VPN Configuration | Process Street VPN Configuration – Process Street

Introduction to VPN Configuration:

VPN Configuration - Process Street

This Process Street VPN configuration checklist is engineered to allow an administrator to prepare a staff member's laptop for remote access to an internal network through establishing a VPN.  

This use case reflects the need to keep internal systems secure within the context of an increasingly remote work culture. This is particularly relevant to members of staff with higher levels of access to sensitive data, as all precautions must be put in place to secure important information.

The process has two real steps:

  1. Enabling the router in the office.
  2. Setting up the VPN access on the staff computer.

However, given that most security breaches are not the result of technical failures but of human error, the main purpose of this process is documentation.

By running the checklist, we can record who has been given remote access, why they have been given it, and whether or not HR has been notified of the event. This means that if an employee is fired from the company, HR will know to contact IT to revoke the remote access, etc etc. It is the process which attempts to overcome the human and communication errors.  

This template is also entirely editable so that you can adapt it to the specific needs of your company, adding or removing steps at will.  

If you want to know more about configuring VPNs you can watch the video below from one particular provider:

Setup IPSec VPN Access to Work Network for Remote Users using FortiClient

Record staff details

Use the form fields to record the details of the individuals involved in this process.

Check the office VPN-enabled router is functional

Make sure the VPN is working correctly. 

The VPN router should have:

  • wired and wireless connectivity
  • the ability to support up to 10 connections
  • built in VPN features

Make sure the router is secure

Given that this router is allowing access to the organization's network from outside, it is vital you put strong security measures in place to protect sensitive data. 

Make sure that the router is encrypted. Choose the highest levels of security your VPN router provides. This will likely be WPA2 with AES.

Use the form field below to record your notes.

Set a strong password for the router

It is important to make sure all access is password protected.

For regular use, you can consider using a password generator and manager like 1password.

However, for highest security access you could consider reviewing the steps in our Privileged Password Management checklist. 

Enable remote management on the router

Within the router's settings you should find the option to enable remote management. 

Make sure this is enabled

Add the member of staff as a user

Inside the router's software, you should have the ability to create user accounts. 

Create the first user account. 

This will be the account given to the member of staff for them to connect to the router remotely. 

Download and install the VPN client software on staff device

Choose the VPN client software you wish to use and install it onto the staff member's device

You can find a selection of VPNs to consider at the following link: 5 Best VPN Software 2017.

Include in the form field which software you have chosen.

Configure the new connection within the settings

Now we need to configure the VPN and set up the network connection.

Follow the steps below to show you where these options are located on Windows and on Mac:

  • In Windows, go to Control Panel, Network and Sharing, Create a New Connection, VPN.
  • For a Mac, you’ll go to System Preferences, Network, +, VPN.

Here you enter the IP address. If you have a static IP address it should work fine.

Record in the form field below the OS of the staff device:

Test the connection

Test your connection to see if everything works!

Notify HR to record which employee has remote VPN access

It is important for others within the organization to have a record of what has been set up in case of changes within the company. 

For example: When the staff member finishes working at the company, they should have their access revoked.

Use the email widget below to send an email to HR to notify them of the remote access setup. You can use the variables to automatically pull information into the email.

Troubleshooting:

Check whether you have a static or dynamic IP address

One problem which might occur is that the VPN doesn't connect well with a dynamic IP address. This can lead to the VPN breaking and needing to be regularly fixed. 

You are presented with three options:

  1. Accept that the VPN will need occasionally updating
  2. Acquire a static IP address
  3. Set up a dynamic Domain Name Server which points to the office. 

This third option will make sure the DNS provides a consistent address to the VPN while adapting itself to the dynamic IP address used in the office. This can cause occasional small delays but will fix the problem pretty comfortably, 

Sources: