We have a medical client that is in need of individual VPNs to some of their clients servers just to pull some data from some databases. Most of the time we can achieve this through SFTP sites But occasionally that is not an option Due to that sub-clients software vendor.
Is there an easy way to do a site to site VPN via software? Sometimes we are dealing with very non-technical people so editing their router for site to site VPN is extremely difficult because they are technically not our client.
We are transferring very little data every 15 minutes and only need access to one little service basically. Tying the two networks together seems silly when all I need is data from that one server and I don’t want to talk to anything else on the net work.
For site to site - WireGaurd and it’s spin-offs is much better performance than OpenVPN
If you are looking to combine also User Auth - consider Ananda - it’s endpoint to endpoint vpn so it works no matter where the user / device you are connected to is located
Let me get this square - You (MSP) - Client (needs data) - Medical office (has data)
You’ll need to chat with the Medical Office’s IT folks & understand what their policy & procedures allow. They may block certain protocols & be against some of the many different ways to do this. HIPAA comes into play, so there’s a lot to think about.
I would probably split it into 2 parts, data export agent & file transfer method. A VPN would be in support of live database calls, which I don’t think is needed in this case. Running a data export agent that works locally & drops a file into a Egnyte/?? style folder that does the transit in the background to your clients server for processing. Then there is no VPN needed.
I’ve done the VPN stuff for EDI’s and clients - but that was when the hosting enterprise had dedicated security & network teams.
OpenVPN ought to do the trick. On one side you have to either have it running on the firewall or have a port forwarded to a server The other side just needs client software installed. You shouldn’t need any special firewall rules there.
Netmaker can do this if you have boxes on each end running Linux. It’s based off of WireGuard, free, and you can host it yourself.
Softether. Works great and easy to get set up quickly.
I’d go with zerotier. All you do is install client on everything that needs to talk. Approve endpoints in management console. Then your done.
As you said they’re technically not your client so maybe you shouldn’t install any software on their server. This may not be your case but just food for thought.
If I was in such situation I’d go with either Mikrotik OpenVPN (or EoIP if you require L2 access) that is calling out to your “main” site or RaspberryPi with Wireguard. Either way you plug this little device into the network and it serves you as an entry point.
Just my 2 cents.
LogMeIn Hamachi works for this, is easy on the eyes and remote users. Throughput is not great, so not recommended for high data volume but might fit your use case.
Softether is free and has loads of capabilities, but isn’t very polished or easy for end users.
IQuila would do exactly this!
Unfortunately we’re dealing with a bunch of different agencies that hold the data we need access to in a variety of different databases. Most of the time we can transfers CSVs with the data we need and it’s all clean. But. Some agencies have database software that can’t provide CSVs and I need to use a API interface. Unfortunately it’s all we can do. Because that connection is required. So he’s site to site VPN in between our servers and theirs are the only way. I just need to find a better solution. A lot of these are very interesting I’m going to pursue them.
+1 For Tailscale.
But Resilo sync was insanely pricey last time I got a quote. If you decided on a file sync solution in place of VPN, then I’d just use Syncthing, or sirens the time to familiarize yourself with Rsync or Rclone.
I like this idea you could do it with zerotier as well.