VPN "small buisness" solution

[gedefims]

Hi LTT!
Once again looking for your expert advice!

I need two computers to be able to speak together&share data etc. as if they were connected by a lan cable,
Its a "small business" (two farms like 2km apart) they're both running a "cow monitoring" program.
Computer A is connected by fibre(500/500) and is supposed to act as a "server"
Computer B is connected with a (25/5) bit unstable cable and supposed to act as a "client"
-tho the unstable connection should be no issue, since the program provider says there is a "hold" function.
Both computers running windows 10, I5's, 8gb ram.

This is the case:
Computer B has to be able to transfer data to the server (A) as if they were connected by a lan cable.

None of the current routers/switches offer any vpn option.

So Im looking for the easiest way to connect this.
I was thinking something like a newer asus router (site A) - with a pptp connection from computer B.

Would running the computer as the vpn server be a more stable option? (they're supposed to be on 24/7/365)

Hoping for some clever solutions!
Thanks!

Edited July 31, 2017 by gedefims
bit more info

[Falconevo]

Some more information would be helpful, what operating system is the 'server' side running on?

 

Ideally VPN termination at the Router/Firewall would be better for a Site-to-Site VPN, alternatively it can be a client to server VPN but would need more information to be able to help.

[gedefims]

Updated the post to include pc specs.

Im guessing Site-to-Site would make both pc's look at eachother's network? this would probably be a fine option.
The program providers have just asked for a VPN solution that makes them able to transfer data.

[The Benjamins]

3 options I can think of is.

 

1. host a OpenVPN server on system A and setup system B to auto connect.

2. set up a Ubiquity long range bridge.

3. run a 2+KM fiber cable between the sites. (distance isn't a issue but were/how you will lay it might be)

[Vedeyn]

You could set up an OpenVPN server in a VM or something. Also, depending on the topography of the area, you could get something from Ubiquiti and create a wireless point to point connection between the two.

 

Edit: Benjamins beat me to it.

[Falconevo]

34 minutes ago, gedefims said:

Updated the post to include pc specs.

Im guessing Site-to-Site would make both pc's look at eachother's network? this would probably be a fine option.
The program providers have just asked for a VPN solution that makes them able to transfer data.

Site-to-Site allows for routing traffic between internal networks as if they are on the same network yes, as long as VPN firewall rules allow for the communication.

Usually the best place to Site-to-Site is at the edge device / gateway of the site on each side for simplicity.. This requires the Firewall/Router however to support VPN termination on both sides which sounds like something you currently don't have.

Can you provide information on the Firewall/Routers you have on each side of the VPN you would like to create?  Happy to provide assistance but will need more information about the hardware in use.

[gedefims]

Thanks for replies guys!
SitetoSite sounds interesting, would that be what Im currently doing for my home network?;
Home asus router is setup for pptp, and my "travel router" (also asus) connects via 4g/LTE to the home router 'directly' (as in router-router)
(being able to discover all of my home network etc)

Electrician also said it would be possible to "shoot" the fibre from one site to the other, even tho there was no pricing, this would seem quite expensive for abit of cow-data transfering imo (Considering the ISP dont want to do a fibre connection to the site B farmhouse, do keep it mind its two different company's one is ISP, other is electrician)

There is currently no proper hardware on either site, except the two computers.
We are going to buy something, simply looking for the best/simplest option.

Setups being atm:
Site B;
Farmhouse gets internet over Coax cable, 25/5 bit unstable line.
This signal is then run by lan cable to a router in the cowshed office(?) where the B computer is connected via cable, the router also transmits its wireless signal for the workers to use (this is however by no means "needed")

Site A is not complete yet, this is however the current setup;
Farmhouse is connected via fibre, the cowshed office gets its own fibre connection also by splitting the fibre cable before it reaches the farmhouse (Y split)
There will be a modem/router from the company providing this fibre connection, however there is no vpn option on said router, it does however do bridge-mode.

