Trying to help my cousins new Chiro office in Carrollton
Looking for VPN Routers dual WAN if possible.
I’m sure I can get you a couple free adjustments or massage as a thank you
I have some older Fortigate firewalls that will easily do IPSec tunnels. They are a few years old, so you won’t be able to get Fortinet support on them. I would suggest looking at Meraki or Ubiquiti for cheap-ish solutions that you can get support for, given it’s for a business.
How are you planning to handle routing for the dual wan and VPN tunnels?
No Idea on the dual WAN part right now but I do believe it will be a 5G
modem in the future.
No video games are needed.
I’d much appreciate the Fortigate routers when ever you get a chance.
The tunnels both have spectrum business connections and I believe go to the
same central office. So I was going to put one office on 192.168.1.1 & the
other on 192.168.2.1 create an always up bridge with our static IPs
If you want to go the cheap route (pun intended), OpenWRT supports this configuration and could be flashed onto a large number of consumer routers. CPU-wise you are typically limited to ~20Mbit, using AES 256, but if that isn’t a limitation for your implementation, then you could have a supported (in that it is actively developed FOSS) solution with an upgrade path (purchase later and greater consumer hardware or even have spares) that you can just upload your config file to.
I’ve been playing with a multi-multi VPN tunnel setup between myself and a few friends and it’s worked pretty well.
1 Like
I can bring a couple of the firewalls up to the space, who is going to be configuring the central office device for VPN tunnel? Are there 2 or 3 sites that need to communicate? Do you want all sites to talk to each other (mesh) or do you want the remote sites to talk to the central office (point to point)?
I build custom PfSense units; if you have some old mini-PCs that can have a second NIC added to them via PCIe this can be setup very easily. Unlike the Cisco / other route, these will always get updates without a support contract and can almost always update to the next major software release without hardware deprecation.
If you scrounge some machines I can guide you through the setup or, provide a couple beers, can meet you at the makerspace.
Alternatively OpenWRT works well as well; both setups would be using OpenVPN or IPSec regardless. However, with the PfSense route you could setup Multi-WAN easier with a multiport NIC, whereas on many routers you could flash OpenWRT to the switch may or may not be bonded as a switch on the chipset rather than logically, preventing port separation.
The official hardware from Netgate, should you want a prebuilt, is super-nice and well tested. You can also find various third party builds on Amazon. I found some of the best machines to use for small offices are Car Computers (since they’re compact, often fanless, and still general x86)
-Jim
1 Like
I will be deploying to the offices on in Downtown and the other in Carrollton. It is two offices but I do foresee another in the next year or so & would like to set up 3 of them in a mesh network. I tried flashing and configuring these old Netgear WGT634U routers with no luck. I’m up there most of the time right now. Is there a good time for you to meet. I should be up there from 4-10pm today
I have 3 old full size desktops laying around. Unfortunately I don’t think any of them have a 2nd NIC but I will start gathering them. I’m intrigued by this and would like to also run this at home.
A second NIC can be had fairly easily; MIcrocenter has Multi-port NICs for PCIe and amazon does as well; I’d probably order from Amazon as they’d be cheaper. The local supplier “The Server Store” also stocks quad GbE NICs and 10Gb NICs; if you call them you can do a local pickup as well; they’re in Carrollton.
You can run PfSense on just about anything; it’s based off FreeBSD.
1 Like
Word of warning, pfsense is not for the faint of heart. It’s a serious commercial grade networking product, and it doesn’t hand hold very much. If you’re new to networking it may be a little bit of head scratching before you’re up and running.
1 Like
As a corollary, given it’s robustness as a commercial grade product once it’s running it’s very stable.
I’ve deployed a lot of these with small business and groups; once the initial setup is guided through it’s not the worst in the world to learn by any means. It also has extensive documentation online for most commonly encountered configurations.
Like the basic write up for site-to-site using OpenVPN: https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site
IMHO, it’s the easiest commercial ready product to stand up since it has a very useful web interface and verbose error messages until you are comfortable with CLI.
I agree, just that if OP isn’t too familiar with the world of networking, it may be a bit of “fun” to figure out everything 
Heh, I work with enterprise grade firewalls daily, and it’s difficult to understand what’s going on. It’s definitely…different.
I’ll grab up a few Fortigate firewalls, they’ll likely be 60c or 80c. They’ll do fine for VPN traffic up to about 100mbps.
oh yeah, but one’s first foray inter enterprise networking is always like this
I remember the first time I turned on a public ASN BGP router on my PfSense units. That was a fun day.
Or you can run Palo Alto networks and have BGP setup in about 5 minutes 
Kidding aside, whatever tool is used to get the job done, as long as you can support it and the business, will do just fine.
I meant from an anxiety / fear of something going wrong standpoint.
Regardless of what equipment you need, if you get public AS eBGP running in 5 minutes on your first attempt you’re either a literal god or your system is skipping half the strongly recommended configs.
I prefer the term Deity
My dad has 3 stores that will someday be mine, my cousin has two, and then my house. I think Fortigate is the way to go until I learn more PfSense unit. I remember the first time I hooked up a BGP layer 1-7 switch I found on the floor @ Nortel in Emergency Recovery Telecom Wireless & Wireline support. Plugged it in and dropped the subnet for awhile 
Never admitted it till now after the 7 year of limitation have passed.
What times are good for you?
I’m scrounging up 3 computers over the next couple days.
If you taught a class on PFSense, I would attend! I’ve been playing around with dd-wrt and getting really confused. I’ve been thinking of building out a PFSense router for some time now.