What device do I need to connect via VPN to my static IP address?

newstuart

Hi Guys

I run a business from home that connects to a remote software service (a CRM system) via my static IP address which is logged with the software provider who will only allow access via this IP address.

I need to be able to access the software away from my office while on holiday soon and have been advised by the software provider that I need to arrange for "some hardware installing at home to allow you to connect to it via a VPN connection and therefore use your static IP address to access our servers".

They have suggested Cisco sell such products but have not given me any further informaiton. Can anyone point me in the directon of what I am looking for?

mickevh

Cisco sell networking products that can do pretty much anything, so don't assume that any box called "Cisco" will do want you want. It (usually) isn't cheap either.

A few questions that might seem a bit left field, but may help us get to a suitable solution cheaply, possibly free:

1) Who is your ISP?
2) What model router do you currently have?
3) Is you IP address truely "static" or have you used a Dynamic DNS service?
4) Have you got any kind of server or NAS at home that is "always on?"

For the benefit of other readers, my reason for Q4 is that if the answer is "yes" there may be scope to run a software VPN Server with a few port forwards on the router and do the job for nowt if the OP has a suitable box to host a VPN server.

For the OP - VPN usually has a "client" part and a "server" part which form a link between them and the data through that link is (usually, but not necessarily) encrypted. Conceptually we envision this as a "tunnel" whereby we insert traffic into the tunnel mouth at one end and it emerges out of the tunnel mouth at the other as if all the intervening networks between the two tunnel mouths did not exist. (They are usually bi-directional as most data networking is bi-directional.)

In the current popular zietgiest, when (lay) people talk about "VPN" they usually mean using a service whereby you evade things like geo-locking by installing a VPN "client" at "our" end and connecting to a VPN "service" (and service provider) the "other" end so that our traffic enters/egresses the Internet at a different physical location to our actual one. This is different to what you are trying to achieve, so be cautious about conversations "down the pub" where someone say "ah what you need is..." and advocate a VPN service provider.

What you are proposing is essentially doing that "the other way around." We used to do it in businesses all the time before better solutions arrived. So it's eminently doable, and dependng on your answers to the questions above (particuarly Q4) we might be able to get you there without the need for any additional kit and at no cost.

Bear in mind that all your traffic that is sent/received by such as mechanism will have to travel to your home and back out again (and vice versa) so if your broadband rates are not stellar, it may have some impacts on performance. How big a deal that is for you is something of a value judgement.

newstuart

Hi, Firstly thanks for your extremely detailed response. In answer to your questions

1) Who is your ISP? XLN Business solutions
2) What model router do you currently have? I am not there at the moment but can confirm this later (it is the standard offering by XLN fibre and has there branding on it if that helps)
3) Is you IP address truely "static" or have you used a Dynamic DNS service? It’s a business broadband line with a dedicated IP address
4) Have you got any kind of server or NAS at home that is "always on?" Yes, again I can confirm the model number later but its an 8 bay Synogy NAS (DS815 rings a bell but can confirm later)

The speed should be adequate, its a fibre supper fast connection and will only be uploading / downloading the odd word document from it

Thanks again

Abacus

Synology has everything that is needed built in or via their app store, the easiest way is just use quick connect. (There are plenty of articles on the Synology website to help you out)

Bill

mickevh

Great - sounds like you have everything you need to get going for nothing. I will have to defer to others as to the details of how to implement this on your particular NAS (and router if any port forwards are required) as I don't know your platforms, but if you get stuck come back - it's very likely someone here will be able to help you out.

EDIT (and "note to self") you may need a few funky static routes set up to get the requisite traffic to travel through your VPN instead of out to the public Internet from your holiday locale - but again it's doable. Don't worry what that means right now, just tuck that bit of knowledge away until you've set up your VPN server and got it working for accessing stuff in your home, then if you find accessing the CMS doesn't work - we can revisit the topic if needbe.

EDIT EDIT - there's a few flavours of VPN technology with names like PPTP, L2TP and IPSec. If offered a choice, I prefer IPSec as it tends to be a bit easier to set up and gets through heterogeneous networks like the public Internet, firewall and NAT with less drama.

newstuart

Fantastic, thank you both so much, I am away from home tonight but his has now become my weekend project. Once again thanks

Bl4ckGryph0n

Out of interest, who is that CRM software as a service provide? I’m intrigued as to why it would only be allowed to be used from one location. Absolutely bizarre in 2019.

The Dude

All built-in Windows VPN clients from XP onwards use the remote (home) router as the default gateway unless you manually disbale that feature, so there's no worries about routing etc.

The Synology VPNserver is dead easy to setup and can usually manage the router port forwarding side of things for you too, if you do need to set it up manually its only one port forwarding rule to setup on your router, depending on which flavour VPNserver you use.