HI,
Want to deploy a vpn server to access internal server from WFH users?
Kindy sugget some firewall or vpn server which can do this job well for 50 users.
OpenVPN is pretty straightforward… I have only one user on my OpenVPN (i.e. me) running on an RPi4 - but - one of my customers has like a 75+ user VPN using OpenVPN (2 x load balanced Virtual Machines) “appliances” from the vendor (i.e. pre-rolled server software appliance from vendor to deploy on your hypervisor of choice - in this case VMware ESX / vSphere)…
Load balancing is done by an F5 I believe - but I also think it also supports round-robin DNS…
I think those virtual appliances are based on Ubuntu 18.04 LTS, with specs something like 4 CPU and 8 GB RAM each… You can even get the appliance (e.g. VHD or OVF) for free and deploy it - I tried it out on Oracle Virtual Box…
Don’t ask me any specifics about getting it going for multiple users per above… I have no visibility of this infrastructure - I was just involved in the early planning stages and POC (proof of concept).
1 Like
Hi, thanks for you input.
But is open vpn free for 75 users?.
I have used it earlier but found only 2 users are free, post that license need to purchase.
I don’t know mate sorry - I’m not a “bean counter”… 
So - you’re looking for something free to use… I don’t know of anything… you didn’t say you were looking for a freemium service…
You should increase the amount of documentation you read.
If you are using the OpenVPN GUI (Access Server), i.e. the freemium version of OpenVPN, then you are only allowed to let 2 clients connect to an unpaid server.
However, if you are using pure OpenVPN without the GUI crap, it is truly free and you can use thousands of users with it. Only your hardware will set the limits.
2 Likes
In fact, there are many VPN services, and many of them are quite powerful. The question is, do you need a paid or shareware VPN? There are VPNs in the form of extensions for google chrome and mozilla firefox.
I migrated my OpenVPN “server” onto yet another install onto an RPi4 (was previously running Buster, now running Ubuntu 22.04 “arm64 server”)… OpenVPN and WireShark… both worked quite well… Set my Netcomm router to forward those ports from outside, to my RPi4…
But - that aside? I recently replaced my 5 year old Netcomm modem / router / wifi with a TP-Link branded one - and - it has a builtin OpenVPN server!
Just tested it - tethered my ThinkPad (Ubuntu 23.04) to my phone’s 3G/4G. Imported the generated .ovpn file into Network Manager on Ubuntu - connect - BANG! The TP-Link supports my DynDNS provider (phew - I would have been stuffed if it didn’t - but never mind - I think TP-Link offer a free Dynamic DNS for customers anyway - but I’m paying a yearly fee [got it for 2 years with a discount] to NOIP so I’ll continue to use that).
I’m in - I can ssh to anything on my home network! Haven’t tried anything else… e.g. haven’t even verified if avahi works on OpenVPN.
And one of the GREAT things about this TP-Link device, it supports UPNP, and it discovered all my Resilio Sync devices and they can be sync’d too over the intertubes if necessary (e.g. if I’m working at the office - already figured out they let the OpenVPN port out).
I only had to add three forwarding rules so I can reach some of my things… But I don’t know if I’ll need them as I can just use OpenVPN…
Pretty sure this TP-Link can run OpenWRT - but - why would I bother? It does everything I need.
Ordered it on Monday, as I had the day off, scooted 10 km to pick it up - got it home about 3pm, was online again with everything by 4 pm… I expected a lot more pain than that, but was pleasantly surprised. I decided to keep my existing LAN IP addresses (instead of the default ones the router ships with). And now I can VPN to my home stuff!
Just gotta try the same test again, but with a MacBook instead of Thinkpad with Ubuntu… and maybe direct from my phone, and iPad(s)…
Note : this router also supports a thing that lets it merge the 2.4 and 5 ghz channels into one, and uses some algorithm to decide if a device needs the faster connection - I’m not game to try it myself…
tests proved inconclusive, it sort “worked” - i.e. I could ssh from my MacBook when OpenVPN’d to my NAS, but it shouldn’t have worked - as the OpenVPN connection progress kept spinning then disconnected (and then about 2 mins later, I’d lose my SSH connection) : inconclusive
Oh - I forgot to mention this brilliant site that converts a wifi password to a proper encrypted PSK string (e.g. for wpa_supplicant, but can also use them in netplan, and I even did it on Red Hat using it’s HIDEOUS /etc/sysconfig/network-scripts/ “system”) along with your SSID :
I may be resorting to using this site again… I guess I should be arsed to look at the JS, but I don’t know or understand JS, but, I’d like to see something like this ported to a shell script or python or something…
1 Like
PiVPN is pretty good, I use it here. It’s completely free, and if you use it along with PiHole, you’ll get protection even remotely from ads and crap.