I suggested wireguard, or windows server built in VPN. However he wants to pay for reliability and security. What options do I have? UK based.
Neither of us are IT professionals, and generally learn on the job. I have set up a wireguard VPN for my own homelab but my experience is somewhat limited.
What are you using for a firewall? To streamline support contracts you may want a supported product from them, or one that you know works well with your IAM solution.
What make/model firewall do you use on your internet circuit?
Does it have VPN capability, or can you add a license for Remote Access VPN to it?
as others have said use Tailscale, if you’re not very technical its super easy to get going.
Twingate or tailscale
Implementing a VPN is something you don’t want to learn on the job. Not because it’s difficult but because screwing up a setting will make your data and potentially entire environment vulnerable.
Hire this out.
OpenVPN + MFA is a good solution, and it’s free to setup on *nix box
this is the time to pay an external IT consulting firm.
Windows Server VPN is an enterprise solution. For a small business it is always my second choice, the first would be the firewall appliance at your network.
A Linux server running OpenVPN? It’s been awhile, but I set that up for a lab environment once upon a time. It worked well.
tailscale and be done with it.
What?! A UK based company wants to pay for something instead of free options?
Do you have a firewall? If so, you should be able to set up a vpn to connect in to the firewall.
Remote access to what, for what?
Not a good idea for non IT folks to stumble through this kind of thing. I’d consult an msp to get it stood up for you, and also to advise you on what solutions will actually work for whatever your actual needs are.
Wireguard with 2 factor is a secure way to do it. Limit the firewall rules first with the Wan address and test it! You can limit the connection to 1 test server with 1 open port. If you don’t know where I am talking about. Don’t do it yourself!
Remote access is a very wide concept. What are you trying to achieve and from what endpoints?
I did not see this question in the thread yet. But why VPN? because of some file server? what resources do you need? maybe some cloud solution will fit your use case better?
You have Meraki. Use Any Connect
Use what you have. Your router/firewall can probably do client VPN. You mentioned meraki so use that.
If you want easy. Tailscale is great.
If you want enterprise. Windows server is a headache sometimes.
If you have never set this up before. Hire it out, security not worth compromising