Where do you sleep Damien? :-D
A commercial solution is perfectly viable as an option, whatever you need
for the application. Just don't drink the Cisco koolaid.
___ _______
| | |
| | _ |
| | |_| |
___| | ___|
| | |
|_______|___|
*JP (Jesse Perry)*
voice/txt: 907-748-2200
email: jp@jptechnical.com
web: http://jptechnical.com
support: helpdesk@jptechnical.com
On Tue, Oct 20, 2015 at 1:40 PM, Damien Hull <dhull@section9.us> wrote:
> I'll jump in here and add my 2 cents. Which is about all I have left.
>
> 1. Don't use the Windows server as the VPN end point
> 2. In a small office situation you should use the gateway/firewall for
> this.
> 3. You can authenticate through RADIUS which ties into AD. This is a role
> in Server 2008
> 4. I would recommend an off the shelf solution rather than rolling your
> own.
>
> I'm in the middle of deploying Meraki MX80's. May not be the right
> solution for you but they seem to be working well for us. Dropping in
> Firewall number 2 this Friday. I'm deploying a total of 4. Might be adding
> number 5 if we get another office.
>
> And I know someone will kill me in my sleep for recommending something
> other than an opensource solution. I do have opensource solutions on my
> network. Just not the firewall.
>
> That's my 2 cents.
>
>
> On Tue, Oct 20, 2015 at 11:18 AM, Christopher Howard <
> christopher.howard.asi@gmail.com> wrote:
>
>> Hey guys... so I took up a job at a small business which is basically a
>> Windows shop (hey, gotta eat...) and I wanted to set up a simple Remote
>> Access VPN so the boss could access the network files while abroad. They've
>> got a WS2008 running their AD and DHCP on the intranet (but it isn't the
>> gateway). So, my first thought was to see if it had built in VPN
>> functionality. It does, but I ran into some trouble -- apparently in WS2008
>> the remote access VPN functionality is tied into the IP routing
>> functionality (which were aren't using). So, when I activated the RRAS,
>> there was some strange conflict with DHCP and it instantly disconnected
>> everyone's access to the network storage shares! Fortunately, I was able to
>> reverse things before causing too much pandemonium, but obviously now I'm a
>> bit nervous...
>>
>> So, now I am trying to figure out if it is worth monkeying around with
>> this some more to get it working, or if I should look at some other
>> approach. Maybe just put a small Linux box on the network and run a FOSS
>> VPN server from it? (I'm imagining complications down the road trying to
>> get user authentication tied into the AD system if we eventually get
>> multiple users.) I looked on our gateway router but didn't see any kind of
>> VPN functionality.
>>
>> Any sage advice from the seasoned admins?
>>
>> ---
>> This email has been checked for viruses by Avast antivirus software.
>> https://www.avast.com/antivirus
>>
>> ---------
>> To unsubscribe, send email to <aklug-request@aklug.org>
>> with 'unsubscribe' in the message body.
>>
>>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Oct 20 13:58:12 2015
This archive was generated by hypermail 2.1.8 : Tue Oct 20 2015 - 13:58:12 AKDT