cancel
Showing results for 
Search instead for 
Did you mean: 

Network & VPN Setup advice

Superuser
Superuser
Posts: 2,554
Thanks: 240
Fixes: 5
Registered: 06-04-2007

Network & VPN Setup advice

Hi
I know there are a few people around here who know more on these things than me, so your advice would be most welcome please!  We've got a site with a Plusnet connection (currently ADSL, but will be placing an order for Fibre soon).  We've got a Windows Server 2008R2 acting as domain controller, file server, DNS Server, DHCP Server and VPN Gateway (for a few people to access the network from home on).
We've got another site which until recently was connected by Wifi over a 150metre distance to the first site, which has got a Windows Server 2008 (not R2), which was acting as a backup to domain controller, and stored backups taken from the server on the first site.  That link is now broken, and is not possible to be restored (big line of trees in the way that can not be trimmed).
My plan is to get a line installed at this second site with a fibre connection.
So far I'm well within my comfort zone!  What I'll then want to do is establish a permanent VPN connection between the 2 sites.  I'm guessing the best way for that is to do that directly from the router.  If so my first question is if anyone has any suggestions for a decent (fibre) router that could do that?  This will be transferring quite a lot of data in the overnight backup.
Next I'm more just after confirmation that if I did this then I would need to have a DHCP server on the second site?
Would the Domain Controllers and DNS Servers still be able to keep themselves in sync across the VPN connection?
Would the VPN Server running on the Window Server at the first site be able to get us access to both sites, or would we need to set up the other Window Server as a VPN Server as well and connect to each site individually?
Just in case anyone was going to make the point, both connections will be with Plusnet Business accounts.
Any recommendations on hardware, or answers to any of these would be most welcome!
Many thanks
Phil
19 REPLIES
Community Veteran
Posts: 470
Thanks: 34
Fixes: 1
Registered: 26-09-2015

Re: Network & VPN Setup advice

Was the previous wireless connection a bridge, with the same subnet in use at both sites?    If so then you'll probably need to change one site onto a different address range, as most VPNs act by routing between sites.
DHCP - you'd probably need a server at each site.  DHCP works by local broadcast, so unless your VPN routers support some sort of DHCP helper function a DHCP request from one site isn't going to be seen by the other site.
DNS, Domain traffic and VPN remote access should be able to route between the two sites once the site-to-site VPN is in place.
Tony S
Superuser
Superuser
Posts: 2,554
Thanks: 240
Fixes: 5
Registered: 06-04-2007

Re: Network & VPN Setup advice

Thanks Tony.  That isn't too different than what I thought would happen, though have never actually tried to do it!
Community Veteran
Posts: 6,328
Thanks: 471
Fixes: 41
Registered: 30-07-2007

Re: Network & VPN Setup advice

Quote
I'm guessing the best way for that is to do that directly from the router.  If so my first question is if anyone has any suggestions for a decent (fibre) router that could do that?
The Draytek 2800 series will support IPsec VPN tunnels, I use a pair of 2820's to provide a VPN link to a client site. The 2860 also supports VDSL but is not cheap at ~£180. We also have a Fritzbox 7390 in our Netherlands office but again that's >£200, that gives us a VPN tunnel to our UK firewall which is a Smoothwall based box. The TP Link TD-W8980 & 9980 also support VPN tunnels and are good value at around £70 but I have no experience on their performance , the newer TP Link ones such as the Archer VR200 also support VPN and maybe worth a look.
Hope that gives at least some food for though... 
Superuser
Superuser
Posts: 2,554
Thanks: 240
Fixes: 5
Registered: 06-04-2007

Re: Network & VPN Setup advice

Many thanks MisterW.  That's a bit more than I was hoping for, but if that is what we need to spend to do it well, then I'll be insisting on it!  I'll have a good look at those.
nanotm
Pro
Posts: 5,676
Thanks: 109
Fixes: 1
Registered: 11-02-2013

