Working from Home with DrayTek VPN Solutions
With the current effort to slow the spread of the COVID-19 coronavirus, many businesses are looking at how they can operate by having employees work from home. Accessing company resources such as file servers and cloud servers, even PBX phone systems, is all possible over the Internet using a secure VPN (Virtual Private Network) but how is it done?
We will explain this below by first looking at VPN topology, then the types of VPNs available and the level of security and other advantages or disadvantages they offer. Then we’ll look at how to choose the most suitable router for the task.
VPN Topology for Working from Home
There are two basic VPN topologies to connect to an office network – LAN to LAN VPNs and Remote Dial-in VPNs.
A LAN to LAN VPN is used to connect multiple computers or devices to the main network. For example connecting a branch office to the head office, or connecting a single employee with multiple devices such as a laptop, tablet and IP Phone to the main office simultaneously. LAN to LAN VPNs require the use of routers at both ends which support LAN to LAN VPNs.
A Remote Dial-in VPN is used to connect a single device to another network. The connection from the remote device will be made using a software VPN client such as DrayTek’s free Smart VPN client. The receiving or server end will require a VPN server or a router which supports dial-in VPNs.
Types of VPNs
PPTP, IPSec, L2TP and SSL are all types of VPNs but which is the best to use and when?
PPTP is one of the simplest types of VPNs, requiring just a username and password to authenticate. It is quick and easy and can even be used to connect to a server with a dynamic public IP address.
L2TP offers a higher level of security than PPTP by adding an IPSec policy pre-shared key to authenticate.
IPSec offers the highest level of VPN security and is generally the way to go for business networks. It uses a pre-shared key with varying levels of encryption to authenticate. It generally requires a static (fixed) IP address at the server end but this can be worked around using DrayTek’s “Aggressive Mode” IPSec VPN which uses Peer ID to authenticate the connection.
SSL VPNs use the same HTTPS protocol used by secure websites. This means that they can usually connect to a server on the other side of a router without requiring any special configuration on the router to allow it. As long as the router allows HTTPS, an SSL VPN will work. DrayTek’s free Smart VPN Client has an option to use SSL and is supported on most operating systems.
The following table shows VPN compatibility and suggested VPN types to use with different operating systems on both Linux and DrayOS DrayTek routers.
Suggested Built-in VPN Type
For Windows clients, download Smart VPN Client to use SSL VPN.
For Android/mac OS/iOS, built-in VPN type is natively supported by the OS and no Smart VPN Client required.
Which DrayTek router?
Two main factors decide which router will best suit your needs – What type of Internet connection you have and how many simultaneous VPNs you require.
DrayTek VPN Matcher
VigorACS 2 – Advanced Remote Management System for Network Administrators
Some ISPs only assign private IP addresses which are not suitable for VPNs. This is fairly common for example amongst LTE/4G providers. This makes it difficult to establish LAN to LAN VPN tunnels between two routers that are connected to LTE/4G networks. DrayTek’s VPN matcher is a solution developed by DrayTek which works around this problem by providing an authentication server known as the DrayTek VPN Matcher Server. This feature is currently available on the higher end routers such as the Vigor2862, Vigor2926 and Vigor3910 running the latest firmware. For more information click here.