There a various options to implement VPNs and each has its own problem
--
a) The option everyone else here tries to tell you about is a Client-to-Site VPN. Its downsite is that you'll need to connect each client separately and the VPN isn't entirely 'transparent' (the client and programs can and do know that they're not directly connected to the internet)
your performance will suffer unless your VPN server has enough upstream to offset the combined downstream of all connecting clients. You can offset this by manually routing all internet traffic along the normal gateway and just use the VPN for inhouse connections.
b) a true Site-To-Site VPN is possible with enterprise routers. You'll probably have to define static route across all routers as routing protocols will probably add more maintenance than they'll prevent. Each has to be manually added on all routers but remote management is generally possible at that price point. Expect at least $300 for the very cheapest router, and you'll probably want to spent at least $500 per device.
The VPN is entirely transparent and at that price point, you'll be able to configure the routers remotely. Management won't be as big as a problem as you'd expect, as these devices are very stable.
i.e.
house a 192.168.111.0/24
house b 192.168.112.0/24
house c 192.168.113.0/24
What you were probably hoping for was to get a cheapish router, flash DD-WRT or similar and just use that? if so, i don't believe thats viable. they just don't have the CPUs power to handle this amount of package inspection (its probably using IPSEC, so each IP Package should be flagged and needs to be validated separately)
--
c) ISPs can provide you with a network across sites. Expect to pay thousands though. really good performance however
--
d) client-client VPNs. Zero Tier is one of these. Each client needs to install a software and all communications are directly addressed.
You don't need a central server anymore (still have one for initial authentication however). You'll however have to force people to
1. install the software,
2. start the software,
3. update the software. You probably don't want to do that with family members though. Its very ... annoying
performance is pretty great and you can actually buy appliances which give you the same Site-To-Site capabilities. Beautiful technology which is just as expensive as the enterprise routers. No idea about managing them however. Never had one of these appliances myself
Thank you for the very thorough reply, especially the terminology. Yes, I think what I want is site-to-site vpn hardware to have lan parties with my family on consoles that don't do well with the internet (I'm looking at you nintendo switch).
> It looks like they have a crowdfunding campaign to launch a site-site vpn device
that is what i meant with the appliance.
I can't speak from experience, but what i've read yesterday makes the previously linked comment the most interesting [0]
the edge router costs ~$100 and has enterprise hardware. The only missing feature is the management frontend, which isn't stricly necessary. And the referenced vyatta-wireguard [1] has a code excerpt which looks like a site-to-site vpn
There a various options to implement VPNs and each has its own problem
--
a) The option everyone else here tries to tell you about is a Client-to-Site VPN. Its downsite is that you'll need to connect each client separately and the VPN isn't entirely 'transparent' (the client and programs can and do know that they're not directly connected to the internet)
your performance will suffer unless your VPN server has enough upstream to offset the combined downstream of all connecting clients. You can offset this by manually routing all internet traffic along the normal gateway and just use the VPN for inhouse connections.
--b) a true Site-To-Site VPN is possible with enterprise routers. You'll probably have to define static route across all routers as routing protocols will probably add more maintenance than they'll prevent. Each has to be manually added on all routers but remote management is generally possible at that price point. Expect at least $300 for the very cheapest router, and you'll probably want to spent at least $500 per device.
The VPN is entirely transparent and at that price point, you'll be able to configure the routers remotely. Management won't be as big as a problem as you'd expect, as these devices are very stable.
What you were probably hoping for was to get a cheapish router, flash DD-WRT or similar and just use that? if so, i don't believe thats viable. they just don't have the CPUs power to handle this amount of package inspection (its probably using IPSEC, so each IP Package should be flagged and needs to be validated separately)--
c) ISPs can provide you with a network across sites. Expect to pay thousands though. really good performance however
--
d) client-client VPNs. Zero Tier is one of these. Each client needs to install a software and all communications are directly addressed.
You don't need a central server anymore (still have one for initial authentication however). You'll however have to force people to
1. install the software,
2. start the software,
3. update the software. You probably don't want to do that with family members though. Its very ... annoying
performance is pretty great and you can actually buy appliances which give you the same Site-To-Site capabilities. Beautiful technology which is just as expensive as the enterprise routers. No idea about managing them however. Never had one of these appliances myself
/edit it might be possible with the edge router? i don't have any experience with that, but it does look like it. https://news.ycombinator.com/item?id=17660518