I've done a lot of openvpn setups in a myriad of formats, site to site, hub and spoke, client etc. It works well and there are even some lesser documented features that do some neat stuff but you are now rolling your solution and marinating it manually. Not sure how well that will scale unless you have a skilled team.
> -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Kurt Buff > Sent: Monday, November 13, 2017 5:22 PM > To: ntsysadm <[email protected]> > Subject: [NTSysADM] Looking for a global VPN solution - looking for input > > All, > > 1) For staff, currently we're using DirectAccess on 2012R2 as our > primary conduit in the US, with SSL VPNs (SonicWall and Palo Alto > Global Protect) as primary for our overseas offices and secondary for > the US (Sonicwall). > > 2) In the US office, we also have contractors/consultants needing to > use our SSL VPN for access to various resources, and that will likely > expand to our overseas offices soon. Differentiation and securing > resources is even more important here than in 1). > > 3) We also stand up IPSec tunnels for vendors/partners as needed (lab > to lab), for interoperability/compatibility testing. > > We're looking to get into a solution that will take care of at least > the first two (and ideally the third as well), so that we don't have > so many platforms to support, and so that we can make sure that staff > in the field get the fasted connection available. > > I've taken a quick gander at the websites for vyprvpn (Golden Frog), > and OpenVPN (commercial client offering), but don't have much of an > opinion on them, as info about them is a bit thin. > > Anyone have experience with solutions like this, and care to comment? > > Thanks, > > Kurt >
