agree the offerings are a bit spotty. Another fault with the mini Speed Fusion VPN router device that Kurt has suggested. That mobile worker will need to go through the Motel / coffee shop logon on process - a web screen. How will a mini VPN / NAT router do that?
I think they need to start considering software Speed Fusion VPN connections / ends. The PC has more than enough power to run the multi binding and VPN in the background. It would be layered on top of the normal Ethernet, much like an OS supplied VPN operates now.
For those users that Michael mentioned, managers/owners who need to transfer larger files to and from their office SpeedFusion network around the clock and find other VPN options without bandwidth bonding capability inadequate. Something like a Balance 20/30 with SpeedFusion bonding will be a good fit for them.
For other users that Ross mentioned, those who are not as bandwidth hungry who are probably just looking to grab some data or small files from their office SpeedFusion network will simply need a handy way to connect back. Mobility will probably be handy for these users. They can be connecting back form a motel, from a coffee shop or even on the go.
The concern that Ross pointed out - how a VPN endpoint router handles the web login screen e.g. captive portal that motel / coffee shop uses? It actually shouldn’t be any worry at all. There are a number of ways these captive portals redirect a new user to a login screen e.g. by HTTP or DNS even on the IP layer. But either way the web login screen should show up as if you are connecting without an endpoint router in between. The Surf On-The-Go travel router has been around for a while and it has been handling this well since.
For these users, I am thinking something like a cost-effective MAX 700/HD2.
It is true a separate device is an extra device but a software VPN client has it shortcomings. We are seeing more people using smartphone/tablets as their mobile device of choice each day and these smartphone/tablet won’t be able to take advantage of bandwidth bonding over multiple cellular and/or Ethernet WAN with a software SpeedFusion client.
For the good old laptop with multiple USB interfaces plus Ethernet WAN that we can implement a software VPN client for bonding, scalability is one issue. One laptop with 2 USB modems plugged in is fine but for 2 laptops we will need 4 USB modems (2 USB modems for each laptop). The number goes on. A mobile VPN router will come in handy sharing the USB modems for both laptops and provides better bandwidth allocation too.
Personally I don’t like to dial every time when I want to establish VPN. Rather I love the simplicity of a VPN endpoint device that are always-connected. It is a rather seamless experience especially for those on the road and probably on the rush.
I guess at this point I am leaning toward a VPN endpoint device. With bonding and without, at different price points suiting different needs. And this is actually happening sooner you think. Thoughts?
The new MAX On-The-Go is just part 1. Part 2 is for our existing Balance 20/30. But I recall we want to bond bandwidth from 2-3 DSLs, yes? You see, SpeedFusion bandwidth bonding is a premium feature that wouldn’t be available for free… what is the price point we are looking at for a Balance 20/30 with SpeedFusion bonding?
My problem is whilst working at home via PPTP I’m not getting the benifit of our combined upload speed via the SpeedFusion link at our HQ, but limited to the single upload speed of an ADSL line (600kbps at best).
This is not a problem 90% of the time as it’s mainly used to collect emails, and RDP seesions, but there are times when it would be useful.
Our Home users only have the one ISP at home, so I’m only really looking at the abiltiy to use the SpeedFusion links from our HQ, either via a hardware router or SpeedFusion PPTP software.
Initially I’m looking at 10 users.
When I first started to look I came to the conlusion;
The 380 was to big/noisey/expensive for a home enviorment.
The 210/310 was to expensive at £1,049/£1,199 for this feature alone.
The 20/30 seemed the rigt price for a remote worker device at £249/£299 but was not able to utilise the SpeedFusion Link
A Cisco RV180W that gives us a IPSEC VPN are £120
I think my problem was the price of £475 for the SpeedFusion Key ontop of the hardware(almost double the price of the Balance 20), taken it to the price of £724, which I don’t think it that far off the price of the Balance 210.
To roll this out to our ten users would cost us £7,240
To be fair, you have to price the device with all it’s features in use, as I’ve previously said though you seem to be missing a device for home workers on a single ISP that can utilise the SpeedFusion VPN from work, but work with their exisiting home networking kit.
To answer your last question, even at £500 (£249 H/W + £251 S/W) for the Balance 20 with SpeedFusion I would have my doubts.
Thanks for your elaboration, Michael. I think we have the exact solution for you in part 2 of the roll out (targeted in the next couple of months), for our existing Balance 20/30.
You see, from where I am looking at it, our users need 3 different levels of SpeedFusion.
The top level is bandwidth bonding. This is what we have been doing well since day 1. This enables a lot of applications that were impossible in the past. This allows enterprise customesr to bond mulitple commodity links to complement or even replace their MPLS/Lease Line service. This also allows us to overcome the bandwidth limit and coverage dead spot on cellular connections by bonding multiple wireless services.
The second level provides hot failover between WAN links. At times there is no need bandwidth bonding, but a seamless and persistent failover between WAN links that wouldn’t disrupt existing traffic especially video stream and voice call. This allows for an unbreakable voice call or video stream. There is a lot of application for video streaming, VoIP provider, video surveillance and more.
The last level is the ability to establish a VPN tunnel with our Peplink/Pepwave device. A VPN protocol for all our our Pep* devices. This will not provide the premium bonding and hot failover features but will allow users to connect to their Peplink Balance at office or datacentre and provide them secure access.
I believe the last or maybe second level will address 90% of your problem. If so, then we are in for a treat, it will come in below your £500 doubt point.
If you would like to discuss which models would be best for your deployment please feel free to reach out to me in a private message or include site details on your next post. Michael Hawkins was correct above, we would want to know the following per location:
Number of devices on the LAN
Numbers of WAN’s
up/down speeds of each WAN
If you would like a Mesh or star Topology deployment
This information will provide us with a good starting point to help size your equipment.