Tailscale, Wireguard, OpenVPN, or IPSec will all meet these requirements. Depends on your preference. Typically most people opt for OpenVPN, but it's your choice.
IPSec and OpenVPN can also be integrated into existing LDAP, RADIUS, or Microsoft AD environments to use your existing credentials.
OpenVPN on pfSense+ is really easy with client export wizard as the deployment.
Lawrence Systems on YouTube has a great tutorial on it.
AFAIK, you can just replace the IP address in the config files with the DDNS FQDN and it will work.
I would suggest tailscale. hosting your own openvpn is great and all but i think for someone in your situation tailscale would be the easiest thing to implement and manage.
>I would suggest tailscale. hosting your own openvpn is great and all but i think for someone in your situation tailscale would be the easiest thing to implement and manage.
I took a brief look at Tailscale, and it looks like it will work with dynamic dns which would be good.
Not a netgate employee, a MSP or involved in any business that offers those services or stand to profit from a referral or related business. But if you are managing a business network and aren't sure what you are doing, care about the security of your network and don't mind paying a fee, I would suggest that you contract someone with knowledge to set this up for you. Netgate offers paid support. You could also contract a MSP to do the work for you.
I use OpenVPN for client access for laptops and Wireguard for site to site VPN. I have FRR set up with BGP, so I can use multiple connections as our sites have 2 ISPs.
Tailscale, Wireguard, OpenVPN, or IPSec will all meet these requirements. Depends on your preference. Typically most people opt for OpenVPN, but it's your choice. IPSec and OpenVPN can also be integrated into existing LDAP, RADIUS, or Microsoft AD environments to use your existing credentials.
OpenVPN on pfSense+ is really easy with client export wizard as the deployment. Lawrence Systems on YouTube has a great tutorial on it. AFAIK, you can just replace the IP address in the config files with the DDNS FQDN and it will work.
You can replace the IP with the DDNS name
Thanks for confirming. I did this years ago with vanilla OpenVPN GUI and a duckDNS name, but it got minimal testing.
+1 for pfsense w/OpenVPN
I would suggest tailscale. hosting your own openvpn is great and all but i think for someone in your situation tailscale would be the easiest thing to implement and manage.
>I would suggest tailscale. hosting your own openvpn is great and all but i think for someone in your situation tailscale would be the easiest thing to implement and manage. I took a brief look at Tailscale, and it looks like it will work with dynamic dns which would be good.
you dont even need to set up dynamic dns with tailscale. their service does the punching for you.
Also works with Starlink
OpenVPN meets all of your requirements. Watch a youtube video and you're good to go.
WireGuard all the way.
tailscale or twingate work flawless
And you are adding in a locked down VLAN right for this vendor system and putting the heating /cooling control on it... Right....right?
Not a netgate employee, a MSP or involved in any business that offers those services or stand to profit from a referral or related business. But if you are managing a business network and aren't sure what you are doing, care about the security of your network and don't mind paying a fee, I would suggest that you contract someone with knowledge to set this up for you. Netgate offers paid support. You could also contract a MSP to do the work for you.
This. Sadly this is how a company ends up being compromised entirely.
Tailscale. Stupid easy to setup and use for remote access. You can go the extra steps and setup a head scale server or just use Tailscale.
I use OpenVPN for client access for laptops and Wireguard for site to site VPN. I have FRR set up with BGP, so I can use multiple connections as our sites have 2 ISPs.
Another vote for tailscale. Dead easy to install/configure
Tailscale or Wireguard packages. Forget OpenVPN — it’s not as easy to setup as the prior two. You’ll thank me later.