Netgate® is receiving a number of calls from businesses asking for advice on how best to increase VPN capacity to support an increase in remote workers in response to growing concerns of the coronavirus disease (COVID-19).
Many businesses, educational institutions, and government agencies are sending workers home—leveraging “social distancing” to help stop the spread of the virus. A worthy action, but one that has many companies without provisions for remote access to their corporate network scrambling for a solution. Many other companies are already experiencing strains on the capacity of their existing corporate VPNs.
We fully appreciate the situation. We are a small business with less than 100 employees, about 40% of whom work at our corporate headquarters here in Austin. We cannot afford an outbreak. So we took immediate measures to have all possible staff work from home starting last Wednesday. Fortunately, most of our employees were already provisioned with VPN access, but we needed assurance that our VPN server / internet connection could support a higher number of sustained connections. Additionally, site-to-site VPN connections were deployed via Netgate appliances (with pfSense® or TNSR® software) to employees that normally relied upon occasional VPN access using client-side connections. This improves throughput to the corporate network - and makes use of internet breakout to cloud services - reducing unnecessary strain on the corporate network.
To help businesses in a similar situation, needing to quickly scale their VPN capacity cost-effectively (or free depending on what you have on-hand) we have organized some resources to show you how to build, configure, and optimize VPN connectivity for remote workers:
-
To deploy a VPN server to support your remote workers, you can download pfSense software for free and build your own. Read about general hardware sizing here and for VPN uses cases here.
-
Learn how to configure VPN access with pfSense software with these detailed videos Part 1 and Part 2.
-
Read our pfSense document to learn how to configure remote access connections using IPsec, the preferred VPN protocol at Netgate, it is the industry-standard VPN protocol for secure Internet communications—and in most cases, it is faster than OpenVPN. Further, you won’t have to install software on most of your clients as it is supported natively on Windows 7+, macOS 10.11+ and most mobile operating systems.
-
If you or your organization can’t support IPsec, you can follow these instructions for configuring OpenVPN remote access connectivity.
These resources can get you positioned to support remote workers connecting to your office securely using clients on computers and mobile devices. If you have more than one office, or employees that require continuous, high-throughput connectivity we recommend site-to-site VPN connections, IPSec specifically, using a dedicated gateway appliance at each of the connecting sites. You can learn how to set up site-to-site VPN connections with pfSense software with this video.
If you have questions or need help, the pfSense software forum is a great resource where community experts share tips and tricks and help answer questions.
COVID-19 presents a serious situation. No one yet knows how pervasive it will be, or how long it will last. But, if your company needs guidance on how best to prepare your IT infrastructure for immediately scalable work at home needs, contact us here, we’re happy to help any way we can.