Router with openvpn for small business

Hi All,

Small business I help want advice on a openvpn router. They are currently running DD-WRT on an elderly netgear (I think it's about 10 years old), and want to upgrade (but at a price obviously)...

I've used netgear R7000 in a couple of places with its openVPN and they seem to run ok, but wondering if there is something out there a bit more on the enterprise side like maybe the fortigate (and forticlient vpn)?

TIA

Well there's plenty that's enterprise depending on budget and requirements.

Do they have to meet any sort of compliance?

Ubiquiti Edgerouters have OpenVPN support, although it is slightly fiddly to set up.

They have unifi APs dotted about so wifi not needed. That pfsense is interesting I haven't looked at them for probably a decade. Did a quick search and these two came up, and I think $1.1M might be out their range for a firewall!

I think the security of their network should be worth a few quid......I'd not be chucking a hobby solution at this.

But I also have a better option; leverage an RDP jumphost in the network, install Tailgate on it as well as on the devices that need to look at the CCTV and dump the need for weak security at the perimeter. If the video files are on a share, you could even Tailscale that host and access the share over the Tailscale tunnel.

No port forwarding or stty security required.

Actually no; having said that, if the best they could do and maintain was PPTP on DD-WRT, it might not be for them.

Hobbyist is PPTP on an aged DD-WRT firmware which I am sure has some massive flaws for an edge device. They need to care more because their network has value to an attacker; also CCTV access has personal data implications.

Tailscale might be an alternative that is far more suited to their needs and skill levels. pfsense too, but it's not simple given what we might assume about them....

Do you need OpenVPN specifically?

TP-Link VPN routers have the VPN built-in, no need for annual fees to OpenVPN or other "providers". You need a fixed IP (or a stable dynamic IP as a high risk compromise)

it's free for up to 20 devices.

We can also start the discussion as to what security value you get for free and if a set-and-forget solution for security is fit for purpose. We both know the answer to that one.....

A few thoughts,

An entry level Fortigate firewall would do, using their free VPN client, but it's fairly basic. I wouldn't get into licensing with their full endpoint suite.

Juniper SRX might be a good entry level enterprise router, which can do IPSec VPN.

If budget is important, Draytek would work.


They don't have to run the vpn service on the router. It could be on a separate server if they have already one. Install OpenVPN server, forward ports to that. Then your choice of router is free of the vpn requirement. OpenVPN is very good at this setup, as you only need to forward one port.