Hello all,
I would love some advice for a corporate VPN that doesn’t charge per user. I just got quoted from VyperVPN for 1000 USD per month which is frankly ridiculous. We are a charity and I am always frugal with money, but realize my time also costs money. I believe for that price, I would be better off setting up and host my own VPN servers around the world for the organization.
I would rather go through a third-party provider because the OpenVPN client is far from user-friendly as I have found you have to remember to run the application as administrator in WIndows 7 in order for it to work (so it can change the routes etc), and it is not as “pretty” and self-explanatory as third-party clients. Maybe Windows 10 improves things, I haven’t tried. With using OpenVPN, I would have to install the certificates myself on each colleagues laptop and step them through how to connect which is a hassle I would rather avoid. I dare not use a single password as I know this would get abused.
I am not necessarily looking for anonymity, only security as my colleagues often travel the world and will log into any public wifi hotspot immediately without thinking twice about whether it is safe or not.
Perhaps you guys know a better OpenVPN client than the official one, or have a third party suggestion?
Never tried it myself but looking around Viscosity would be the one that I would try out first if I wanted to set up a home VPN. It is cheap at $9 for one seat and the price goes down as you add licenses. Looks like it also has the ability to import configurations so that users just have to click on a file and their VPN is configured.
Essentially you would set up the clients to connect to the server using the VPN client of choice, then their connection will be routed from the server out to the internet.
In fact, there is a guide that you might try here:
And the part 2 that makes it accessible to the internet here:
What most people fail to realize, is VPN's are NOT for anonymity.
Here's a great video that can sum up everything without me writing a wall "O" text.
That being said, I use PIA on my phone and on my home computers (when not online gaming) to secure my traffic from my ISP keeping a digital scrapbook of my life and selling it to marketers.
I'm using OpenVPN on Windows 7 and 10, OSX and Linux and running the client on any of those machines was not a problem. Sure, there are some things you have to be aware of, for example checking the "run as admin" box, but this has only to be done once.
Here is a guide for running openVPN automatically on Windows:
Thanks for your suggestions guys. I would like to reply to some of them.
@rant
Yes, I realize that, which is why my question stated:
I don't need an on-premise solution. One of the great things about VyperVPN is that they have locations around the world. However I don't need to spend 1,000 USD to achieve that. I can spin up 5 VPS servers around the world for just 300 USD per annum for any number of users. Thanks for the tip, but I don't need help configuring the servers, I have already posted my own tutorials on how to setup OpenVPN on CentOS, Debian, and Ubuntu.
Yes, I too use OpenVPN and am quite happy with how easy it is to get it working. However, you cannot underestimate how difficult other users find the simplest things. Remembering to run something as administrator would be a step too far for them.
@JvrJava is Viscosity just an client that I make a one-off payment of $9 for that I can add my openvpn configuration files to that my users will find easier to interface with? I need to check first if WIndows 10 improves connecting to VPNs as I think it has functionality built-in now which may help.
You can configure applications to always run as admin. Just right click it, switch to the compatibility tab and check the checkbox that says "run program as admin". By adding an appropriate registry entry (the one mentioned above) and by using an rsa key (I do not like saving the password in a txt file like mentioned above) the openvpn client will connect to the server at startup.
That is correct. From what I have seen you can create a configuration file that users select and their client gets configured. The program has a free 30-day trial that you can check out and if you need more than 10 clients they have a sales team that you can contact for personalized quotes. $9 is for one user, add users and price drops per user.
Oh did not realize you where an expert in VPN ;) I will take a look at your blog, looks like you have some nice nuggets of wisdom on there.
Non-paid vpn's aren't incumbent to protect your anonymity. I would say no, despite still being inside the tunneling protocol, their network is still susceptible, depending on their internal security.
Wow! This has to be one of the best communities I've found with all the great responses from all of you.
Thank you @Azulath and @JvrJava. I think I will bring a windows laptop home and tutorialize that always run as admin advice, and also perhaps integration with win10. If I feel that it would be beyond the capabilities of some users, I will look into Viscosity. Unfortunately, I only run Linux at home, which makes it much harder to prepare for what the Windows users will have to expect. It also doesn't help that my office has a mix of 7, 8.1, and 10 and they are all completely different.
It sounds to me like you want your colleagues to be able to connect from around the world on public WiFi without snooping. You don't need something like vyper VPN for that, just need one central VPN for your company that you control. You could just set up a server for that. Unless there's some requirement for multiple VPN servers around the world?
I might have missed it but I didn't see a number of employees that you have in the organization that need concurrent access. I run an OpenVPN Access Server, for the exact reason that the client is about as fool proof as you could ask for and you only pay for concurrent users. So while you do pay for each user you want to have a concurrent connection you do not need to pay for each person who could have access to the VPN. Depending on travel schedules it could be a good option. It has a 10 concurrent user minimum which is $96 annually.
Hey Eden,
We do wish for colleagues to be able to connect to a local VPN server from wherever they are in the world, and more importantly, be our VPN server so that we can whitelist it’s IP address to grant them access through firewalls that have a whitelist. This way they can access the /admin areas of various websites etc. This is why we don’t want to use public VPN offerings where people are mixed in with the genral public. As @KenPC points out, this is not for anonymity so much as security.
For now, we have deployed our own VPN/wireguard VPN servers on VPS’s to resolve our needs for now, but it is up to users to be pre-set up with the one that is nearest them. This works for employees that are stationary, but not so good for employees who are travelling, as they need their devices pre-configured with access to each server, and manually choose the right one for where they currently are in the world. It would be much better if the experience was like my personal Mullvad, where I have one app/client and then pick the server to connect to from there, or better yet, it auto detects the closest server and connects to that.
Having multiple servers around the world so users can connect to a closer VPN server is important, because connecting to Australia from the UK or vice-versa just kills internet latency and makes browsing the web a real pain.
