Suggestions on a VPN Solution
-
@scottalanmiller said in Suggestions on a VPN Solution:
Given the number of workstations and the single server, why not use ZeroTier and go to something more advanced and flexible? Why deal with the complication of the site to site VPN when you could easily go to a full mesh?
That looks like something you setup on each client, which I think they would not be happy about. They do not take kindly to new ways of doing things, hell they'd still be running Windows XP and Server 2000 if I had not pushed very hard to get them moved to Windows 7.
The other issue is the corporate franchise entities IT department is staffed and run by people who actually know very little about IT. So the tech mandates that come from there are a joke at best. So having the VPN as transparent as possible will help me stave away the "we don't support that" mentality they have, which to them really means "we won't help you with anything we don't understand, even if it's not a factor in the issue you are having"
-
@gjacobse said in Suggestions on a VPN Solution:
If you have Static IPs at both ends - and why not... Go with the ERL.
Nah - ER-X.. save the money.
-
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
That's what I mean, though. No one makes a router that doesn't do that stuff. Not on the high end and not on the low end. I mean there literally might not be any product on the market that doesn't do that.
Sounds like their "custom application" was written long, long ago in a pre-Internet style? It's not a web front end?
It was, and poorly at that. And believe or not it was actually "updated" recently, but still no web front end at all. Plus it's mandatory for all franchise to use it.
-
@jrc said in Suggestions on a VPN Solution:
That looks like something you setup on each client, which I think they would not be happy about. They do not take kindly to new ways of doing things, hell they'd still be running Windows XP and Server 2000 if I had not pushed very hard to get them moved to Windows 7.
It is and... how would they even know? The whole point is to make it as transparent for them as possible.
-
@jrc said in Suggestions on a VPN Solution:
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
That's what I mean, though. No one makes a router that doesn't do that stuff. Not on the high end and not on the low end. I mean there literally might not be any product on the market that doesn't do that.
Sounds like their "custom application" was written long, long ago in a pre-Internet style? It's not a web front end?
It was, and poorly at that. And believe or not it was actually "updated" recently, but still no web front end at all. Plus it's mandatory for all franchise to use it.
Oh, this is not your customer's custom app, this is an app that they are forced to use from elsewhere.
-
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
That's what I mean, though. No one makes a router that doesn't do that stuff. Not on the high end and not on the low end. I mean there literally might not be any product on the market that doesn't do that.
Sounds like their "custom application" was written long, long ago in a pre-Internet style? It's not a web front end?
It was, and poorly at that. And believe or not it was actually "updated" recently, but still no web front end at all. Plus it's mandatory for all franchise to use it.
Oh, this is not your customer's custom app, this is an app that they are forced to use from elsewhere.
Ahh, yes. Sorry when I said custom I meant for the franchise in general and not for the specific branch.
-
VPN makes sense then, as awful as it is. Those kinds of applications are terrible over a VPN, not meant to talk to databases that way, normally.
-
Use an ERL at both sites, not an ER8, you have zero need for anything like that.
Do not use the ERX, without a console port, you lose troubleshooting.
If you want switch ports on your router, then go with the ERPoE.
-
I agree, once we dug into it, the ERL sounds like the right solution. Two ERLs are dirt cheap and an upgrade from what is there now, too. Solid site to site solution.
-
@scottalanmiller said in Suggestions on a VPN Solution:
VPN makes sense then, as awful as it is. Those kinds of applications are terrible over a VPN, not meant to talk to databases that way, normally.
That is an over broad assumption, but is generally a solid assumption.
If it is a locally installed application that just connects to the database at the main site, it will work great.
If it is a application launched form a shared drive, it will likely run like shit.
-
@JaredBusch said in Suggestions on a VPN Solution:
@scottalanmiller said in Suggestions on a VPN Solution:
VPN makes sense then, as awful as it is. Those kinds of applications are terrible over a VPN, not meant to talk to databases that way, normally.
That is an over broad assumption, but is generally a solid assumption.
If it is a locally installed application that just connects to the database at the main site, it will work great.
If it is a application launched form a shared drive, it will likely run like shit.
It is a locally installed application that connects to a DB at the main site (running on the SBS server).
Is there a comprehensive list of the differences between an ER8, ERL and ERLX somewhere? Ubiquities site is not too clear on this.
-
@jrc said in Suggestions on a VPN Solution:
@JaredBusch said in Suggestions on a VPN Solution:
@scottalanmiller said in Suggestions on a VPN Solution:
VPN makes sense then, as awful as it is. Those kinds of applications are terrible over a VPN, not meant to talk to databases that way, normally.
