While Consulting for a Business doing about +20Cr (3M USD) revenue, It was a challenge to have full-fledged IT team to manage the Network and other IT related stuff.
The Primary issue was the Accounting Package “Tally ERP9” a popular Accounting Package which is licensed as a server with multi user but lacked remote connectivity but for “tally.net” which used a ddns server hosted by tally. Tally now provides a sync facilities but expects each of the branch to buy a lic..? which requires to renewed every year.
There are many hardware suppliers like Cisco, Netgear etc which provide VPN Routers like RV80 or VPN FireWall from Netgear again these are licensed per connection. They are worth the buck but involves issues beyond a small business person. To find a skilled person on VPN tunnel is also quite a challenge.
With the necessity of WiFi at all the location, one IT hardware that is a must is WiFi Router. While Evaluation of available routers against the cheapo stuff, the ASUS Router are ranked Uno. I have personally used these & Linksys Router, the Diff was that ASUS was using Custom Built DD-WRT Firmware while Linksys, we have load the community DD-WRT firmware. Although I prefer on a personal level to customise the solution, but with the cyber security threat, it’s better to use stock firmware which is monitored by OEM’s for any leaks or threats.
Cyber Theft maybe not a major concern for small business but with the digital India Drive from Govt. of India most transaction are now online, hence unprotected private network will be misused, hence some level of protection is required one such OEM is Cyberoam.
The Higher End ASUS Routers Provides Security Levels along with VPN hence for this project, I have chosen ASUS AC68U (20K INR the ASUS AC88U is with Dual LAN @24K is a better alternative). One other aspect for the weak SLA of the ISP service Providers, there is no easy solution for this, in large cities the ISP are reasonable fast to attend the issues but in rural or semi urban area its a pain, hence 3G or 4G dongles which can be plugged into the WiFi Router is the best solution.
The Other Tabs, I shall explain the configuration and setup details, also how the system work address a Small Office Requirements.
Configuration of “VPN on ASUS”
Configuration of “OpenVPN” for TAP or LUN operations
Configuration of ADSL Router for the OpenVPN to Work
“Conclusion” where the WiFi Router is used for data backup, 3G, FireWall and other Configuration
VPN is having a secure tunnel (Connection) between your branches, so that all resources can be shared between the branches and the Head Office, like Printer, Tally, Application, Storage Backup, etc.
Let take a look at the Configuration available on ASUS Router
Select the VPN and Then OpenVPN
Enable the VPN Server at the Head Office
Now we have to Enter the Username and Password for the clients to connect
We have completed the minimum configuration this setup, Follow the Next Tab for “TAP” or “LUN” and other configuration
VPN tunnel is basically LUN or TAP (Click for Details)
- LUN is VPN on layer 3 (one more hop between subnets)
- TAP is bridge two ethernet segments in two different locations
We are setting up an TAP (Bridge VPN) because of the “Tally ERP9” limitation
Let’s download the Configuration file, which we will require to configure the VPN clients at the Branches and Laptops / Desktop. Save the download File and rename it “XXX Client OpenVPN” XXX->Your Company Name
How to Configure for Desktop / Laptops etc.. is detailed in the links provided. Pls go through it and implement it using the Client File downloaded above.
1. We have to ensure that ADSL router forwards the PORT 1194 to ASUS Router
2. Now Configure the DDNS to ensure we can reach our HQ Router.
Note: Pls Subscribe to Service from dyn.org (paid Service) or use www.dynu.com (free for Now)
Some of the other features which is useful for SOHO or SME
1. 3G or 4G Dongle: Dual WAN : for Redundancy for the ISP
2. AiProtection: we can enable
- Parental Control (to allow Staff “Mobile Phone” to Access the Internet During the Breaks or 05 Min once every two Hrs)
I personally do not subscribe to this but while analysing the bandwidth consumption many of Employees just do not understand the concept of self control. Most are downloading the Video and Crap from “WhatsApp”.
- Network Protection: I am sure this is essential feature that needs to be enabled. but most of the Scheduled Bank and Govt. Site will not work
3. Adaptive QoS: We can use the Feature to check on what is hogging the Bandwidth and ensure that we have some control
3.1 enable the control
a few screen shots from “Bandwidth Monitor”
we can drill down
4. Under “Advance Setting” Click “Wireless” and Then Filter on Mac Address, I recommend the Blacklist ie “Reject”. Whenever any staff member personal device is seen on the network we can reject it from connecting on the WiFi.
It’s great to be a geek and stumble along but when the setup is for “production” then I strongly suggest please use stock firmware. If the feature you require is not available then search for device which provides the features in stock firmware (Google is a useful Tool for Search)
for 20,000 INR the ASUS Router RT-AC68U is worth it. Of Course if you are going to use many of its features and at the same time except a reliable and strong WiFi Zone.
please free to PM or Email Me using the comment or contact form, if you require more details or clarifications.