Hey everyone, I'm seeking some advice on setting up a VPN for a small business where I'm currently working. I don't have much experience with VPNs, and I was looking into Tailscale since it seems user-friendly for employees. However, I'm a bit concerned about whether it's sufficient for securing our employees' remote connections. Would switching to a headscale offer better security in the long run? Also, just to clarify, we don't have any existing VPN setup for our remote login users. What would be a suitable solution that provides strong security while being easy for our team to use?
6 Answers
If you have a corporate firewall like Barracuda, SonicWall or Fortinet, check if it has a built-in VPN feature. Usually, you just need to install a client on the user's PC and they're good to go with a simple username and password.
While Tailscale can work, it might not be robust enough for a business environment. I recommend consulting with a Managed Service Provider (MSP) and looking into solutions like FortiVPN or SonicWall NetExtender that directly integrate with your firewall. Just make sure you're using a proper business-grade firewall instead of a standard router.
What exactly are you trying to solve with the VPN? It’s important to clarify the issues first instead of jumping to solutions like getting a new computer.
Do you have Multi-Factor Authentication (MFA) set up, maybe using something like DUO? I connect through VPN for RDP sessions, and I've seen MFA significantly ramp up security. RD Gateway encrypts traffic, but I prefer using a VPN combined with MFA for peace of mind.
Tailscale does encrypt connections by default and is straightforward for users to stay connected. It could be a viable option as long as it meets your business needs.
There are specific solutions tailored for RDP that might work better than just a generic VPN. It's important to consider the specific devices you're accessing and what type of authentication you already have before deciding on a solution. If you’re using something basic like MS365 Business Standard for authentication, you might want to look into robust options that fit your current setup.
We really need to implement MFA. I've heard people are using WireGuard, and that’s what I’m considering to support easy 2FA. A small team uses RDP mostly for QuickBooks access, so I need something that balances ease and security.