Hi there, I am enjoying the pfsense content on the youtube channel and though I would ask about a project I am looking to undertake at my workplace.
I work at an optometry practice with 4 locations seperated by about 50 miles. Our head office is the main location with a network of about 20 windows machines, while the other locations only have 1 or 2 machines. All practiced have decent FTTC broadband with at least 40/10 bandwidth, the head office has 80/20.
The main application we run in an SQL 2008R2 based practice management database. We have one main server and another 2 backup servers all running at the main office. The PCs all run an access front end application which links to the server. In addition several of the PCs in all practices also need to connect to the NHS infrastructure using cisco anyconnect software VPNs, which are split tunnel and allow normal network traffice as well. One machine uses a closed ipsec forticlient software VPN to connect to an external NHS server, and it had no local or internet access while the VPN is enabled.
This all works fine in the head office, however we need access to our SQL database at the remote offices as well. At the moment we are using log me in hamachi gateway to create VPN links between the main office and remote offices.
I originally tried accessing the sql over the VPN, but performance was terrible. I then set up several windows VMs at the main office using virtualbox which we can access at the remote locations using a remote desktop app called remote utilities (we can't use windows RDP as the cisco anywhere VPN which need to run on the VMs will not function if they detect RDP is enabled).
Though this seems a bit messy in practice it all functions pretty well, but I find hamachi quite tempremental and not a week goes by when there isn't a drop in the VPN to one practice or another which pretty much stops work till it is fixed and takes me away from what I am doing to sort it using teamviewer. We also need to print from the local VMs to the remote locations, and the network printers frequently fail to work over the VPN.
I think a better solution would be to create a router to router VPN between the locations with the server at the head office and clients at the remote locations. Pfsense seems to be a very flexible option, and we could replace out current billion 7800n wireless routers with a psfense appliances with wireless to replicate our current set up, but with VPN now possible at the router level. We could then get rid of hamachi on the PCs and move all the network set up to the router which will hopefully be more stable.
This is as far as my current knowledge will take me. I have looked online at various guides about setting up different subnets in the different locations but are getting really confused. All I need is for all the locations to act as if they are on the same LAN. I can then reserve IP adresses based on MAC so all the machines have known ip adresses and then set up the host file in windows to link the ip to host name. This should sort the sql application and remote printing. I don't need normal internet traffice to go over the VPN however, as that would just slow down the network at the main practice if everything was being re direcyed through there. The cisco and forticlient VPNs would probable also need direct internet access as well, as I don't know if they would function over a second VPN, and would probably be even slower.
Am I on the right lines here, or does anyone have any better ideas or suggestions.
Thanks for any help.