From here we would like to have a router the workers can wireless connect to, alongside with the said VPN (or any other) connection to site B (technically site B to site A, but if site-to-site guess its the same?)

My guess being that we go from fibremodem/router>switch>wireless router for the workers etc
                                                                                             >VPN connected router/server>site A computer

[Vedeyn]

I would likely go with some sort of VPN solution or a wireless point to point solution from someone like Ubiquity for sure. Fiber sounds a bit overkill and expensive. Point to point VPNs or wireless bridges would likely be far more affordable. I guess the question to ask would be do you want to rely on the internet for this connection or have a dedicated wireless bridge between the two locations (assuming the landscape permits this of course).

[Falconevo]

20 minutes ago, gedefims said:

Thanks for replies guys!
SitetoSite sounds interesting, would that be what Im currently doing for my home network?;
Home asus router is setup for pptp, and my "travel router" (also asus) connects via 4g/LTE to the home router 'directly' (as in router-router)
(being able to discover all of my home network etc)

Electrician also said it would be possible to "shoot" the fibre from one site to the other, even tho there was no pricing, this would seem quite expensive for abit of cow-data transfering imo (Considering the ISP dont want to do a fibre connection to the site B farmhouse, do keep it mind its two different company's one is ISP, other is electrician)

There is currently no proper hardware on either site, except the two computers.
We are going to buy something, simply looking for the best/simplest option.

Setups being atm:
Site B;
Farmhouse gets internet over Coax cable, 25/5 bit unstable line.
This signal is then run by lan cable to a router in the cowshed office(?) where the B computer is connected via cable, the router also transmits its wireless signal for the workers to use (this is however by no means "needed")

Site A is not complete yet, this is however the current setup;
Farmhouse is connected via fibre, the cowshed office gets its own fibre connection also by splitting the fibre cable before it reaches the farmhouse (Y split)
There will be a modem/router from the company providing this fibre connection, however there is no vpn option on said router, it does however do bridge-mode.

From here we would like to have a router the workers can wireless connect to, alongside with the said VPN (or any other) connection to site B (technically site B to site A, but if site-to-site guess its the same?)

My guess being that we go from fibremodem/router>switch>wireless router for the workers etc
                                                                                             >VPN connected router/server>site A computer

Might be a long shot but do you have line of sight between the two locations?  I'll digest the rest when I get home from work and drop an edited reply on

[gedefims]

15 minutes ago, Vedeyn said:

 

I dont see relying on internet being an issue tbh, its real-time data but, its not looked at in "real time" (program calculates shows a graph/info based on the realtime)

8 minutes ago, Falconevo said:

Might be a long shot but do you have line of sight between the two locations?  I'll digest the rest when I get home from work and drop an edited reply on

Yes it is possible to see the other farm, not sure "how easy" but you can see the roof etc of the new "cowshed office" from the site B location.
Im not sure this would be easier than buying some VPN routers/switches etc and setting that up tho?

[Vedeyn]

9 minutes ago, gedefims said:

I dont see relying on internet being an issue tbh, its real-time data but, its not looked at in "real time" (program calculates shows a graph/info based on the realtime)

Yes it is possible to see the other farm, not sure "how easy" but you can see the roof etc of the new "cowshed office" from the site B location.
Im not sure this would be easier than buying some VPN routers/switches etc and setting that up tho?

If you wanted to do PPTP VPN, you could use something like this:

 

https://www.newegg.com/Product/Product.aspx?Item=0XK-000W-00080

 

Pretty affordable routers at $54 each. These routers do NOT include wireless though, you'd have to provide that separately. You could very likely use your existing routers in AP mode for the wireless.

 

 

[Falconevo]

1 hour ago, gedefims said:

I dont see relying on internet being an issue tbh, its real-time data but, its not looked at in "real time" (program calculates shows a graph/info based on the realtime)

Yes it is possible to see the other farm, not sure "how easy" but you can see the roof etc of the new "cowshed office" from the site B location.
Im not sure this would be easier than buying some VPN routers/switches etc and setting that up tho?

