Steps for Selecting and Setting Up a Small Business VPN
VPN stands for “Virtual Private Network”. A VPN creates a virtual “tunnel” where encrypted data is securely transferred over the internet. A VPN hides your IP address, protects your identity, secures your data, and allows you to browse the the internet in full privacy. Most VPNs do not store logs files of user activity—so there isn’t any permanent browsing or data transfer record either.
For a small business, the most important benefit of using a VPN is data encryption and secure communication. A VPN allows employees to access a business’s servers and private network remotely without threat of communications being intercepted by an unauthorized party or data being stolen.
How does a VPN work?
A VPN acts as a user proxy on the Internet. Typically, when a user accesses a website, their Internet Service Provider (ISP) receives the request and redirects the user to the destination website. With a VPN, the user request is routed through the VPN server first. The process is as follows:
VPN data transfer and encryption process:
- User connects to VPN service using a VPN client and user credentials are authenticated with the VPN server.
- VPN client encrypts data being transferred by the user via an ecryption protocol.
- VPN service creates a secure data “tunnel” between the user device (e.g. laptop or smartphone) and the Internet.
- VPN client transfers the encrypted data over the internet to the VPN server through the “tunnel”.
- Encrypted data is decrypted when it arrives at the VPN server.
Types of VPNs to consider
Part of setting up a VPN is identify which VPN type is best for your business. There are three types of VPNs to consider: Remote Access, Site to site, and Client-based. Each VPN type has advantages and disadvantages depending on business size and structure.
Remote access VPN allows employees who work remotely to securely access and use applications and data that reside on a central corporate network. All data that remote workers send or receive via the remote access VPN is encrypted and secure. Remote access VPNs are relatively inexpensive, making them a popular choice for small businesses with a remote work force.
Site to site
Where a remote access VPN connects remote workers to a single corporate network, a site-to-site VPN connects individual local area networks (LANs) to each other. Site-to-site VPNs (also known as router-to-router VPNs) enable offices in one location to communicate, share resources, and collaborate over the internet securely with offices at another location.
There are two types of site-to-site VPNs: Intranet and Extranet. The intranet-based VPN model allows offices across different geographic location, yet within the same company, to connect with each other via a single wide-area network. The intranet-based VPN model is employed by organizations with multiple remote offices, but that don’t need to connect with external networks.
Alternatively, the extranet-based VPN model connects LANs of different organizations and allows users to access and use a shared network. This enables two or more organizations to access the same network, share data and applications, yet hide their respective intranets and private communications from the other parties. Extranet VPNs are often employed by businesses who need to connect securely with customers, suppliers or business partners. Extranet-based VPNs are popular among larger corporations with multiple office locations.
A client-based VPN is similar to a remote access VPN. It allows a remote user to connect to a network via a VPN client installed on their device. The VPN client authenticates and secures all data transfer and communication between the user device and the business’s remote network. Client-base VPNs are ideal for single business users and remote workers who need secure access to a business’s IT network.
Steps to Setting Up a Small Business VPN
There are 7 general steps to setting up a VPN for a business.
Step 1: Initial Preparation
The first step to setting up a VPN is evaluating and assessing business needs and capabilities. You can’t install a VPN until you know what you need and can support. Consider the following questions:
- Do you have a high speed internet connection? A VPN will bog down an already slow internet connection. A standard VPN service may decrease internet speed by 10-20%. More secure VPN services that use higher bit encryption technology can slow connection speeds even more. If you have slow internet, you may need to upgrade your internet connection to a more robust package before installing a VPN. For typical small business data transfer—up to 4k streaming—the minimum recommended internet speed is 25-30 Mbps.
- How many and what type of devices does your business use? Does your business use only computers? Or do you also use Chromebooks, Macbooks and other mobile devices? How many devices will be connecting to your VPN? The number and type of devices that support your business will determine the type of VPN and VPN protocols you can use.
- What operating systems (OS) support business operations? Not all VPN client software is cross platform compatible. Some VPN clients will only support Linux while others only support Microsoft technology (e.g. Windows). Some VPN clients support multiple platforms including Window, Linux, iOS, MacOS and Android. You’ll need a VPN client and provider that support your operating systems.
