Looking for secure, high-performance, and scalable VPN site-to-site networking for branches, home offices, and cloud – preferably with OpenVPN and WireGuard? ICT Berlin GmbH plans, implements, and operates tailored solutions for medium-sized businesses in Berlin & Brandenburg. Including SSO/MFA via Microsoft Entra ID and device compliance via Intune – optionally exclusively for managed devices.

OpenVPN & WireGuard: VPN & Site Networking for Berlin Businesses

We connect branches, remote workers, and cloud resources with modern, efficiently encrypted tunnels. WireGuard offers extremely low overhead and state-of-the-art cryptography; OpenVPN excels with broad client availability and SSO capability (OIDC/SAML). When interoperability with cloud gateways (e.g., Azure/AWS) is needed, we integrate IPSec complementarily.

Your Benefits at a Glance

  • Security by Design: End-to-end encryption (WireGuard/NoiseIK, TLS for OpenVPN), segmentation, least privilege, logging.
  • One Login for Everything: SSO & MFA via Microsoft Entra ID; access optionally only for Intune-managed and compliant devices.
  • High Availability: Dual-WAN, 5G/LTE fallback, automatic failover, health checks & monitoring.
  • Performance & Scaling: Low overhead (WireGuard), policies & prioritization for business-critical applications.
  • Transparent Operations: Documentation, SLA options, monthly reports, German-language support.

Typical Use Cases

  • Branch/Office Network: Site-to-site with WireGuard/OpenVPN – stable even behind carrier NAT.
  • Home Office & Mobile: Remote access VPN with MFA/SSO – Windows, macOS, iOS, Android, Linux.
  • Partner Access: Strictly segmented access to defined services/networks (least privilege).
  • Cloud Connectivity: Azure/AWS/GCP via gateway VMs (WireGuard/OpenVPN) or native gateways (typically IPSec).
  • OT/IoT & Remote Maintenance: Separation of office IT and production, secure, auditable access.

Our Services

1. Consulting & Architecture

Workshops & assessment (locations, applications, bandwidth, compliance). Architecture design for WireGuard/OpenVPN (site-to-site & remote access), segmentation, QoS/prioritization, and zero-trust policies.

2. Implementation

Gateway/firewall rollout, tunnel setup, routes and policies, DNS/name resolution, integration with Microsoft Entra ID (SSO/MFA for OpenVPN) and Intune (key & profile distribution; managed devices only).

3. Handover & Training

Documentation (network plan, addressing, runbooks), admin/user guides, and onboarding packages for your employees.

4. Operations & Support

Proactive monitoring & alerting, regular updates & hardening, SLA-based support from our team.

Technologies & Variants

Site-to-Site (WireGuard/OpenVPN)

Very high performance (WireGuard), NAT-friendly, optional dynamic routing (BGP/OSPF) over tunnels, HA clusters & dual-WAN.

Remote Access (OpenVPN & WireGuard)

Cross-platform clients, MFA/SSO with Entra ID for OpenVPN (OIDC/SAML), automated key/profile distribution via Intune for WireGuard/OpenVPN, split or full tunnel per policy.

SD-WAN

Application-based path steering, WAN optimization & QoS, intelligent failover (MPLS/fiber/5G), detailed visibility of traffic & experience KPIs.

Cloud Connectivity

Gateway VMs with WireGuard/OpenVPN in Microsoft Azure, AWS, and GCP, or use of cloud-native VPN gateways (typically IPSec) – we choose what makes operational and economic sense.

Security & Zero Trust

Segmentation/VLAN, least privilege, MFA, device compliance checking, no BYOD access, SIEM integration on request.

Microsoft Integration: Entra ID & Intune

  • Entra ID (Azure AD): SSO/MFA via OIDC/SAML for OpenVPN, identity-driven access control.
  • Intune: Distribution/rotation of WireGuard keys and OpenVPN profiles; access only from managed, compliant devices.
  • Conditional Access: Risk, location, and device state as conditions; WireGuard policies enforce compliant endpoints.
  • Clients: Windows, macOS, iOS, Android, Linux; optional Windows AOVPN (IPSec) for special cases.

Architecture Blueprints (Examples)

  • Compact (2-3 locations): WireGuard site-to-site, central gateway at headquarters, OpenVPN/WireGuard for home office, dual-WAN at headquarters.
  • Growth (4-10 locations): SD-WAN with prioritization for telephony/ERP, centralized internet breakouts, 5G fallback per location.
  • Hybrid Cloud: On-premises locations via WireGuard/OpenVPN gateway in Azure VNET (or IPSec gateway if interoperability required), SSO via Entra ID, hybrid files/apps.

Project Process – How We Work

  1. Kick-off & Assessment (current state analysis, objectives)
  2. Design & Proposal (variant, security level, SLA)
  3. Pilot (proof of concept, load testing)
  4. Rollout (location by location, change windows)
  5. Operations (monitoring, updates, review meetings)

Costs & Budget – What It Depends On

  • Number of locations & users
  • Bandwidth, dual-WAN, 5G/LTE fallback
  • SD-WAN feature scope & security level
  • High availability (clustering), cloud connectivity
  • SLA (response times), monitoring & reporting

We’re happy to provide fixed project pricing and transparent operating costs. Request your individual quote – we’ll create it after a brief assessment in just a few steps.

Get Consultation Now!

Would you like consultation on OpenVPN & WireGuard VPN? Contact us – we’ll find the solution that perfectly fits your requirements.