VPN Configuration

This Process Street VPN configuration checklist is engineered to allow an administrator to prepare a staff member's laptop for remote access to an internal network through establishing a VPN.  

This use case reflects the need to keep internal systems secure within the context of an increasingly remote work culture. This is particularly relevant to members of staff with higher levels of access to sensitive data, as all precautions must be put in place to secure important information.

The process has two real steps:

1. Enabling the router in the office.
2. Setting up the VPN access on the staff computer.

However, given that most security breaches are not the result of technical failures but of human error, the main purpose of this process is documentation.

By running the checklist, we can record who has been given remote access, why they have been given it, and whether or not HR has been notified of the event. This means that if an employee is fired from the company, HR will know to contact IT to revoke the remote access, etc etc. It is the process which attempts to overcome the human and communication errors.  

This template is also entirely editable so that you can adapt it to the specific needs of your company, adding or removing steps at will.  

If you want to know more about configuring VPNs you can watch the video below from one particular provider:

Use the form fields to record the details of the individuals involved in this process.

Make sure the VPN is working correctly. 

The VPN router should have:

• wired and wireless connectivity
• the ability to support up to 10 connections
• built in VPN features

Given that this router is allowing access to the organization's network from outside, it is vital you put strong security measures in place to protect sensitive data. 

Make sure that the router is encrypted. Choose the highest levels of security your VPN router provides. This will likely be WPA2 with AES.

Use the form field below to record your notes.

It is important to make sure all access is password protected.

For regular use, you can consider using a password generator and manager like 1password.

However, for highest security access you could consider reviewing the steps in our Privileged Password Management checklist. 

Within the router's settings you should find the option to enable remote management. 

Make sure this is enabled. 

Inside the router's software, you should have the ability to create user accounts. 

Create the first user account. 

This will be the account given to the member of staff for them to connect to the router remotely. 

Choose the VPN client software you wish to use and install it onto the staff member's device. 

You can find a selection of VPNs to consider at the following link: 5 Best VPN Software 2017.

Include in the form field which software you have chosen.

Now we need to configure the VPN and set up the network connection.

Follow the steps below to show you where these options are located on Windows and on Mac:

• In Windows, go to Control Panel, Network and Sharing, Create a New Connection, VPN.
• For a Mac, you’ll go to System Preferences, Network, +, VPN.

Here you enter the IP address. If you have a static IP address it should work fine.

Record in the form field below the OS of the staff device:

Test your connection to see if everything works!

It is important for others within the organization to have a record of what has been set up in case of changes within the company. 

For example: When the staff member finishes working at the company, they should have their access revoked.

Use the email widget below to send an email to HR to notify them of the remote access setup. You can use the variables to automatically pull information into the email.

One problem which might occur is that the VPN doesn't connect well with a dynamic IP address. This can lead to the VPN breaking and needing to be regularly fixed. 

You are presented with three options:

1. Accept that the VPN will need occasionally updating
2. Acquire a static IP address
3. Set up a dynamic Domain Name Server which points to the office. 

This third option will make sure the DNS provides a consistent address to the VPN while adapting itself to the dynamic IP address used in the office. This can cause occasional small delays but will fix the problem pretty comfortably, 

• Configure a Remote Access VPN Server - Microsoft
• Step by Step Guide to Set Up Remote Access VPN Server - Database Mart
• How to Set Up a VPN to Access Your Office Files Remotely - Sumac
• Connecting to Your Office Computer Using Remote Access - SSCC

• Privileged Password Management
• Network Administrator Daily Tasks
• Network Security Audit Checklist
• Firewall Audit Checklist
• VPN Configuration
• Apache Server Setup
• Email Server Security
• Penetration Testing
• Inventory Management Process
• Network Security Management
• Client Data Backup Best Practices
• Computer Maintenance Guide
• Server Setup Process
• Virtual Private Server Setup
• IT Support Process
• Helpdesk Management
• Server Maintenance
• Server Security
• Information Security Incident Response
• SQL Server Audit Checklist