Operations

Steps for Selecting and Setting Up a Small Business VPN

VPN stands for “Virtual Private Network”. A VPN creates a virtual “tunnel” where encrypted data is securely transferred over the internet. A VPN hides your IP address, protects your identity, secures your data, and allows you to browse the the internet in full privacy. Most VPNs do not store logs files of user activity—so there isn’t any permanent browsing or data transfer record either.

For a small business, the most important benefit of using a VPN is data encryption and secure communication. A VPN allows employees to access a business’s servers and private network remotely without threat of communications being intercepted by an unauthorized party or data being stolen.

How does a VPN work?

A VPN acts as a user proxy on the Internet. Typically, when a user accesses a website, their Internet Service Provider (ISP) receives the request and redirects the user to the destination website. With a VPN, the user request is routed through the VPN server first. The process is as follows:

business vpn data transfer process chart

VPN data transfer and encryption process:

  1. User connects to VPN service using a VPN client and user credentials are authenticated with the VPN server.
  2. VPN client encrypts data being transferred by the user via an ecryption protocol.
  3. VPN service creates a secure data “tunnel” between the user device (e.g. laptop or smartphone) and the Internet.
  4. VPN client transfers the encrypted data over the internet to the VPN server through the “tunnel”.
  5. Encrypted data is decrypted when it arrives at the VPN server.

Types of VPNs to consider

Part of setting up a VPN is identify which VPN type is best for your business. There are three types of VPNs to consider: Remote Access, Site to site, and Client-based. Each VPN type has advantages and disadvantages depending on business size and structure.

Remote access

remote access vpn diagram

Remote access VPN allows employees who work remotely to securely access and use applications and data that reside on a central corporate network. All data that remote workers send or receive via the remote access VPN is encrypted and secure. Remote access VPNs are relatively inexpensive, making them a popular choice for small businesses with a remote work force.

Site to site

site-to-site vpn diagram

Where a remote access VPN connects remote workers to a single corporate network, a site-to-site VPN connects individual local area networks (LANs) to each other. Site-to-site VPNs (also known as router-to-router VPNs) enable offices in one location to communicate, share resources, and collaborate over the internet securely with offices at another location.

There are two types of site-to-site VPNs: Intranet and Extranet. The intranet-based VPN model allows offices across different geographic location, yet within the same company, to connect with each other via a single wide-area network. The intranet-based VPN model is employed by organizations with multiple remote offices, but that don’t need to connect with external networks.

Alternatively, the extranet-based VPN model connects LANs of different organizations and allows users to access and use a shared network. This enables two or more organizations to access the same network, share data and applications, yet hide their respective intranets and private communications from the other parties. Extranet VPNs are often employed by businesses who need to connect securely with customers, suppliers or business partners. Extranet-based VPNs are popular among larger corporations with multiple office locations.

Client-based

client-based vpn diagram

A client-based VPN is similar to a remote access VPN. It allows a remote user to connect to a network via a VPN client installed on their device. The VPN client authenticates and secures all data transfer and communication between the user device and the business’s remote network. Client-base VPNs are ideal for single business users and remote workers who need secure access to a business’s IT network.

Steps to Setting Up a Small Business VPN

There are 7 general steps to setting up a VPN for a business.

Step 1: Initial Preparation

The first step to setting up a VPN is evaluating and assessing business needs and capabilities. You can’t install a VPN until you know what you need and can support. Consider the following questions:

  • Do you have a high speed internet connection? A VPN will bog down an already slow internet connection. A standard VPN service may decrease internet speed by 10-20%. More secure VPN services that use higher bit encryption technology can slow connection speeds even more. If you have slow internet, you may need to upgrade your internet connection to a more robust package before installing a VPN. For typical small business data transfer—up to 4k streaming—the minimum recommended internet speed is 25-30 Mbps.
  • How many and what type of devices does your business use? Does your business use only computers? Or do you also use Chromebooks, Macbooks and other mobile devices? How many devices will be connecting to your VPN? The number and type of devices that support your business will determine the type of VPN and VPN protocols you can use.
  • What operating systems (OS) support business operations? Not all VPN client software is cross platform compatible. Some VPN clients will only support Linux while others only support Microsoft technology (e.g. Windows). Some VPN clients support multiple platforms including Window, Linux, iOS, MacOS and Android. You’ll need a VPN client and provider that support your operating systems.
  • Which VPN protocol will your business require? The VPN protocol you select will impact internet speed, mobile stability, connectivity, ease of installation and configuration, data transfer security, and platform compatibility. (See Step #4 below)
  • What are your business’s data transfer requirements? Will your business require remote access, site-to-site access or client-based access. Who will have access to sensitive data? Internal employees? Remote workers? External partners? How important is security vs stablity vs speed? Your business structure and requirements will determine your network configuration and setup, as well as your VPN requirements.