- Which VPN protocol will your business require? The VPN protocol you select will impact internet speed, mobile stability, connectivity, ease of installation and configuration, data transfer security, and platform compatibility. (See Step #4 below)
- What are your business’s data transfer requirements? Will your business require remote access, site-to-site access or client-based access. Who will have access to sensitive data? Internal employees? Remote workers? External partners? How important is security vs stablity vs speed? Your business structure and requirements will determine your network configuration and setup, as well as your VPN requirements.
Step 2: Line up VPN devices and components
To setup a VPN you’ll need a VPN router, VPN server and VPN client.
Typically, the VPN service you select will provide you with a VPN server and client. However, your VPN provider may not offer a VPN client that is compatible with every device platform your small business uses (e.g. iOS, Android, and Windows). Even if the VPN client offered by your provider doesn’t cover every platform you need, go ahead and install their client to test your VPN account and ensure it’s working properly.
After you’ve verified your VPN account is working, contact your VPN provider about software clients for your other device platforms. If your VPN provider doesn’t offer clients for the other devices your small business uses, there are other websites that will provide a selection of downloadable VPN clients. If your employees will be accessing your small business network using mobile devices, you should also download VPN client apps for those devices.
You can find online VPN tutorials and setup guides from other VPN providers for many device types. For example, if you use Macbooks for your business, you can search online for VPN tutorials and guides for these devices to find compatible clients.
In addition to the VPN server and client, you’ll require a router. You can pick up a basic router at BestBuy that will work fine for remote home office workers. However, if you’re setting up a shared IT network for your small business, I recommend upgrading to a VPN router. A VPN router will provide additional security when multiple employees will be accessing the internet using the same router. VPN routers may be provided by your provider.
Step 3: Network prep and configuration
It’s not uncommon for a VPN client to conflict with other network clients, and cause one or both to not work properly. Before acquiring and installing VPN software, ensure your business IT network is already setup. Having your IT network in place prior to installing a VPN will allow you to make sure VPN software does not conflict with network applications and software.
If you have an IT network in place, uninstall any existing VPN client software that is not needed. Multiple VPN clients on the same network can compete with one another and create conflicts.
Review your network configuration. How will workers be accessing the Internet and online resources. Will workers be using Wi-Fi, 4G or 5G modems, and wired connections? If so, you’ll need to ensure the VPN client is configured for all connection types.
Step 4: Select VPN protocols
VPN protocols are the rules or instructions that determine how data is routed between your computer (or device) and the VPN server. They can also control connection speed and encryption standards for data transmission.
Review each VPN protocol below to determine which protocol best meets your business requirements.
OpenVPN is an open-source VPN protocol software that provides the utmost flexibility in protocol configuration. It is the most widely adopted VPN protocol and the standard used by most VPN providers. OpenVPN is available for many platforms, including Mac, Window, Android and iOS.
There are two main types of OpenVPN: OpenVPN TCP and OpenVPN UDP. OpenVPN TCP (Transmission Control Protocol) is the most widely used OpenVPN type. OpenVPN TCP is extremely reliable and secure. Open UDP (User Datagram Protocol) type is used for low-latency data transfer. It is highly reliable but isn’t as secure as OpenVPN TCP. Open UDP is ideal for gaming and streaming.
Secure Socket Tunneling Protocol was develope by Microsoft. It is optimized for Windows platforms but will also work on Linux. It is comparable to OpenVPN but is not an open-source protocol. It is not ideal for site-to-site VPN access and is used primarily to support remote network access.
Point-to-Point Tunneling Protocol (PPTP) is an older VPN protocol that offers weaker security. It is still widely used, but declining in usage and popularity. Its current popularity is driven by its compatiblity with nearly every major operating system. It is extremely fast but not as secure as other VPN protocols.
