Router that supports dual VPN config, vpn client/server at same time?

[paddy-stone]

Hi, as above really.. I can't remember the make and model, but I know one exists.. and is capable of doing both at the same time and even you can select which devices connect to which or none. Anyone got any clues?  I searched for it, but as I can't remember the make and model it wasn't very helpful. Thanks

[brwainer]

You could set this up with any Mikrotik router, although the learning curve on them is a bit high. I’m assuming that Ubiquiti routers can do it as well (pay attention to the difference between Edge branded devices and Unifi ones - Edge has more features but has to be managed in a traditional way, Unifi has a “Unifi”-ed control panel at the cost of niche features). You can also set up anything you can dream of with PFSense or other open source router operating systems, you would install these either on a special type of x86 computer called a network appliance, or a regular old computer with two NICs, or a VM inside a hypervisor server. You can also buy one from Netgate, who develops PFSense.

 

If you’re looking for specific models that are meant specifically for SMB and SOHO then I don’t have any recommendations. I see Dell Sonicwall routers in use a lot, they seem to be rather capable but I don’t have any experience or knowledge of them.

[paddy-stone]

12 minutes ago, brwainer said:

You could set this up with any Mikrotik router, although the learning curve on them is a bit high. I’m assuming that Ubiquiti routers can do it as well (pay attention to the difference between Edge branded devices and Unifi ones - Edge has more features but has to be managed in a traditional way, Unifi has a “Unifi”-ed control panel at the cost of niche features). You can also set up anything you can dream of with PFSense or other open source router operating systems, you would install these either on a special type of x86 computer called a network appliance, or a regular old computer with two NICs, or a VM inside a hypervisor server. You can also buy one from Netgate, who develops PFSense.

 

If you’re looking for specific models that are meant specifically for SMB and SOHO then I don’t have any recommendations. I see Dell Sonicwall routers in use a lot, they seem to be rather capable but I don’t have any experience or knowledge of them.

Thanks for the response, appreciate the input.

I am going to be setting up pfsense on my main server/NAS that should have ESXi hypervisor... and I may try this as you suggested, but don't know if you can do VPN server/client simultaneously. I was actually looking for a speciifc router or modem/router that I can remember seeing before that had the features to do that, BUT also could tell it what devices can connect to each VPN instance and switch between the 2... is that possible with pfsense? as that's what I am looking for more than anything else that I was going to use pfsense for.

 

I have real technophobes in my family, and when they would want to (or I tell them they have to) use/change which VPN to use, it must be very simple or they would be constantly asking me what's going on, what's wrong here etc and I can't be dealing with that all the time... it's a REAL time suck.

I want them to be able to do it themselves, believe me I have tried teaching them over and over with some things, and I tell them they should practice doing it just the way I showed them to get used to it... and they don't, so next time they need to do it, they ask me again. You can imagine my distress at hearing I have to do it for them or show them again, and again, and again

 

I could possibly arrange it to make it easier, but TBH I would just like to set it and forget it with a router that's designed to do it, for them... I couldn't care less about myself, I use my VPNs all the time and find workarounds for websites that restrict traffic from VPNs or display wrong language etc... but my family (and friends) can't deal with it and I just want to relax at home and not have them bother me with things.

 

So anyone have an idea what router I am trying to think of please? I am almost sure it's an ASUS router, and pretty high end in the £300 + range.

I am game to try pfsense, as I already planned to do it anyway.. just didn't have the time lately what with xmas, re-doing some server stuff and setting up my mining rig... it's been on the back burner for a while now. Oh shit, just remembered that I can't do it ATM, I have used up the only PCI-e 16 slot on my mobo of the NAS/server with a SAS card... so I will either have to replace the mobo with another m-ATX with 2 or 3 PCI-e x16 slots if I can find one, to do this.

[brwainer]

I don’t understand what you mean about devices being assigned to a VPN server or client on the same router. Just to make sure we’re clear, this is what I am talking about:

-VPN Server running on a router: allows users who are currently outside of the network to be connected to it, granting “local” access to any resources on the network, and (optionally) routing all traffic including that to normal websites through the router. Commonly called a “Road Warrior” VPN setup

-VPN Client running on a router: all traffic from internal users is sent through the VPN tunnel, to increase privacy relative to the ISP and sometimes to get around geo-ip blocks

 

These things are not exclusive, and I don’t understand what you mean by assigning users/devices to them. For the VPN server, if you want devices to always connect back home when away, you just need VPN client software that does that - nothing related to the server software on the router. For the VPN client, any router that supports this will by default apply it to all devices on the network (the default route the router uses is changed to go over the VPN instead of direct to the ISP) so the only thing you might want to do is configure the router to not do this for aome devices, or only do it for certain ones.

[paddy-stone]

1 hour ago, brwainer said:

I don’t understand what you mean about devices being assigned to a VPN server or client on the same router. Just to make sure we’re clear, this is what I am talking about:

-VPN Server running on a router: allows users who are currently outside of the network to be connected to it, granting “local” access to any resources on the network, and (optionally) routing all traffic including that to normal websites through the router. Commonly called a “Road Warrior” VPN setup

-VPN Client running on a router: all traffic from internal users is sent through the VPN tunnel, to increase privacy relative to the ISP and sometimes to get around geo-ip blocks

 

These things are not exclusive, and I don’t understand what you mean by assigning users/devices to them. For the VPN server, if you want devices to always connect back home when away, you just need VPN client software that does that - nothing related to the server software on the router. For the VPN client, any router that supports this will by default apply it to all devices on the network (the default route the router uses is changed to go over the VPN instead of direct to the ISP) so the only thing you might want to do is configure the router to not do this for aome devices, or only do it for certain ones.

You don't need to explain what a VPN does, as previously mentioned I use VPNs now, I just can't explain what I mean obviously, thank you for your time anyway.