Step 2: Line up VPN devices and components

To setup a VPN you’ll need a VPN router, VPN server and VPN client.

Typically, the VPN service you select will provide you with a VPN server and client. However, your VPN provider may not offer a VPN client that is compatible with every device platform your small business uses (e.g. iOS, Android, and Windows). Even if the VPN client offered by your provider doesn’t cover every platform you need, go ahead and install their client to test your VPN account and ensure it’s working properly.

After you’ve verified your VPN account is working, contact your VPN provider about software clients for your other device platforms. If your VPN provider doesn’t offer clients for the other devices your small business uses, there are other websites that will provide a selection of downloadable VPN clients. If your employees will be accessing your small business network using mobile devices, you should also download VPN client apps for those devices.

You can find online VPN tutorials and setup guides from other VPN providers for many device types. For example, if you use Macbooks for your business, you can search online for VPN tutorials and guides for these devices to find compatible clients.

In addition to the VPN server and client, you’ll require a router. You can pick up a basic router at BestBuy that will work fine for remote home office workers. However, if you’re setting up a shared IT network for your small business, I recommend upgrading to a VPN router. A VPN router will provide additional security when multiple employees will be accessing the internet using the same router. VPN routers may be provided by your provider.

Step 3: Network prep and configuration

It’s not uncommon for a VPN client to conflict with other network clients, and cause one or both to not work properly. Before acquiring and installing VPN software, ensure your business IT network is already setup. Having your IT network in place prior to installing a VPN will allow you to make sure VPN software does not conflict with network applications and software.

If you have an IT network in place, uninstall any existing VPN client software that is not needed. Multiple VPN clients on the same network can compete with one another and create conflicts.

Review your network configuration. How will workers be accessing the Internet and online resources. Will workers be using Wi-Fi, 4G or 5G modems, and wired connections? If so, you’ll need to ensure the VPN client is configured for all connection types.

Step 4: Select VPN protocols

VPN protocols are the rules or instructions that determine how data is routed between your computer (or device) and the VPN server. They can also control connection speed and encryption standards for data transmission.

Review each VPN protocol below to determine which protocol best meets your business requirements.

Table 1. VPN Protocols Comparison Chart
VPN ProtocolSpeedSecurityStabilityCross platform
Compatiblity
Setup
OpenVPNSlow
Very strongHighHighHard
SSTPFastStrongHighLowEasy
PPTPVery fastWeakHighHighEasy
L2TP/IPSecSlowVery strongHighHighHard
IKEv2/IPSecFastStrongVery highLowHard
WireGuardFastStrongHighLowEasy
SoftEtherFastStrongHighLowMedium

OpenVPN is an open-source VPN protocol software that provides the utmost flexibility in protocol configuration. It is the most widely adopted VPN protocol and the standard used by most VPN providers. OpenVPN is available for many platforms, including Mac, Window, Android and iOS.

There are two main types of OpenVPN: OpenVPN TCP and OpenVPN UDP. OpenVPN TCP (Transmission Control Protocol) is the most widely used OpenVPN type. OpenVPN TCP is extremely reliable and secure. Open UDP (User Datagram Protocol) type is used for low-latency data transfer. It is highly reliable but isn’t as secure as OpenVPN TCP. Open UDP is ideal for gaming and streaming.

