We have 2 PCs behind routers in geographically separated networks. What is the best practice to connect those two PCs together as if they were connected locally in a LAN. Is VPN the answer and how do I setup a VPN network connection? Do I need a VPN server or something? Thank you for such wonderful site.
A VPN connection is only necessary if the two hosts are communicating across an unsecured, public network and the information they are sharing should be protected. If you have no need to protect the information flow or the network(s) in between them are under your control, there is probably no need for VPN.
If you do need some sort of VPN connectivity, there are several means to achieve it and no specific ‘best practice’. If you are connecting just the two PC’s, then you can install software on each of the two PC’s to create the VPN. Simple, pre-shared key encryption such as a simple SSL/TLS tunnel should be sufficient if you have secure means of installing the encryption keys and software (OpenSSL) on both machines.
If you’re looking to share the VPN connection with all PC’s connected to the routers on both sides of the connection, you can configure the routers to form the VPN connection, provided the routers have that capability in their firmware (eg. Cisco IOS) software. In that case, the VPN options in the router will dictate your choices.
Whether you wish to use the routers as your VPN gateways, or create a direct end-to-end VPN connection will depend on your need for security. Here’s some general things to consider before you create your VPN connecton(s).
You probably do not need a special VPN server unless you are connecting multiple external users or PC’s to a local network or resource across unsecured networks. VPN concentrators are used for this purpose and most Firewall appliances and software support this function.
This is going to be a very brief summary of the available options. There are several protocols available for use in creating VPN connections:
Which VPN solution is the best match is going to depend on the hardware, software, security policies and architecture, but SSL/TLS for something simple and IPSec for anything else would be my first two recommendations.