Re: Network & VPN Setup advice

forgive me if this is a stupid question, but can you not just string a couple of lengths of phone line between the two sites if they are so close together to give you a closed loop link between them without needing to expose your traffic to the outside world ?
yes I know you would need a modem on the end of each line (so make that 4 modems) and have them setup as one way traffic systems (one side going out one side coming in) and it might be more expensive in the hardware side but a lot cheaper in terms of installing a secondary line and then monthly rentals.
obviously knowing nothing about the location the question might be redundant but possibly another option to think of /
just because your paranoid doesn't mean they aren't out to get you
Superuser
Superuser
Posts: 2,554
Thanks: 240
Fixes: 5
Registered: 06-04-2007

Re: Network & VPN Setup advice

Thanks nanotm, but if I could run anything directly between the 2 sites then I'd do it properly and run a fibre.  Unfortunately that isn't an option.
nanotm
Pro
Posts: 5,676
Thanks: 109
Fixes: 1
Registered: 11-02-2013

Re: Network & VPN Setup advice

yeah I wasn't sure if stringing a line across from rooftop to rooftop would be possible but I thought i'd put it out there /
just because your paranoid doesn't mean they aren't out to get you
Superuser
Superuser
Posts: 2,554
Thanks: 240
Fixes: 5
Registered: 06-04-2007

Re: Network & VPN Setup advice

It would be across the top (or underneath) a grave yard
nanotm
Pro
Posts: 5,676
Thanks: 109
Fixes: 1
Registered: 11-02-2013

Re: Network & VPN Setup advice

yeah that explains why it wouldn't be feasible, I was half expecting you to say across a housing estate or similar to be honest. just thought i'd put out there what's probably the simplest solution.
well you already have good advice about what your doing and what to use to get it done the hard way XD
just because your paranoid doesn't mean they aren't out to get you
Community Veteran
Posts: 6,328
Thanks: 471
Fixes: 41
Registered: 30-07-2007

Re: Network & VPN Setup advice

Another thought on VPN capable routers that could possibly be a little cheaper...DD_WRT.
https://www.bestvpn.com/blog/12086/5-best-dd-wrt-routers-vpn/
I don't think DD_WRT supports combined modem/routers so you would need to use the BT modem ( but they're not being supplied after Jan 2016 )
nanotm
Pro
Posts: 5,676
Thanks: 109
Fixes: 1
Registered: 11-02-2013

Re: Network & VPN Setup advice

Isn't that down to not supporting ipv6 which is apparently getting switched on around then by BT?
just because your paranoid doesn't mean they aren't out to get you
Superuser
Superuser
Posts: 2,554
Thanks: 240
Fixes: 5
Registered: 06-04-2007

Re: Network & VPN Setup advice

Thanks MisterW.  I'll take a look at that as well.  Someone else has just suggested the TP Link TL-ER6020 to me as well.  That will need a separate modem as well.  Plenty of reading for me later by the looks of it.
Community Veteran
Posts: 6,328
Thanks: 471
Fixes: 41
Registered: 30-07-2007

Re: Network & VPN Setup advice

Quote
Someone else has just suggested the TP Link TL-ER6020 to me as well.
If you don't need wifi ( or have a separate access point ) then, on paper, that looks pretty good. The claimed VPN throughput is 80Mbps. http://www.tp-link.com/en/products/details/cat-4909_TL-ER6020.html#specifications
However, your maximum VPN throughput is going to be limited by the upload speed on your Fibre ( max 20Mbps ) so might be worth looking at the TL-R600VPN http://www.tplink.com/ir/products/details/cat-4909_TL-R600VPN.html#specifications which has a claimed throughput of 20Mbps but is about 1/2 the price http://www.broadbandbuyer.co.uk/products/13120-tp-link-tl-r600vpn/
wisty
Aspiring Pro
Posts: 443
Thanks: 54
Fixes: 3
Registered: 30-07-2007

Re: Network & VPN Setup advice

Do Openreach still offer point to point "leased lines". If so it might be worth getting an idea what they would charge to give you a simple copper path between the two buildings and then bridge the network across that link.
If the two buildings are fed from the same pole or cabinet it might be a fairly ( it is Openreach! ) simple job. Would save you the ongoing cost of an additional ADSL FTTC service. It would need the payback periods calculating.