Table 2. OpenVPN Pros and Cons
ProsCons
  • Very secure (256-bit encryption keys and high-end ciphers)
  • Runs on most platforms (Linux, Windows, MacOS, iOS, Android, etc)
  • Can bypass firewalls (can use any TCP or UDP port)
  • Supports Perfect Forward Secrecy to thwart hacking
  • Free for download and connection to a VPN server
  • Requires an additional client program and configuration
  • Configuration is complex and challenging. Not for the beginner
  • Free to end users, but commercial versions require a license
  • Limited server connections (maximum of 50)

Secure Socket Tunneling Protocol was develope by Microsoft. It is optimized for Windows platforms but will also work on Linux. It is comparable to OpenVPN but is not an open-source protocol. It is not ideal for site-to-site VPN access and is used primarily to support remote network access.

Table 3. SSTP Pros and Cons
ProsCons
  • Extremely secure (uses SL 3.0 standard encryption)
  • Can bypass firewalls
  • Easy to use with Windows technology (built in)
  • Faster then other protocols (ideal for online activities)
  • Can access regionally restricted content
  • Non compatible with non-Window operating systems (e.g. Mac)
  • Software isn't open-source
  • Can slow down internet access with low bandwidth (not ideal for gaming, streaming)
  • Drops connections (due to incompatibility with authenticated web proxies)
  • Slow down due to TCP meltdown (does not use UDP protocol)
  • Is susceptible to POODLE attacks

Point-to-Point Tunneling Protocol (PPTP) is an older VPN protocol that offers weaker security. It is still widely used, but declining in usage and popularity. Its current popularity is driven by its compatiblity with nearly every major operating system. It is extremely fast but not as secure as other VPN protocols.

Table 4. SSTP Pros and Cons
ProsCons
  • Built in to several operating systems
  • Very fast (does not reduce internet speed)
  • User friendly setup process
  • Able to stream geo-restricted content (e.g. VOD, TV)
  • Less expensive than other VPN protocols
  • Low security (only 128 bit encryption)
  • Cannot bypass most firewalls
  • Does not provide fully anonymous browsing
  • Less reliable data transmission than other VPN protocols
  • May be monitored by the NSA

Layer Two Tunneling Protocol (L2TP) over Internet Protocol Security (IPSec) is a successor to PPTP. L2TP/IPSec offers better security and features than its predecessor PPTP. L2TP provides secure connection, but it doesn’t provide data encryption or security. However, when paired with IPSec which authenticates and encrypts data, this protocol provides very secure data transmission over VPN. L2TP/IPSec is a protocol of choice when data security is the top priority.

Table 5. L2TP/IPSec Pros and Cons
ProsCons
  • Very secure. Military standard 256-bit encryption
  • Very compatible. Supports Windows, Linux and Mac
  • Relatively easy configuration (USP for data encapsulation)
  • Stable and reliable for remote locations (not compatible with NAT router)
  • Slow connection speed due to higher encryption (can be paired with OpenVPN for improve speed performance)
  • Challenging to configure
  • Pre-share keys for authentication (If keys are mismatched protocol stops working)
  • Supports limited number of ports (protocols blocked behind NAT firewall)

Internet Key Exchange version 2 (IKEv2) is paired with Internet Protocol Security (IPSec) to provide data encryption and certificate based authentication. IKEv2 protocol provides stable, reliable network connectivity. IKEv2 VPN protocol is primarily used for mobile devices, since it reconnects quickly and seamlessly whenever a connection is lost when passing through a tunnel, switching between WiFi and mobile cell networks, or moving between hotspots.

Table 6. IKEv2/IPSec Pros and Cons
ProsCons
  • Fast and stable connectivity (mobile)
  • Seamlessly switches between networks
  • Highly secure (can prevent MiM and Dos attacks)
  • Reduces latency to support network applications
  • Is not widely supported (works with Windows, Mac OS and iOS devices)
  • Challenging implementation on VPN server-side
  • Must be paired with IPSec to be secure
  • Closed source software
  • Can be blocked by a firewall

Wireguard is a relatively new open-source VPN protocol. It operates on Linux and is reported to perform better than both OpenVPN and IPSec in terms of speed and security. Because Wireguard is relatively new, it doesn’t come built in to any platforms, nor is it available in VPN apps.

