PDA

View Full Version : VPN Config



inphinity
12-11-2009, 08:25 AM
Heyas,

So, I am trying to decide on the best way to set up a VPN connection, for usability & performance without sacrificing security.

The network setup that the VPN will connect in to, is a DSL Router / Firewall appliance, the LAN port of which connects to a NIC on an SBS2003 box, and then the LAN is connected to a second NIC on the SBS2003 box.

The router / firewall supporst PPTP, IPSec or L2TP with IPSec VPN connections. The SBS2003 box has RRAS installed.

Is the best way to simply use PPTP, forward it through to the SBS box on the router, and do authentication / DHCP there.

Is it better to use the router/firewall as the end point? If so, how do we handle LAN traffic to devices on the LAN other than the SBS server?

Is there a third alternative I'm missing (IPSec to the router then PPTP to the SBS box? lol - hey if its best, I'll do it)?

Thanks for your input!

razzarphenix
12-11-2009, 09:38 AM
No mention if the SBS Box is running ISA or not?

I personally recommend OpenVPN (to the SBS box) its generally easy to setup and more secure than PPTP its also more resilient. If your running ISA on the SBS box its a bit more pain to get the rules to work right (OpenVPN is normally a piece of cake).

Chilling_Silence
12-11-2009, 01:50 PM
Yeah port forward the PPTP port to the box, generally the Wizard with SBS works quite well.

I'm with razzarphenix though, give yourself an extra hour or two and play with OpenVPN. Much better!

inphinity
12-11-2009, 02:53 PM
No, no ISA, all the firewalling is done by the router with just NAT at the SBS box - hence being a little hesitant to really use it as the VPN endpoint as well, but if we must, we must.

I'll check out OpenVPN, but a cursory glance suggests I have to run it as a Virtual machine under Windows? I don't really want to add that much extra workload on to the SBS box, it struggles a bit as it is :X

Erayd
12-11-2009, 03:11 PM
...but a cursory glance suggests I have to run it as a Virtual machine under Windows?
Not at all - what gave you that idea?

inphinity
12-11-2009, 03:20 PM
Not at all - what gave you that idea?

The options for the Choose your OS in the download page are CentOS, RedHat, Fedore, Ubuntu, Virtual Appliance (VMWare), Virtual Appliance Windows (VHD).

Erayd
12-11-2009, 03:50 PM
The options for the Choose your OS in the download page are CentOS, RedHat, Fedore, Ubuntu, Virtual Appliance (VMWare), Virtual Appliance Windows (VHD).
You're looking in the wrong place - that's the download page for OpenVPN Access Server.

What you probably want is this (http://www.openvpn.net/index.php/open-source/downloads.html) page (the download page for OpenVPN.)

razzarphenix
12-11-2009, 08:11 PM
This link (http://www.runpcrun.com/howtoopenvpn) will get you started.

Chilling_Silence
13-11-2009, 05:24 AM
...not to be left out, have a look here: http://openvpn.se/

OpenVPNGui is a nice app that gives you a systray icon for connecting between multiple VPN connections (Or even just one) on windows systems.

If you read the OpenVPN HowTo, you'll see there's actually quite a lot of references to Windows systems also :)

inphinity
13-11-2009, 07:51 AM
Thanks :)