I’m currenly working in a site-to-site VPN to connect 2 office branches, and also allow some people to work from home. I’m testing openVPN and Wireguard to see which one works better, but my concern is if a VPN is actually the best way to connect remote sites.
I heard from someone that nowadays they are outdated and no one uses VPN, instead companies use things like anydesk, wave or RoMon if there is a mikrotik router. Are really VPN that useless?
I heard from someone that nowadays they are outdated and no one uses VPN, instead companies use things like anydesk, wave or RoMon if there is a mikrotik router. Are really VPN that useless?
Someone is an idiot. A S2S VPN is just another tool in your toolbox, one that solves a lot of problems very simply. They are alive and well.
In the enterprise world IPsec tunnels everywhere. SSL/user access VPNs for employees and contractors.
Anyone telling you otherwise is inexperienced or does not work with any type of networks at scale.
Somebody who says “VPNs are outdated” sounds like somebody who drank some SDWAN marketing koolaid and doesn’t realize that SDWAN isn’t magic, it’s just managing the underlying VPN tunnels on your behalf.
Salespeople will tell you a VPN is useless now, but then want to sell you some other sort of tunneling/proxying solution that is essentially a more complicated VPN that requires an incredible amount of overhead to maintain.
In reality, VPNs are everywhere. Especially connecting 2 sites to each other. There are other “options” (see above) for connecting users to different things now but traditional VPN is simple and very much still in use, especially for site-to-site.
Sure, there are a plethora of options when it comes to connecting site to site but to say IPsec/VPNs are outdated is just stupid. IPsec is proven easy to use protocol that is still heavily used everywhere.
OpenVPN is slow, wiregaurd will be a lot faster
They are far from dead. Depending on the equipment you got setup is fairly easy for s2s vpn. For the clients, it depends on the application. Doing transactions do a SQL database over VPN for exemple can be slow and be a pain. In that case you can setup a RDS server only accessible via VPN for added security and users will work remotely on a secure device that talks locally to the database instead sending all data through the VPN.
S2S VPNs are the backbone of any large corporate network infrastructure, and don’t let anyone else tell you otherwise. New tools are popping up here or there to make the process easier/more abstract (e.g. SD-WAN/Overlay networks etc.) but most, if not all, of these are just S2S VPNs with special sauce.
As for what you’re doing - IPsec if your firewall/router has hardware offloading, WireGuard if it doesn’t (and if you’re cool ;])
OpenVPN is okay as a S2S, but the performance overhead and hub-spoke design really isn’t the best in my opinion. Works great as a remote access VPN though!
Private frame relay. Better get your orders in quick though.
Meraki IPsec & VeloCloud
I use netbird (wireguard) and RDP. I love it personally. Netbird is my favorite for wireguard management, but there’s many other good projects like netmaker, zerotier, tailscale, etc.
S2S Vpns are still useful. But if your company is all/mostly SASS they may be unnecessary.
I use HA Fortigates with 2 carrier divers circuits.
1 is MPLS (L2 PTP), 1 is internet (IPSEC).
Using BGP for routing. SDWAN (really just easy visual SLAs).
The redundancy works amazing. NGFW features allow to offload directly to the internet at the branch (where it makes sense).
Ya this is one of the dumber things I’ve seen on here in a while. VPNs are used all the time and will always be used. Whoever told this guy that they are outdated is dumb and I would not take any more advice from them.
Yea I agree definitely sounds like whoever made that statement hasn’t worked in larger environment.
Any desk is ok for the local IT person to support a mom/pop shop
Also SD-WAN! Basically let’s build “smart” VPN’s over cheap underlays. Most companies that deploy that, primarily use VPN’s. Some use cases that justify express route or MPLS, but most stuff can be tackled without these days.
I’d love to hear what that guy thinks you should do when two devices need to communicate directly across sites.