VPN Reccomendations for a Small International Non-profit

[OhMyPennies]

Hi everyone, first time poster, long time reader. Thanks for all the various knowledge bits I've gathered pre-creating an account.

 

The scenarios/problems by priority that lead me to believe we need a VPN

1. We have Starlink in Sierrea Leone, connected to a UDM-Pro, because of how Starlink works in that area it appears as if and thinks it's in Nigeria. Hence the UDM-Pro and subsequently all the devices connected to it appear the same. Our accounting software does not work connected to this network and they do not allow whitelisting IPs for more than 30 days. 
2. Some countries during school exam times and sometimes as their government sees fit will block messaging and other services such as Whatsapp, Slack, etc. Users have been finding success using trail periods with the popular VPN services. Proton, Nord, Express, etc.
3. User Device Security - this has not been a focus but is becoming one as our user base grows and best practices become less common knowledge. 

 

Details:

1. User base - individuals from first time laptop holders, yes holders, to myself with a framework running Fedora. Most folks are in the middle
2. PC Hardware - 0-4 year old Lenovo laptops, minimum 16gb ram, all ssds
3. Phone Hardware - Organization issued - Pixels and Samsung A51, for dual sim purposes
4. No personal PCs will get access
5. Personal Phones - usual mix of Apple and Android most likely all 0-5 years old.
6. Networking Hardware - 90% of our job sites have a UDM-Pro on them powered by Starlink including our headquarters which has a fiber connection to the local ISP
7. Number of active VPN users - assuming we tackle problems 1 and 2 the number would be low maximum 10 simultaneous users
8. Money - We could of course just get a subscription for everyone to one of the popular VPN services but is that the best use of our money? We have quite a bit of networking equipment deployed already and we'd prefer to pay to get that working on our own than pay a subscription service forever, especially since usage will fluctuate. A user may travel for 7 days out of a year, assigning them a subscription seems wasteful and shifting accounts around isn't something we are staffed to manage. Ideally we can invest in ourselves.

 

Thanks so much in advance for anyone's thoughts and recommendations.

[Levent]

Just create your own. Rent a VPS in your datacenter of your choice (Digitalocean always get my recommendation). Use angristan's installers for either OpenVPN or Wireguard. All for $5 a month. AWS has a free plan where you can use a VM for free for limited time (IIRC google offers the same thing too) as far as I know.

https://github.com/angristan/openvpn-install

https://github.com/angristan/wireguard-install

[avgvstvs]

Build your own VPN! Any cheap VPS with good bandwidth and quotas will do. Wireguard is really easy to work with and faster. OpenVPN is a bit harder and slower, from my experience, but if you're not planning on doing some unusual stuff should work just as good. But i do really recommend Wireguard, it is awesome. You don't even need a script to set up to be honest, you just need to install it with a package manager, setup your config file inside /etc/wireguard and wg-quick up your config file and interface (usually named wg0.conf). Then all you need to do is to add your peers on your server and add your server to your peers config file.

What kind of work do you do in Sierra Leone?

update: you might have to add a few rules for redirecting all the traffic through the VPS tho, but its not hard.

Edited January 21 by avgvstvs

[OhMyPennies]

Thanks guys, I did some digging and it turns out built into the UDM-Pro is both a means of site VPN control called Site Magic and a mobile solutions called Teleport. It was a few clicks and it's been up and running ever since. Really great.