[Red Liner]

We want to configure VPN (Virtual private Network ) to access our server from outside through the internet. We are on a 100% Microsoft environment.

I understood from my IT admin guy that we need to to install the Network policy and Access Services Role coming under server 2008. In this we need to configure RRAS ( Routing and Remote Access Services ) to get connected to our server remotely.

We've done this, and it doesn't seem to work.

Our other option is to buy a VPN router available in the market. But it will cost 7500 rupees and doesn't justify our need.

Can anybody here write in a post on how we should go about this? Or any links to any material on this topic? Any help would be fantastic!

[vraghuz]

Hi,

Connecting to a Win2008 Server directly into the Internet for VPN is really a bad idea, i would suggest you buy a entry level firewall hardware , which can support either PPTP or SSL connection which will serve your need on a long term.

There are lots available in the Market OR another scenario is a Linux based system which can also act as a Firewall & also authenticate your VPN Clients.

Ra.

[Red Liner]

Quote:

Originally Posted by vraghuz

Hi,

Connecting to a Win2008 Server directly into the Internet for VPN is really a bad idea, i would suggest you buy a entry level firewall hardware , which can support either PPTP or SSL connection which will serve your need on a long term.

There are lots available in the Market OR another scenario is a Linux based system which can also act as a Firewall & also authenticate your VPN Clients.

Ra.

Raghu, this is venky

Okay, so there is no option apart from buying the silly hardware. Well, its not VERY important to access the server environment from the outside right now.

[2500cc]

1. How many people will be connecting to your server ?
2. Do you have licensed version of Microsoft Threat Management Gateway or IAS ? If yes, your requirement can be easily configured.

Windows Server 2008 is unlike other operating systems from Microsoft. This is built to last and is quite stable.

Regards,
Rajesh

[vraghuz]

Quote:

Originally Posted by Red Liner

Raghu, this is venky

Okay, so there is no option apart from buying the silly hardware. Well, its not VERY important to access the server environment from the outside right now.

Venky,

It's better to have this box for a short or a long run , which you can use it for VPN Client Authentication, which you can also integrate with Microsoft IAS (like Rajesh Quoted) so that you can integrate with the Domain Users if you have a Domain Controller with AD installed in your Network. this makes you life easy.

With this you can access any of your Office resources without fear of a Easy Hack on the Server !!

Raghu.

[cooljai]

You can "theoretically" use an all Microsoft setup for remote connection, but that is not recommended.
In your case it could have failed because of some certificate or NAT issues.
Here is a detailed guide which might help you
Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 1)

But remember that you are opening your network and have no idea who all might choose to come in. So make sure your IT guy knows very well what he is doing!

[NetfreakBombay]

Quote:

Originally Posted by Red Liner

Okay, so there is no option apart from buying the silly hardware. Well, its not VERY important to access the server environment from the outside right now.

Hamachi service from LogmeIn seems perfect fit for your requirement

Pros:
1. Its free
2. Setup is breeze
3. Your Network is not exposed . No need to change anything on firewalls etc. Windows machine would not be directly exposed to internet.


Cons:
1. Traffic passes though LogMeIn servers

http://www.logmeinhamachi.com/

[sam003]

You can use Teamviewer too in case you directly want to access server from anywhere (even from iphone).

[CRV2010]

How about openvpn ? I have been using it from past two years.

[NetfreakBombay]

OpenVPN is a great solution if someone is willing to either pay for it or is willing to spend time and efforts on configuring the free version.

Its client is easy to use, but server requires some effort to install and configure.

[Red Liner]

Amazing!

So between Open VPN, Team viewer, and Hamachi, how would you guys rank them in order of:

1. Implementation - ease of implementing on our server and respective client machines
2. Security - no loopholes, no interference from the outside
3. Usability - one click access to the server kind of usability.

End users will be a mix of Mac and windows machines.

[k_nitin_r]

Quote:

Originally Posted by Red Liner

In this we need to configure RRAS ( Routing and Remote Access Services ) to get connected to our server remotely.

We've done this, and it doesn't seem to work.

Our other option is to buy a VPN router available in the market.

The Microsoft Routing and Remote Access Service included with Microsoft Windows Server 2008 will let you connect to your network remotely. It will work if configured correctly - you can hire a consultant to set it up for you if you are having problems with it.

BTW, how many users are you expecting to connect to the VPN? If you are expecting under 20 users, a VPN server will suffice. If you are expecting a large number of VPN users, you may want to invest in a VPN router.

If you have an old computer around in the office, you can also setup a Linux based VPN server.

[longford]

Hi

There are two different offerings here. One is a service and the other is a solution.
Logmein, Teamviewer are excellent service offerrings that work on the same lines like a Yahoo/Msn chat. The server is hosted somewhere on the internet, your computer connects to that server on a SSL tunnel, the server makes a tunnel to your target computer and the screen frames are transported to and fro.

OpenVPN, MS and other products in this space, lets u setup a VPN server at your premise. This involves server, leased lines and IT admin knowledge. This is useful when you have quite a few guys running on the ground and connect over the net. But requires patience for setup and hardening of network paths for breaches.

If it is just 1-2 guys who need a login, the service offering may work out just fine, provided your org does not have issues with exposing the target comp to the intermediary server.

Setup your own VPN server with a robust firewall and that will serve you well. Most cos prefer this option as the connection is secured till your server and no intermediaries are involved.

Both options are good, take your pick. There are ton of materials for setting up your OpenVPN server.

[Red Liner]

Quote:

Originally Posted by longford

Hi

There are two different offerings here. One is a service and the other is a solution.
Logmein, Teamviewer are excellent service offerrings that work on the same lines like a Yahoo/Msn chat.

OpenVPN, MS and other products in this space, lets u setup a VPN server at your premise.

If it is just 1-2 guys who need a login...

Thanks mate. It will just be 2 or 3 people at any given point of time. When you say, information open to an intermediary server, is that something I should be overly concerned about? Can they mess around?

[optimist]

Quote:

Originally Posted by Red Liner

Raghu, this is venky

Okay, so there is no option apart from buying the silly hardware. Well, its not VERY important to access the server environment from the outside right now.

Try setting up "IPcop / Smoothwall / pfsense " linux firewalls distros on some discard pentium pc's with 2 network cards. no need to buy anything. just google for the software. They are GPL'ed distros (open source). They are managed and quite configurable via a web page.