VPN using nethserver

Hi guys, how’s it going?

A doubt.
Today here at the company where I work, we use nethserver as DHCP, DNS and Samba AD.
We have a project to have a branch in a small office with a maximum of 40 people.
The question is: Can I use a nethserver at the branch and close a VPN? Any tips on where I might be starting to create a VPN using nethserver? (Using Nethserver at HQ and nethserver at branch)
I don’t have much knowledge in this area and I would like to know if anyone has any kind of tutorial that I may be testing this option.

Site to site VPN with your branch being the main server. You can either do an OpenVPN or IPsec net2net vpn choice really dependent on what you want to do.

https://docs.nethserver.org/en/v7/vpn.html

1 Like

Hi

Welcome to the NethServer community!

Are you already using your NethServer at the head office as your Internet Router / Firewall?

On both sides a NethServer would work, AD needs special handling, but doable!

My 2 Cents
Andy

1 Like

Thank you!

No, we use another server for this, another company. But it seems that their VPN is not good, so I want to test the VPN using the nethserver.

Hi

I wouldn’t change a running NethServer with AD - you might run into a bit more routing / firewall headaches…

Try out using two opnsense firewalls - your test can be virtual firewalls! They don’t mess with your current, working network or routing.
You can run opnsense on hardware (of your choice), or purchace hardware from them directly or even run it virtually on Proxmox, VMWare ESXi or whatever.
It also includes Provider Failover AND Hardware Failover (Using 2 or more opnsense). These can be hardware, virtual, or any combination.
OPNsense handles IPsec and OpenVPN equally well, but I’d choose an IPsec for site 2 site.

These could replace what you’re using right now.

But the main thing: your networks stay up and running…

Don’t get me mistaken, I love NethServer! But I like having the firewall as a separate box or vm!

My 2 cents
Andy

1 Like

Thanks for your help.
I will research and test these options.

@it.damapel

If you want to look at their Hardware:

https://www.applianceshop.eu/?___store=de

otherwise:

https://opnsense.org/

OPNsense can run on almost any hardware, if it has enough NICs…
You can restore it on almost any hardware too… (Good in an emergency!)

OPNsense ISO boots up in LIVE mode, so you can test stuff. You can also install the LIVE CD.
20-30 GB Disk space in a VM is more than enough…

I’m using opnsense at 20-30 clients i operate. All use NethServer (AD, NextCloud, Mail & File), running as VM in Proxmox.
NethServer also runs Zabbix monitoring.

My 2 cents
Andy

You can also add a NethServer acting firewall on your “current side” and create from scratch a new Server+Gateway install for branch office.
In any case, do the homework for subnetting, routing and firewall before deploy anything.