In reading some of the prior posts it looks as if site to site and client VPN is not an option with Meraki Go. As a business owner with multiple sites, it would be great to have the ability to have some type of S2S option even if it is limited in scope or is a manual config. This can be done in multiple ways, but not having the option at all is a little disappointing. I am just giving a couple of ways to do this without stepping on Meraki propper.
1. Only allow sites that are linked to the account.
2. Manually config S2S
1. Limit client VPN to a couple of popular methods.
In any case, the admin will need the ability to limit what VLANs will participate in or can be accessed through the VPN tunnel.
That is correct. At this time, the GX product line does not implement any VPN capabilities. That being said, I would like to explore the possibility and how it could be beneficial for your business.
As it stands we would let client devices establish outbound connections, yet this approach still requires there to be a VPN server somewhere. If we could build out this feature, what would your business gain from site to site VPN? What would you stand to gain from client VPN?
Secure site to site communications is huge for business. I am aware we can setup boxes behind the units and create tunnels, but to be able able to have the edge devices establish the connects is a better solution in my eyes. A good example I had a client (not on this product) that shares a database application over a VPN tunnel over their 8 sites. The smaller sites are way to small to keep adding cost and equipment to maintain business continuity.
As for the client VPN I have a client that uses client VPN for reaching resources at his business from his home. Again fully aware that I could setup devices as small as a Pi, but is that really the direction we want to go? This client doesn't want direct access to his DC at this site so VPN to the router was the way he rather take.
I agree MG is the little brother to Meraki, but we need that balance where we still have SMB features yet not directly compete with Meraki proper.
Thank you for the insight, TyShawn! Having your point of view helps us make better decisions on difficult topics like these. Our future iterations of both software and hardware take community feedback to heart. I don't have a solution for you today (but I respect your pi approach).
That being said, we hear you and the community need VPN solutions even if they are basic. Our team is actively investigating solutions to this problem and knowing how it can benefit you and others helps us get the job done correctly.
While I would love to see VPN features added to GX, I think this is a clear differentiator between Meraki Enterprise and Meraki Go. As Go is designed around simple one site businesses with less than 20 or 50 employees, there are probably other features that are more important for that core. For businesses that have multiple sites, they should probably be looking at Enterprise. You could always setup small sites with the Z3. When you start adding this into the Go line, you start getting back to the point where it needs ongoing subscription licensing which just makes it not as appealing to micro businesses. I think there needs to be a clear line in the sand between the two offerings.