We've noticed that people almost never read the New York Times in print
here at the Collingswood (NJ) Public Library, an independent,
single-branch, municipal public library serving 18,000 people. But we
believe they'll be very interested in reading the NYT online.

Online access costs about the same for us as print. We get unlimited onsite
access based on IP authentication, which is great: we have static IPs
associated with WiFi access, public workstations, and staff computers.

We also get 10-20 passes (based on price), good for unlimited offsite
access, that expire every 24 hours. But for offsite access we need to
provide IP authentication.

Typically, that means EZProxy. I'm pretty sure we can't fit EZProxy into
our budget. But we need some way to make sure NYT knows that traffic to is coming from or through
us. After we provide NYT with some form of IP authentication, our
cardholders would then sign in with an email address and password and
receive their 24-hour access.

All of our online access to other databases and services is through card
numbers: we provide a range, and the service authenticates against that
range, typically authorizing access via SIP as well. NYT isn't currently
configured for that type of authentication.

We need to keep the solution inexpensive. Something like a $5/month Droplet
and simple to install and maintain open source software could work. Or an
inexpensive hosted VPN that offers static IPs and can somehow be configured
to accept our card number range for authentication? Or...?