Header Ads

Breaking News

The Best Business VPN Clients for 2019

While consumers are waking up to the necessity of using virtual private network (VPN) services, businesses have long deployed this technology. IT has simply done it for slightly different reasons. While keeping traffic secure is certainly still the overall goal, business IT also likes to deploy VPNs as a way to securely link entire sites with one another, not just individual users. They have also historically deployed solutions that combine software clients with dedicated hardware solutions. That's changing, however, as more businesses are moving to an all-software VPN fabric. That's because an all-software solution is intrinsically more flexible, and now more than ever, users are asking for more and different remote connection access. Not just from one location using one device, but from anywhere and using multiple devices interchangeably. Keeping your network secure means tightening up your remote connection process. The best way to do that is to ensure that all systems connecting from outside are authenticated with an identity management suite and use VPNs to secure the connection and data.

Editors' Note: IPVanish is owned by j2 Global, the parent company of PCMag's publisher, Ziff Davis.

The Best VPN Deals This Week*

  • NordVPN — 70 percent off three-year plan with bonus gift — $125.64 (List Price $430.20; Save $304.56)
  • Norton Secure — 50 percent off one-year plan on 5 devices — $39.99 (List Price $79.99; Save $40.)
  • IPVanish — 67 percent off one-year plan, plus get a free 250GB of SugarSync cloud storage — $47.99 (List Price $143.88; Save $95.89)
  • TorGuard — 50 percent off all plans, plus get a free Fire TV Stick and mini VPN router— $29.99 for semi-annual plan (List Price $59.99; Save $30.)
  • TunnelBear — 58 percent off two-year plan — $99.99 (List Price $239.76; Save $139.77)
  • PureVPN — 74 percent off two-year plan — $69.12 (List Price $262.8; Save $193.68)
*Deals are selected by our partner, TechBargains

What Is a VPN?

VPNs come in several flavors. The one most users know are the personal VPN services intended to ensure privacy while web browsing. However, businesses favor server-to-server VPNs used for connecting branch offices to the organization's central data centers as well as client-server VPNs, which is what we'll be covering here. Client-server VPNs use a client for each device connecting to an office and one server at the office to which they connect. That server determines the available protocols for connecting, typically Internet Protocol Security (IPSec) or Secure Sockets Layer (SSL). IPSec has a variety of flavors and many configuration options. But all of the clients we're looking at support virtually all of these options, including different ways of storing the cryptographic keys needed to set up a connection.

The biggest issues you'll encounter with VPN server and client setup and configuration won't be about the available options. They'll be about getting the server and client set up the same way. Users often find the process impenetrable, involving long strings of letters and numbers for the cryptographic keys, as well as ensuring that all of the many options are set the same way on both the server and client sides. Unless they're identical, you won't be able to establish a connection. For this reason, most IT professionals prefer to deploy VPNs to a pre-configured client with an install file that automatically configures the software and installs the keys. This is especially true for remote and mobile clients, which are becoming more commonplace today. A favored method is to use a client that can be emailed or installed from a USB key or CD/DVD. Users receive this physical token, insert it into their devices, and everything else is automatic; this can go a long way towards ensuring user satisfaction.

Why Not Just Use Microsoft?

Microsoft Windows 7, Windows 8, and Windows 10 all have a VPN client included as part of the base operating system (OS). Microsoft has gone to some trouble to give its IT professional customers tools that can, albeit laboriously, be set up to install this client automatically and to specific configuration specifications, with all of the features a user might need. Given that Windows is a hugely popular OS in the business world, one might wonder about the point of using separate, third-party VPN clients such as the ones we're looking at in this roundup. The answer is three-fold: cross-platform compatibility, management, and ease of use.

On the cross-platform front, the Microsoft VPN Client for Windows, as the name implies, is only available for Windows. Other platforms such as Apple iOS or OS X, Android, and all of the various flavors of Linux, have built-in or free (or paid) VPN clients of their own. But each tends to be different. Plus, having to support half a dozen different clients, even on just a midsize network with a few hundred users, can be a support nightmare. Moving to a single VPN client that works across multiple platforms can make administration and support a much simpler task.

Readers may wonder why the Cisco VPN Client or their Cisco AnyConnect product are not reviewed here since the clients are pervasive, readily available for a wide variety of OSes, and easily downloaded. The reason: their licensing scheme requires the Cisco software client connect only to Cisco hardware (the server part of the VPN). Licensing is not available for any other server, and the products we're looking at here are server-agnostic (aside from the Microsoft VPN Client for Windows, which we're using as a baseline).

How We Tested

To test these business VPN clients, we set up a simulated wide area network (WAN) link using Shunra software running on a PC with two network cards. The system allows a simulated connection operating at selectable speeds from 128Kbps to 1Gbps. For our testing, we tested at 1.5Mbps, 10Mbps, 60Mbps, and 100Mbps. The simulated WAN link was used to connect two subnets. Each subnet had a router and several PCs, including a Microsoft Windows 2012 R2 Server with files and test scripts. The PCs and VPN clients were used to connect to the opposite subnet via several VPN options, including PPTP, L2TP, and IKEv2 (if supported). Given the vast number of possible combinations of protocol, key, certificate, and encryption strength, no attempt was made to test every possible combination. Instead, each test scenario was set to use the maximum length of key or encryption bit depth in order to place the maximum possible load on the VPN client. In every case, the VPN connections were within a percentage point of each other, running as fast as the WAN link allowed, with minimal impact on the client system.