Table 7. Wireguard Pros and Cons
ProsCons
  • Extremely fast (optimized code = less space for error)
  • Easy setup & configuration
  • High security (less code to verify)
  • WIP (Work in Progress)
  • Not currently supported by all apps
  • Not usable without logs
  • Requires static/fixed IPs

SoftEther is a relatively new VPN protocol. It is free to use and provides quick, secure client-to-server and site-to-site data transfer. SoftEther protocol can be deployed with major operting platforms such as Mac, Windows, iOS and Android.

Table 8. SoftEther Pros and Cons
ProsCons
  • Can bypass firewalls (via SSL-VPN tunneling through HTTPS)
  • Open-source software and free
  • Multi-platform support (works well on all platforms)
  • Highly secure (RSA-4096 and AES-256 encryption)
  • Very fast despite robust security
  • No fixed or static IP (uses built-in dynamic-DNS and NAT-traversal)
  • Few VPN provider provide SoftEther
  • No built-in support on operating systems and devices

Most VPN services allow users to select their desired protocol. For most small businesses OpenVPN or L2TP with IPSec is recommended to provide the most comprehensive network access and security. However, depending your business needs you may need to choose one of the other protocals discussed above.

Step 5: Install VPN software

After you’ve determined your business needs, and identified the correct VPN protocol(s), it’s time to find a VPN provider. You want to work with a provider that offers service and plans that meets all your needs. Make sure the VPN provider offers VPN client software that is compatible with your device platforms.

Once you’ve established an account with a VPN provider, download their VPN client onto your devices. The client is what encrypts the data transferred from your devices to the VPN servers. Certain vendors may also provide ad-on features including two-factor authentification such as Duo to provide an additional level of security.

When you install the VPN client for the first time you’ll configure your administrator VPN settings. These settings will be applied to all endpoint devices. Your provider’s VPN software will walk you through the setup process.

Step 6: Test and Troublshoot

After installing the VPN client and configuring administrator settings, test the VPN on a few endpoint devices before rolling it out to all devices. There is always the chance that the provider’s VPN client might conflict with your current device or network software. This will allow you to troubleshoot and resolve any issues before a complete rollout.

If the VPN client appears to conflict with current software, the first thing you want to do is make sure that all operating software on your device(s) is updated to the latest version. This will often resolve compatibility issues.

If that doesn’t work, shut down and reboot both the VPN client and your device. If there is any other VPN software running, make sure it’s disconnected and closed. Sometimes VPN clients require software drivers to operate correctly. Access the settings page and click the “repair” option, if available, to reload drivers.

If you’re having difficulty logging into the network, make sure you’re using the correct credentials. Review any emails you received from the provider or quick-start guides you may have received.

Another troubleshooting option is to connect to the VPN using different protocols. This may not be possible, but some VPN clients provide this option. If for example you’re currently using OpenVPN with TCP, try switching to L2TP and PPTP protocols and attempt to reconnect to the VPN.

Other software—including firewalls and security programs—may also inhibit devices from connecting to the VPN. Temporarily disable any software on your device that could be the culprit and retest your VPN connection. Once you’ve tested and identified if there isn’t a conflict, you can turn all software back on.

If all else fails, work with your VPN provider’s support team for more advanced troubleshooting.

Step 7: Install the VPN Client on all devices

Once you’ve tested and resolved any issues with the VPN client, install the client on all other devices. Typically this involves providing your staff with a link where they can download the VPN client software over the internet.

After the VPN client has been successfully installed and tested on all devices, select the default VPN server the client should connect to automatically. To optimize your connection speed and improve performance, select the server location that is closest to your central offices.

If your VPN provider offers a kill switch, I highly recommend implementing it. A VPN kill switch will immediately disconnect network devices from the internet if for any reason VPN connection is lost or fails. This will prevent unsecure internet connection and unencrypted data transfer until your VPN is back up.

Share this page

Author: Ryan Mendenhall
Ryan is a veteran of the digital marketing industry with over 15 years experience helping small businesses and entrepreneurs successfully navigate their way through the digital marketing landscape. Ryan is also an.... read more
You may also like
Operations Checklist for Small Business Owners
Outlook 2022: Must Know Small Business Trends
Strategic Outsourcing: Is It Right for Your Small Business?
Maximizing Revenue Capacity by Optimizing Your AP and AR Processes

Leave Your Comment

Your Comment*

Your Name*
Your Webpage