That is an over broad assumption, but is generally a solid assumption.
If it is a locally installed application that just connects to the database at the main site, it will work great.
If it is a application launched form a shared drive, it will likely run like shit.
It is a locally installed application that connects to a DB at the main site (running on the SBS server).
Is there a comprehensive list of the differences between an ER8, ERL and ERLX somewhere? Ubiquities site is not too clear on this.
Their data sheet clearly lists all of the models.
https://dl.ubnt.com/datasheets/edgemax/EdgeRouter_DS.pdf -
@jrc Seriously, you only want to look at an ERL. Your router should not be your switch also.
So buy a pair of ERL, upgrade the firmware to 1.9.1, run the first run wizard, create VPN tunnel.
-
-
@JaredBusch said in Suggestions on a VPN Solution:
@jrc Seriously, you only want to look at an ERL. Your router should not be your switch also.
So buy a pair of ERL, upgrade the firmware to 1.9.1, run the first run wizard, create VPN tunnel.
I had planned on it being used as a switch, the ER-8 was chosen mostly because it seems to be higher performing device than the ERL, and as such would possibly allow for more expansion and flexibility in the future for the main store. Plus the price on them is not bad, $280 or so.
But I can see your point about just using the ERL and be done with it. So that may be the way we go when it comes down to it.
-
@jrc said in Suggestions on a VPN Solution:
I had planned on it being used as a switch, the ER-8 was chosen mostly because it seems to be higher performing device than the ERL, and as such would possibly allow for more expansion and flexibility in the future for the main store.
This doesn't make sense like you think that it does.
- The ERL does a million pps, that's equivalent to a $3,000 Cisco enterprise router. You don't need more than that, your little shop can't even think of being able to use that. Paying for more is 100% wasted. There is just no way that you need anywhere near what this can provide. The ERL will handle so many branches, so many users.... you'll be building new buildings all over the place before you need to think of replacing that for speed reasons.
- The ER-X has the switch, not the ER8.
- The ER8 is an eight port router, this is "real gear", don't think of it in Netgear terms. Those are not switch ports.
- Wanting to use the router as a switch conflicts with your goal to overbuy and have so much power. Good practice is to have them be separate. There is a reason that only the entry level ERX includes a switch and the serious router options do not.
-
@jrc said in Suggestions on a VPN Solution:
@JaredBusch said in Suggestions on a VPN Solution:
@jrc Seriously, you only want to look at an ERL. Your router should not be your switch also.
So buy a pair of ERL, upgrade the firmware to 1.9.1, run the first run wizard, create VPN tunnel.
I had planned on it being used as a switch, the ER-8 was chosen mostly because it seems to be higher performing device than the ERL, and as such would possibly allow for more expansion and flexibility in the future for the main store. Plus the price on them is not bad, $280 or so.
But I can see your point about just using the ERL and be done with it. So that may be the way we go when it comes down to it.
The ER8 does not have switching capabilities.
If you do need a switch, buy a dumb one. A place like you are discussing has no need for a managed switch. I mean it would be nice, but is completely unnecessary.
You can pick up the Tenda 5 and 8 port gigabit switches for $20.
-
The ER8 is more powerful than the ERL the names explain that.
EdgeRouter vs EdgeRouter LITE.
That said you don't need 1million packets per seconds which is what the ERL can do.
-
@scottalanmiller said in Suggestions on a VPN Solution:
@jrc said in Suggestions on a VPN Solution:
I had planned on it being used as a switch, the ER-8 was chosen mostly because it seems to be higher performing device than the ERL, and as such would possibly allow for more expansion and flexibility in the future for the main store.
This doesn't make sense like you think that it does.
- The ERL does a million pps, that's equivalent to a $3,000 Cisco enterprise router. You don't need more than that, your little shop can't even think of being able to use that. Paying for more is 100% wasted. There is just no way that you need anywhere near what this can provide. The ERL will handle so many branches, so many users.... you'll be building new buildings all over the place before you need to think of replacing that for speed reasons.
- The ER-X has the switch, not the ER8.
- The ER8 is an eight port router, this is "real gear", don't think of it in Netgear terms. Those are not switch ports.
- Wanting to use the router as a switch conflicts with your goal to overbuy and have so much power. Good practice is to have them be separate. There is a reason that only the entry level ERX includes a switch and the serious router options do not.
Perfect! That is the explanation I needed. ERL it is, and I had always planned on pairing the ERL with an 8 port gigabit dumb switch at the satellite location.
-
@scottalanmiller typing the better answer while I was on the shitter...