I manage a small-office network but have very little actual networking knowledge / understanding.
The network has a consumer grade wifi router (Netgear DG834G), several PCs/Macs, some iPads connected via Wifi, and a couple of file servers (also consumer-grade Netgear ReadyNAS boxes)
I have setup a VPN between one PC (WinXP) on our network and a distant VPS box (AWS EC2), with openVPN; I use the VPN connection in order to have a US-based IP address (since I'm not in the US).
Here's what I would like to do: I would like to be able to use the VPN from the other machines on the network, including the Wifi connected ones (iPads), without setting up a VPN client on each machine.
I think I need to either have one machine setup as a gateway that the other machines would use, or maybe connect another router that would act as both a gateway and a VPN client, that one could choose to connect to in order to go through the VPN tunnel? Or am I looking for a proxy?
(I'm a little confused, sorry if the above is unclear).
What's the simplest way to achieve that? There must already be tutorials describing what I want to do, but I can't seem to find any after numerous Google searches…
Best Answer
I see two problems that you need a solution to; unfortunately none of them are really "easy" and I would recommend getting assistance from a 3rd-party small business consultant in your area as you're dealing with client's trust here, and losing that would probably be a very bad thing.
a client wants to maintain an encrypted connection with your office at all times. This is traditionally solved with a site-to-site IPSec VPN tunnel that's established (usually) between both firewalls. With routes setup (and making sure there's no overlap between LAN subnets), you can ensure that traffic to and from your office to their office is always encrypted, so long as each side is accessing each other's resources via their LAN subnets. i.e. if there's an application or Web service (like an Intranet) that you would need to access on their side, you would pull up http://192.168.1.5, where 192.168.1.0/24 is their LAN subnet and 192.168.1.5 is their Webserver running the Intranet.
You want to access US-only websites office-wide. I would look into setting up a proxy in a micro Amazon EC2 instance with authentication and firewall rules to only permit access to your office's WAN IP. Squid could easily be setup, or even tinyproxy, as you wouldn't really benefit from having caching enabled. You could then setup FoxyProxy in FireFox with a whitelist of the US-only sites so that only the US-only websites are accessed through the proxy, or you could do the same with another proxy sitting on your LAN that would determine which upstream proxy to use (if any) by requested URL (domain). I would also google around for "Hulu proxy services" or "Hulu VPN" as there might be a more canned solution out there that takes alot of this guess work out.