Once installed on a test machine, the VPN client was connected through the WAN simulator to an OpenVPN gateway on a Linksys LRT224 firewall. None of the clients had any problem connecting to the OpenVPN gateway and pre-shared certificates worked as they should have. Some additional testing with the Linksys IPSec VPN server also showed no connection issues.

Managing Your VPNs

A small organization will have no problem maintaining information on clients, keys, and other configuration details in a spreadsheet via cut-and-paste or simply saving the data in the VPN server's configuration utility. But that's only viable for small groups of VPNs. Organizations that have more than 20 or so VPN clients will need tools such as the NCP Secure Entry Client for Win32/64, which automates initial configuration and deployment and even has tools to help troubleshoot them in the field.

The security afforded by VPN solutions is good, even using just the basic settings. Sure, if the NSA wants your data, then they can probably get it no matter which solution or degree of encryption you're using. But lesser hackers and digital ne'er-do-wells will likely be stymied by a VPN and move on for easier prey if there's an unpatched vulnerability on either side of the connection they can exploit. Many of the recent ransomware and other widespread malware infestations would not have been possible if OSes and applications had been kept patched. A good VPN solution should have the option to download and install patches automatically, or after patches have been cleared by IT, for both the client and server portions. TheGreenbow IPSec VPN Client and the NCP Secure Entry Client for Win32/64 provide automatic update functionality, while the Microsoft VPN Client for Windows typically gets updated as the OS does.

All of the clients have the ability to install silently and from a pre-configuration file so users don't need to understand or enter data to get the client up and running. Even the Microsoft client can do this, although the process for the administrator to get everything set up is manual and will require some testing to ensure a smooth installation. Once that's done, the admin can email the user an installation executable file (or send them a CD or USB drive), including the configuration file and the certificate or pre-shared key file (in a separate message for security). The user simply double-clicks the installer and, after a short period, the VPN connection is available to them.

The four vendors we review here offer clear documentation on how to set all this up. TheGreenbow, NCP Secure Communications, and to a lesser extent OpenVPN, offer some management utilities to help the admin set things up without having to write scripts. Microsoft does, too, although you'll need to do some searching on TechNet, its IT professional knowledge base.

These aftermarket VPN client utilities offer substantial benefits beyond the simple built-in capabilities of the Windows 10 VPN client, and cross-platform support to make it easier for an organization to supply VPN services to a diverse group of devices. With prices ranging from free to $79 per client, they're not all cheap. However, the savings in setup and support costs could quickly amortize the costs while keeping an organization secure, despite the best efforts of their increasingly mobile users.

  • NCP Secure Entry Client for Win32/64

    Pros: Easy install. Full feature set that supports all remote clients. Great extra features including one-click installation, cellular roaming, and network access control.

    Cons: Exact pricing, support, and other key buying criteria are the responsibility of NCP resellers.

    Bottom Line: In its Secure Entry Client for Win32/64 VPN client, NCP delivers a very capable system with lots of extra features that can help IT staffers improve deployment, security, and remote client support on just about any type of device.

    Read Review
  • OpenVPN 2.4.3

    Pros: Powerful and flexible. Installs on a wide variety of Apple, Linux, and Windows operating systems. Supports cloud instances and virtual appliances. Supports mobile (Android, iOS) and even BSD.

    Cons: Installation of the Community Client requires knowledge or significant research. Connect Client only intended to work with the OpenVPN server.

    Bottom Line: OpenVPN is something of a standard in the open source world, but OpenVPN 2.4.3 represents only the VPN client portion of that equation. It's flexible and well managed and connects to a wide variety of servers, but connecting it to the rest of the OpenVPN solution will require IT-level knowledge.

    Read Review
  • TheGreenBow IPSec VPN Client

    Pros: Excellent deployment tools. Wide support for many different vendors' VPN servers. Options for key storage. Full set of encryption and authentication options.

    Cons: No Apple iOS or OS X support. Fairly expensive.

    Bottom Line: While it has a weakness when it comes to Apple devices and platforms, TheGreenBow IPsec VPN Client is a solid example of a third-party, universal VPN client.

    Read Review
  • Microsoft VPN Client for Windows

    Pros: Updated client included with every version of Windows. Pre-configuration or configuration files make setting up remote VPN connections straightforward. Supports the major VPN servers.

    Cons: No clients for any operating system other than Windows. Doesn't include management tools if Microsoft System Center isn't already installed.

    Bottom Line: You'll find the Microsoft VPN Client for Windows as a native part of most versions of the Microsoft Windows and Windows Server operating systems. Overall, it's a solid solution, but has a ways to go to match the flexibility and multi-client support that you'll find in a good third-party solution.

    Read Review

Source link

No comments