Recommendation for a site to site VPN router

We are looking for a recommendation on a pair of VPN routers to replace our out of date Cloudtrax routers between two business sites

Here is what we need:

• Prefer something that’s cloud based that we can access anytime but not a deal breaker

• Don’t want to pay annual fees if we can avoid it

• We have two remote sites where we back up to each other, so it needs to be able to handle constant large file transfers without crashing

• Welcome open source solution. DD-WRT?

• Enterprise grade

• Reasonable cost

Any recommendations?

Thanks!

How many megabits or gigabits of encryption throughput do you require?

Do you need SFP or SFP+ interfaces, or just RJ45?

Do you need remote access VPN capability?

You used DD-WRT and enterprise grade in the same set of desired features. Those are mutually exclusive. Pick one.

Get a fortigate device that will do both VPN site to site but also your NGFW needs. It’s 2023.

Prefer something that’s cloud based

Don’t want to pay annual fees

Pick one.

DD-WRT

Enterprise grade

Pick one.

Reasonable cost.

Means nothing to anyone. Reasonable to you might be outrageous to me. Reasonable to you might be a rounding error to me.

Budget and currency are relevant in an international sub.

No technical requirements, throughput requirements, meaningful feature requirements, or any effort of having identified a solution yourself.

Dancing on the verge of having the thread removed for poor quality.

Take a look at OpenZiti.

Fortigate or juniper. Whichever you can get cheaper.

As others stated fortigate, or get a meraki. I actually like meraki’s better and usually do 5/7 on them. Easiest to deploy and pretty cheap.

Would definitely recommend Fortigate. It is fairly cheap compared to its competitors and very much worth the money (also extremely easy to learn, free training and tons of documentations on the net).

But as other have mentioned, do you, for example, want to run fiber as well or just pure RJ45? If you need fiber, then you need at least a 100F even though a 100F is much more than you ever need for your VPN routers.

If you look for copper only, a 40F or a 60F/61F is perfect for this.

VyOS

https://vyos.io/vyos-router

Routing
BGP (IPv4 and IPv6), OSPF (v2 and v3), RIP and RIPng, policy-based routing.
VPN
IPsec, VTI, VXLAN, L2TPv3, L2TP/IPsec and PPTP servers, tunnel interfaces (GRE, IPIP, SIT), OpenVPN in client, server, or site-to-site modes, WireGuard.
Firewall and NAT
Stateful firewall, zone-based firewall, all types of source and destination NAT (one to one, one to many, many to many).
Network services
DHCP and DHCPv6 server and relay, IPv6 RA, DNS forwarding, TFTP server, web proxy, PPPoE access concentrator, NetFlow/sFlow sensor, QoS.
High availability
VRRP for IPv4 and IPv6, ability to execute custom health checks and transition scripts; ECMP, stateful load balancing.
Fully Open Source
The entire codebase and the build toolchain are available to everyone for auditing, building customized images, and contributing.

Dell EMC
Lanner
Supermicro

Virtualized
Hyper-V
KVM
Nutanix
Oracle VM
Oracle Linux KVM
Proxmox
VMware
XCP-ng

Cloud
AWS
AWS Outposts
Azure
Azure Stack Hub
Google Cloud
OpenStack
Oracle Cloud Infrastructure
Oracle Private Cloud Appliance
Flow Swiss

You might be able to get away with the free version of VNS3. What cloud are you in?

I recommend you Aruba 9004, and you have also Aruba Central with the foundation suscription, very easy to understand, deploy, monitoring and scalate.

PFSense!!! It’s free. Gives you the most flexibility on whatever VPN technology you use, OpenVPN, Wireguard, IPSEC, … Easy to use with a web interface. The software can be virtualized on premise, off premises, in the cloud. The software can be installed on some rinky dinky desktop computer with two interfaces and work wonderfully. If you purchase the official hardware It’s relatively cheap. PFSense is the way to go. Look up “Lawerence Systems” YouTube channel for detailed info. He deploys PFsense routers and software routinely.

I concur…
Costs can range from “free” to $20-30k+…
Definitely need throughput expectations, support, etc.
And want to point out that that “free” really doesn’t exist…
Fast, cheap, and good… You ONLY get to pick 2 options.

I recently help someone with (2) Juniper SRX300’s for site to site ipsec vpn tunnel between two offices. Working nicely. Bought them online used for ~$200 each

They’re excellent little boxes. I recently had to replace one of mine with a 345 for some extra horsepower, but most sites are still using 300’s and they work great

My bad… you’re correct. 80F has 2 SFP ports.

Cloud based = Cloud hardware

Yeah that’s nice that they have scalable options in the SRX300 Series…

SRX300

SRX320

SRX340

SRX345

Don’t forget about the 380!