1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

VPN protocols

Collapse
X
1 to 7 of 7 Previous template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
1 to 7 of 7 Previous template Next
    #1

    VPN protocols

    I have been tasked with setting up a remote access solution from home to a small office, primarily to run a remote desktop session for a Windows 2008 server. I have decided to do this with a VPN.

    Any suggestions on what VPN tunnelling Protocol to use?

    The router I have (BiPac 7402N) supports PPTP, L2TP and IPSec, with the ability to run IPSec over L2TP also. It looks like PPTP is the common choice in a Microsoft environment, but as an end user I've also used L2TP which worked well.

    As a checklist, I think I also need to do the following:

    home:
    open vpn ports on router to allow outbound traffic
    configure vpn client on laptop

    office:
    configure vpn on router (protocol: PPTP, L2TP or IPSEC)
    configure dyndns
    configure windows account

    Anything I missed?

    I know there are a few alternative solutions for this, such as VNC clients or port forwarding the RDP traffic to the server. I've had no problems in the past using RDP, so will try that first over VNC. Also, there's something a little dirty about having a Windows server reachable on the public IP?!

    Thanks.
    Tags: None
    #2
    What you want to do is use standard windows RDP.
    Whether you sacrifice convenience and performance by adding another layer of security should be you dilemma.
    So you use plain RDP or tunnel it. If it wasn't mission critical, I'd probably just port forward 3389 as that's something easy to use.

    Comment

      #3
      A lot of consumer routers, including yours I think, only support VPN "pass through" not VPN termination. That means you can connect a VPN through the firewall, but you will still need somewhere to terminate the VPN on the office side i.e. a remote access server or similar.

      So, in your position you (most probably) want to configure the windows server as a remote access / VPN server. You may also need to setup routing on the server, I'm not too sure TBH. You will also need to configure the office router to forward whatever ports are required to the RAS server, and then configure your client and home router to allow the VPN traffic to pass.

      Routing and Remote Access Service might get you started.

      Personally I use openVPN server (running on XP) and forward the necessary port to the machine running the openVPN server process. I've found it performs a lot better than terminating IPSec on a cheapo router (one that does support IPSec VPN termination), and it also seems to be a bit more NAT friendly when used over mobile internet here in Germany. It is also free.

      RDP works fine over that for me.
      While you're waiting, read the free novel we sent you. It's a Spanish story about a guy named 'Manual.'

      Comment

        #4
        Originally posted by doodab View Post
        A lot of consumer routers, including yours I think, only support VPN "pass through" not VPN termination. That means you can connect a VPN through the firewall, but you will still need somewhere to terminate the VPN on the office side i.e. a remote access server or similar.

        So, in your position you (most probably) want to configure the windows server as a remote access / VPN server. You may also need to setup routing on the server, I'm not too sure TBH. You will also need to configure the office router to forward whatever ports are required to the RAS server, and then configure your client and home router to allow the VPN traffic to pass.

        Routing and Remote Access Service might get you started.

        Personally I use openVPN server (running on XP) and forward the necessary port to the machine running the openVPN server process. I've found it performs a lot better than terminating IPSec on a cheapo router (one that does support IPSec VPN termination), and it also seems to be a bit more NAT friendly when used over mobile internet here in Germany. It is also free.

        RDP works fine over that for me.
        Well, I hope the router I have supports VPN termination as I specifically bought this model for it. I had another BiPac router which only did pass through.

        I'll give it a go on the router first and see what performance is like (now that I've shelled out for it). Failing that, I'll look at openVPN. Thanks.

        Comment

          #5
          Originally posted by xchaotic View Post
          So you use plain RDP or tunnel it. If it wasn't mission critical, I'd probably just port forward 3389 as that's something easy to use.
          Surely then, someone scanning my public IP will see port 3389 open and then be able to get a remote desktop up, with just the password preventing them from logging onto the box? As my wife uses the same (weak) password for just about every single web site she uses, I can't rely on her to use a decent password as the main line of protection.

          Comment

            #6
            Originally posted by Spoiler View Post
            Well, I hope the router I have supports VPN termination as I specifically bought this model for it. I had another BiPac router which only did pass through.

            I'll give it a go on the router first and see what performance is like (now that I've shelled out for it). Failing that, I'll look at openVPN. Thanks.
            In that case you should be good to go. Looking at the spec the router is designed for the job and has hardware accelerated encryption so performance should be decent. Perhaps I should consider an upgrade. I think mine is 6 or 7 years old now.
            While you're waiting, read the free novel we sent you. It's a Spanish story about a guy named 'Manual.'

            Comment

              #7
              Originally posted by doodab View Post
              In that case you should be good to go. Looking at the spec the router is designed for the job and has hardware accelerated encryption so performance should be decent. Perhaps I should consider an upgrade. I think mine is 6 or 7 years old now.
              Think I'll give L2TP a go as the tunnel protocol and see how that goes.

              Comment

              Reply to Thread
              1 to 7 of 7 Previous template Next

              Advertisers

              1. Contracting
                1. General
                  1. Brexit
                2. Business / Contracts
                  1. Coronavirus Assistance
                3. Accounting / Legal
                  1. Umbrella Companies
                  2. HMRC Scheme Enquiries
                  3. The Future of Contracting
                  4. IR35 Reform
                4. Technical
                5. Welcome / FAQs
              2. Social
                1. Light Relief
                2. Social / Events
              Working...
              X