Looking for Options for a Remote Access VPN for 3 Users

I recommended using WireGuard or the built-in VPN from Windows Server. However, my boss prefers something that offers solid reliability and security. What are my options? Based in the UK.

Neither of us are IT experts and we’re learning as we go. I’ve set up a WireGuard VPN for my personal projects, but my experience is somewhat limited.

For just three users, I’d recommend paying for Tailscale. It’s incredibly easy to set up, and it won’t expose anything to the internet. You can install the subnet router on two servers for backup, and that’s it.

@Eliot
+1 for Tailscale being an easy WireGuard solution - we rolled it out to our entire company with M365 SSO and built ACLs. It took very little time and works really well.

Gabi said:
@Eliot
+1 for Tailscale being an easy WireGuard solution - we rolled it out to our entire company with M365 SSO and built ACLs. It took very little time and works really well.

Does this mean users always need to connect to the VPN for internet access, or is this just for Microsoft apps?

@Finnian
No, it uses M365 for authentication so users don’t have to remember extra credentials.

Gabi said:
@Finnian
No, it uses M365 for authentication so users don’t have to remember extra credentials.

Got it, but does the VPN also route internet traffic? Or just specific resources like a database?

@Finnian
You’re looking for the terms split-tunnel vs full-tunnel (or split-routing).

Zander said:
@Finnian
You’re looking for the terms split-tunnel vs full-tunnel (or split-routing).

Yes, that’s the terminology.

Finnian said:

Zander said:
@Finnian
You’re looking for the terms split-tunnel vs full-tunnel (or split-routing).

Yes, that’s the terminology.

Tailscale allows either setup. You can create an exit node if you want all traffic to route through a specific location.

@Gabi
Thanks, I’m still learning about VPNs.

Gabi said:
@Eliot
+1 for Tailscale being an easy WireGuard solution - we rolled it out to our entire company with M365 SSO and built ACLs. It took very little time and works really well.

What are the specs of the machine running Tailscale? What total costs are you seeing, including data charges? How many users?

@Whitney
We’re on the starter business plan at $6/month per user. There are no data charges since it’s all peer-to-peer. We have the subnet router set on our Netgate firewall, but it could run on pretty much anything. A small VM on-site would work well too.

@Eliot
Upvoted. You can set this up for three users for free and still call it secure.

@Eliot
Thanks for the input!

I appreciate everyone’s suggestions regarding security concerns and ideas.

@Eliot
Exactly, I was thinking the same. Another +1 for Tailscale here.

@Eliot
I’ll explore Tailscale and also see if TeamViewer might be a better fit.

Lyle said:
@Eliot
I’ll explore Tailscale and also see if TeamViewer might be a better fit.

TeamViewer has a history of hacks and security breaches. I strongly recommend against it.

Also, it’s not a VPN; it’s more of a remote support tool.

If you need a VPN for a laptop to connect while on the go, I’d look at what your current router can do. Many small business routers can run OpenVPN or WireGuard.

Tailscale is excellent, but it requires some planning. If you have Ubiquiti equipment, it includes a solid VPN feature as well.

@Rene
WireGuard and a RADIUS server off a UDM Pro work really well. It connects super fast.

@Rene
Yes, we have Ubiquiti access points.

Lyle said:
@Rene
Yes, we have Ubiquiti access points.

You need a Ubiquiti router/gateway. Their switches and APs can’t establish a VPN gateway.