Layer Two Tunneling Protocol (L2TP) over Internet Protocol Security (IPSec) is a successor to PPTP. L2TP/IPSec offers better security and features than its predecessor PPTP. L2TP provides secure connection, but it doesn’t provide data encryption or security. However, when paired with IPSec which authenticates and encrypts data, this protocol provides very secure data transmission over VPN. L2TP/IPSec is a protocol of choice when data security is the top priority.
Internet Key Exchange version 2 (IKEv2) is paired with Internet Protocol Security (IPSec) to provide data encryption and certificate based authentication. IKEv2 protocol provides stable, reliable network connectivity. IKEv2 VPN protocol is primarily used for mobile devices, since it reconnects quickly and seamlessly whenever a connection is lost when passing through a tunnel, switching between WiFi and mobile cell networks, or moving between hotspots.
Wireguard is a relatively new open-source VPN protocol. It operates on Linux and is reported to perform better than both OpenVPN and IPSec in terms of speed and security. Because Wireguard is relatively new, it doesn’t come built in to any platforms, nor is it available in VPN apps.
SoftEther is a relatively new VPN protocol. It is free to use and provides quick, secure client-to-server and site-to-site data transfer. SoftEther protocol can be deployed with major operting platforms such as Mac, Windows, iOS and Android.
Most VPN services allow users to select their desired protocol. For most small businesses OpenVPN or L2TP with IPSec is recommended to provide the most comprehensive network access and security. However, depending your business needs you may need to choose one of the other protocals discussed above.
Step 5: Install VPN software
After you’ve determined your business needs, and identified the correct VPN protocol(s), it’s time to find a VPN provider. You want to work with a provider that offers service and plans that meets all your needs. Make sure the VPN provider offers VPN client software that is compatible with your device platforms.
Once you’ve established an account with a VPN provider, download their VPN client onto your devices. The client is what encrypts the data transferred from your devices to the VPN servers. Certain vendors may also provide ad-on features including two-factor authentification such as Duo to provide an additional level of security.
When you install the VPN client for the first time you’ll configure your administrator VPN settings. These settings will be applied to all endpoint devices. Your provider’s VPN software will walk you through the setup process.
Step 6: Test and Troublshoot
After installing the VPN client and configuring administrator settings, test the VPN on a few endpoint devices before rolling it out to all devices. There is always the chance that the provider’s VPN client might conflict with your current device or network software. This will allow you to troubleshoot and resolve any issues before a complete rollout.
If the VPN client appears to conflict with current software, the first thing you want to do is make sure that all operating software on your device(s) is updated to the latest version. This will often resolve compatibility issues.
If that doesn’t work, shut down and reboot both the VPN client and your device. If there is any other VPN software running, make sure it’s disconnected and closed. Sometimes VPN clients require software drivers to operate correctly. Access the settings page and click the “repair” option, if available, to reload drivers.
If you’re having difficulty logging into the network, make sure you’re using the correct credentials. Review any emails you received from the provider or quick-start guides you may have received.
Another troubleshooting option is to connect to the VPN using different protocols. This may not be possible, but some VPN clients provide this option. If for example you’re currently using OpenVPN with TCP, try switching to L2TP and PPTP protocols and attempt to reconnect to the VPN.
Other software—including firewalls and security programs—may also inhibit devices from connecting to the VPN. Temporarily disable any software on your device that could be the culprit and retest your VPN connection. Once you’ve tested and identified if there isn’t a conflict, you can turn all software back on.
If all else fails, work with your VPN provider’s support team for more advanced troubleshooting.
Step 7: Install the VPN Client on all devices
Once you’ve tested and resolved any issues with the VPN client, install the client on all other devices. Typically this involves providing your staff with a link where they can download the VPN client software over the internet.
After the VPN client has been successfully installed and tested on all devices, select the default VPN server the client should connect to automatically. To optimize your connection speed and improve performance, select the server location that is closest to your central offices.
If your VPN provider offers a kill switch, I highly recommend implementing it. A VPN kill switch will immediately disconnect network devices from the internet if for any reason VPN connection is lost or fails. This will prevent unsecure internet connection and unencrypted data transfer until your VPN is back up.