VPN recommendations?

[Ben Scott]

On 6/28/07, Ted Roche <tedroche at tedroche.com> wrote:
> A client of mine, Windows-centric,computer-phobic (or at least not
> -friendly) just wants to be able to access his office network from his
> home, whatever magick that requires.

  Define "access his office network".

  After all, it's unlikely your client actually cares about his office
network, per se.  What he really wants is probably something like
"open these Excel spreadsheets and Word docs", or "do QuickBooks data
entry" or similar things.

  I'm not just being pedantic.  The nature of the end goal is
critically important to finding the *right* remote access solution.
Sad experience has taught me that VPNs are quite often the wrong (or
at least incomplete) solution.

  That being said, I find OpenVPN does really, really well.  It's
really easy to install.  It's reasonably easy to configure OpenVPN
itself.  Once configured, it works very well, in and off itself (see
above and below).  I've got it working reasonably well, even for work
where users don't have admin rights to the PCs.

  Dealing with X.509 certificates, especially for a CA-based PKI, is
something of a pain, but I understand there are "turn-key Certificate
Authority" packages out there these days that make it a lot easier.

> The office is on DSL, static IP ...

  The static IP at the office should help a lot.

> His needs are basic Windows SMB sharing

  What kind of files is he going to be accessing?  How big?  How many?

  One thing you'll want to know is that SMB is pretty bad over high
latency links, and certain parts of Windows Explorer and Microsoft
Office absolutely *SUCK* over high latency links.  "High latency"
basically means "anything not LAN".  This typically shows up as
symptoms like "Opening a small Excel spreadsheet over the VPN takes
ten minutes for no good reason".  I've been dealing with this at work
myself, and haven't found much in the way of a good solution so far.

-- Ben