01 May 2017
Site to Site VPN Options
Note: All information is from 2017 and has not been updated since. Use with caution.
There are a few options, including use of a RPi as an endpoint on each end of the VPN, hardware devices, virtual appliances, and packages running on a traditional server (or virtual server).
Raspberry Pi as VPN Endpoint
- However the RPi can’t also act as a router because it only has a single NIC (not counting wireless), so it would be an additional device and not a gateway/router replacement.
- Designed to be both VPN and firewall (firewall appliance is primary function)
- Needs a device with 2 NICs (WAN + LAN) to be especially useful, e.g. https://www.netgate.com//products/sg-1000.html for $150 each.
- https://pritunl.com/ is an OpenVPN-based package designed for cloud distribution and scalability
- https://techknight.eu/2016/05/15/deploy-pritunl-ubuntu/ deployment guide for Pritunl on Ubuntu
Ubiquiti Unifi Security Gateway (USG)
Hardware product running proprietary software; meant to be used with their “key” and management appliance? Apparently can act as a VPN endpoint but setup looks painful.
EdgeRouter Lite (ERL)
Similar to the USG, although it doesn’t plug into the cloud management system in the same way that the USG does. Looks like it was an earlier iteration of Ubiquiti product, or maybe something they acquired? I don’t really understand how it fits together with their other products, which are very cloud-centric and have centralized management as their main selling point.
It looks like Mikrotik’s proprietary RouterOS will support acting as both a VPN server and client, supporting OpenVPN (TCP VPN) and IPSec (UDP), but their website is down (not a great ad, guys) so it’s hard to say. Devices have CLI configuration and also a “WinBox” GUI of some sort. The devices themselves are very cheap: - MikroTik Routerboard ($40): https://www.amazon.com/Mikrotik-RB951UI-2ND-RouterBoard-RB951Ui-2nD-hAP/dp/B0144ESOSM/ - Runs Mikrotik’s proprietary RouterOS, not pfSense. Apparently nice routers and include VPN client features but do not act as VPN server. Has POE but it’s garbage “passive” version and it requires power input on the WAN side. - Or RouterBoard with 256MB RAM but no wireless: https://smile.amazon.com/Mikrotik-RB750Gr3-5-port-Ethernet-Gigabit/dp/B01MSUMVUB/ - Significantly higher specs but would need a separate AP. Also it only runs off PoE on the WAN input side, which is stupid.