VPN for small company to access office network remotely

I’m looking for a VPN solution we can have on our office networks so our engineers can access it remotely. We have both software and mechanical/electrical engineers - the software folks have set up a VPN that seems to work fine for them(on Mac), but continues to create issues for the engineers using Windows.

The first VPN solution they had seemed to have an issue with stale connections for Windows users that would cause us to sometimes be unable to log in until the service was restarted. We were spending a lot of time at a remote factory where their network would only allow a single connection to that VPN at a time, so one of the software guys set up Wireguard for us. That fixed it, but now Wireguard will often die for 5-10 minutes at a time for people, which can be a big detriment to productivity as our CAD license server and PDM server are on this network and it can make our CAD program hang or crash when this happens.

Outside of work I would try and fix this or figure it out as from what I read, we should be able to set up a system with free software that can handle our needs, but since this is a work thing, we’re hopefully looking to find a system/server/client that we can just buy that we know will work.

At my old job we used BigIP from F5 which I never had issues with. This was a larger company with hundreds of engineers, where here we’ll have maybe 10-15 people using the VPN at max. I believe those types of services are rather expensive and might be more than what we need, but I’d be open to it if it fits the bill.

Rough requirements/usage would be as follows:

• 10-15 Windows users on the VPN
• As mentioned, we use this as our CAD license and PDM server, so at certain times, multiple people may be uploaded/downloading file(s) in the hundreds of MB range
• Something that wouldn’t require all traffic into/out of the office network to go through it, since the software people seem to be happy with their setup.

Is there some sort of physical VPN server that can be purchased off the shelf, so we could set up our own VPN network without interfering with the current configuration? By that I mean, we can certainly configure our router etc, but we don’t want a situation where everyone needs to be using it, so software can continue using their own VPN.

Again, generally I would like to figure this out myself as it seems it might not require a commercial solution, but given that our company has more money than time, it’s preferable in this situation.

​

Any help is appreciated. Thanks!

Firewall utm appliance for both networks, set up a point to point ipsec vpn tunnel between them. Set to auto reconnect and it will be up as long as the internet is up on both ends.

The issue I see here is going to be with the support and maintenance of your VPN solution.

Your best bet would likely be to contract this out to a 3rd party and let them manage the solution, VS building it in-house and risking compromise due to misconfiguration, poorly applied updates, etc.

I’ll name Zerotier. I’ve only used it for personal projects, wouldn’t know how their enterprise grade holds up in that market space.

I just use Tailscale free tier for personal use, but the business tiers look well suited for your use.

Um enterprise and ubiquiti don’t normally go together…

Thanks for the response, and that’s a good point. Would you happen to have any companies you could recommend that provide these services?

I’m a former infosec guy and I’ve known tons of people who did these types of jobs for their consulting agency they worked for.

I’d just google up IT consulting agencies and go from there. You’ll likely find dozens of companies that do these types of things. There are billion dollar companies offering these types of consultants as well as tiny companies offering these types of consultants.

So find whatever suites your budget/risk, get a consultation, explain your needs, and go from there.