Scale Your Business To New Locations Securely With A Site-to-Site VPN

Managing A Site-To-Site VPN

You started out with just one, tiny location for your business. Maybe it was a storefront with enviable foot traffic; maybe it was your parent’s garage. Wherever you launched your humble beginnings, you’re growing now — you need to expand, and your network needs to expand with you. It’s time for a site-to-site VPN.

Now, you’re not quite ready for some five-story office building — nor do you even need that to accomplish your goals. You just need a small site in a different location. Maybe it’s just a minor office for a few new employees in the town over. Or perhaps it’s a kiosk in the mall to sell your wares without paying for the overhead of a brick-and-mortar. Or maybe you want to develop a traveling pop up shop!

Whatever it may be, this new location could provide all kinds of benefits to your company or your team — but you just don’t have the resources to build another HQ.

You’re worried, because a site-to-site VPN feels like too much work — but trust us, this is not the time to cut corners. Don’t make the mistake of spreading your security thin. All too often, businesses experience growth spurts that leave cybersecurity behind; they feel like it’s all just happening too fast, so how could they possibly keep up with security needs? They’ve never had a breach before, after all. It’ll probably never happen to you, right?

Wrong.

The more your business grows, the more vulnerabilities you have — and at this growing stage, one breach could bring all your hard work toppling down in a matter of minutes.

But here’s the good news: it’s actually not that hard to keep up with your security needs. With Access Server, managing a site-to-site VPN is simple, accessible, and one of the most secure solutions on the market.

How A Site-To-Site VPN Works

With OpenVPN Access Server, a site-to-site VPN is as simple as connecting your router. You first set up Access Server at your headquarters, then each additional location is set up with a router that has a user connection profile. Make sure to use a router running DD-WRT firmware, which you can find here if yours doesn’t already (or any router compatible with the OpenVPN client). Once you configure the Access Server settings accordingly and set up the user connection profile on your router, you’re connected to your HQ private network.

Then, when users connect to the network at these locations, they’re automatically connected to all the resources that HQ provides. The network setup is easy to establish, whether the new site is a home office space or a traveling pop-up shop: all you have to do is power on the router with internet connection.

This means that HQ security controls can be enforced site-to-site, and the resources of the HQ network is accessible at all locations!

Let’s take a closer look at this strategy in action.

Site-To-Site VPN Configuration Example: Maximizing Your Network

A nation-wide company that provides tax preparation offers their services online — and through pop-up stores. These stores are setup in malls, large shopping centers, and other locations with a high volume of foot traffic, usually during tax preparation season. The pop-up stores generally accommodate 1-4 staff members, and they all need to be able to serve their consumers.

Their needs:

• The computers in the pop-up stores are managed by IT, and their software clients and device management always need to be secure and up to date.
• The tax preparation software they use needs to be able to access the HQ data network.
• All data needs to be monitored by HQ for security.

Basically, these locations need to feel like they’re right there at HQ — both for their customers’ convenience and their company’s security.

On top of all that? They need to be able to set up their network fast — they can’t have a traveling support IT guy with them at all times. It needs to work seamlessly.

Our Solution: Access Server Site-To-Site VPN

We created a hub-and-spoke site-to-site network, with HQ as the central hub to which all their stores connect. We started, of course, by installing Access Server at the HQ, configured with our high-availability clustering function, which helps share the load and makes sure network resources are truly available 24/7.

Then, we created a user profile for each store — complete with auto-login, which means the user was authenticated by certificates. No need to log on every time! Then, these user connection profiles were installed on the router in each store.

Now, setting up their network is as easy as powering on their router. They’re connected to HQ, with all the resources and security that entails.

How to Set It Up

Once you deploy Access Server, establishing a site-to-site VPN simply requires connecting the routers at each new location. Just like you might connect a device to Access Server with our Connect Client, when you use a router with the OpenVPN client bundled in, all the devices connected to Wifi via your router can directly access the private network behind the Access Server.

To find the right router, we recommend DD-WRT. Find the one that’s right for you from their database here. Once you’ve got that router set up, and established Access Server at your headquarters, it’s time to connect the two.

Here’s how to connect your DD-WRT router to Access Server:

1. Create a user under “User Permissions” on the Admin UI of the Access Server
2. After creating the user, click the “More Settings” button next the the user and under “VPN Gateway” select “Yes.”
3. Enter the subnet of the network you want to expose to the Access Server in the “Allow client to act as a VPN gateway for these client-side subnets”
4. Download the autologin profile for your DD-WRT router from Access Server.
5. Go to your router Control Panel, visit the Services tab, then click the VPN tab.
6. Under the section “Start OpenVPN Client,” click the “Enable” radio box.
7. Open the profile in a text editor that understands the Unix EOF convention (this means text editors such as notepad will not work). In this case, use text editors such as Notepad++, Wordpad, or Microsoft Word.
8. Copy and paste the hostname, port, protocol, key, and certificates from the profile into the appropriate text entry boxes.

For more in-depth resources on this process, click here.

This setup means you don't need the Connect client on the computers and devices connected to the router — it simply routes the traffic from its local network through the OpenVPN tunnel to Access Server. It’s like you’re logging on directly from HQ, complete with full access to the private network.

With this VPN connection, your data is secure and your team has the resources they need.

That’s the benefit of a Virtual Private Network.

Deploying Access Server

First thing’s first: If you’re looking to establish a site-to-site VPN, you need to deploy Access Server. Haven’t set it up yet? Here’s a few resources to get started:

• Deploy it yourself, using our Quick Start Guide.
• Deploy a ready-to-launch instance on Amazon Web Services directly from our portal. Signup to launch from the Access Server Portal.
• Deploy a ready-to-launch instance on Microsoft Azure
• Deploy a ready-to-launch instance on Google Cloud
• Deploy a ready-to-launch instance on Digital Ocean
• Deploy a ready-to-launch instance on Oracle
• Explore some of our more detailed self-deployment options.

Once you have Access Server, you can always connect another location for a site-to-site VPN. Then, no matter where your business takes you, you’ll always have the support and security you need.