If you have line of sight, the best thing you can do then is to create a layer2 bridge between the two locations, this is easy to do in the modern age as technology has come on quite significantly.  This will allow you to share the 500/500 connection to the other location also with the capability of getting the full 500Mbit to the other site (depending on distance and line of sight)

 

Using Ubiquiti AirMax/AirFiber/Nano Wifi you can get a low latency high bandwidth connection between sites with ease, now comes what technology and speed you want to get to the other site.

Cheap is anywhere around 150Mbit/150Mbit+ which can be a product like Nano Beam to easily create a layer 2 connection between sites;

 

https://www.ubnt.com/airmax/nanobeamm/

 

If you just want 150Mbit+ bidirectionally, then go fore the NBE-M2-16 model

If you want more and would like to share the 450Mbit+ between sites then go for the NBE-5AC-Gen2 model

I have used these devices myself and regardless of your level of expertise, you should be able to accomplish the job easily enough.

[gedefims]

@Falconevo

Using that NBE-5AC-Gen2 or the slower NBE-M2-16 as you suggested, would I be able to abandon the "ISP internet" on site B - and completely run off site A? both internet and the sharing/"vpn" service? it would act as if it was all connected to the same router/switch right?

Cause that actually sounds quite great, assuming I can get the disc's to see eachother.
They're complaining about lagging streams etc with the internet on site B.

Thanks!

[Akolyte]

What about using SoftEther? Or if you use SSTP?  SoftEther supports NAT pass through and supports faster transfer speeds so you might want to look into it.  

 

Im a networking student, not a full industry worker yet. So don't quote me on this.  But in my opinion try to get a vpn working because it's the most cost effective option.  

[gedefims]

9 hours ago, Mike_The_B0ss said:

What about using SoftEther?

Would this work like Site-to-Site VPN? Didnt see much info on their website other than client-server VPN

The product/software have just asked for a VPN internet connection with a static IP.
I'm just assuming the VPN is to be able to connect the computers inbetween, better call them for clearification tho.

[Falconevo]

14 hours ago, gedefims said:

@Falconevo

Using that NBE-5AC-Gen2 or the slower NBE-M2-16 as you suggested, would I be able to abandon the "ISP internet" on site B - and completely run off site A? both internet and the sharing/"vpn" service? it would act as if it was all connected to the same router/switch right?

Cause that actually sounds quite great, assuming I can get the disc's to see eachother.
They're complaining about lagging streams etc with the internet on site B.

Thanks!

Yep, you can use Site A's internet for Site B and save a few ££$$ a month on a different ISP.

 

Having used these devices in the field, I was able to get approx 550Mbit/s bidirectionally from the NBE-5AC-Gen2, but this was a short throw (around 700m) and had direct line of sight with no tree's etc in the way.

You can pick up 2x NBE-5AC-Gen2 for around £190'ish using Amazon, make sure you purchase the ones with the gigabit POE adapters in the box also saves a lot of messing around!

 

E.g https://www.amazon.co.uk/dp/B072NYXRQ5/

 

[Akolyte]

On 8/1/2017 at 9:24 PM, gedefims said:

Would this work like Site-to-Site VPN? Didnt see much info on their website other than client-server VPN

The product/software have just asked for a VPN internet connection with a static IP.
I'm just assuming the VPN is to be able to connect the computers inbetween, better call them for clearification tho.

SoftEther can do site-to-site and also supports other protocols like SSTP for compatibility but my advice is to just use the SoftEther VPN For throughput and security.  This is LAN-to-LAN if that is what you want? 

 

https://www.softether.org/4-docs/2-howto/1.VPN_for_On-premise/3.LAN_to_LAN_Bridge_VPN