VPN advice please
Been testing the schools VPN access from my home laptop today and already I've got a question!
Right, connecting using PPTP and found that when the VPN connection is up I'm unable to use IE to browse the web from my laptop. What setting do I need to change this?
Although I've got PPTP working I would rather use L2TP because I can limit what computers are used to connect to the school network. Is there a guide that would help me with installing certificates on the clients and server?
goto the connection you have just made ( start > setting network connections)
right click your VPN connection
UNTICK use default gateway on remote host
Thanks for that. Now I just need to get L2TP working :D
How is your VPN serverside setup? Windows 2008 RRAS, ISA?
The method above will work fine and allow connections from the VPN client to access the web directly. The only issue with it and why it is not enabled by default is that it provides a path back into the secure network that can be exploited if the machine is compromised. Usually in this kind of scenario in ISA it is just a case of allowing VPN clients access to the external internet network set to allow the clients to pass all internet traffic through the school connection which lets you stay protected behind the firewall.
It depends on your setup as to how difficult higher security VPNs will be to setup, ISA makes it much easier but you can do it with just a Windows server. You could also use SSL VPN if you have Windows 2008 and Vista or higher clients which are even more robust or DirectAccess if you are a masocist and have 2008 R2 and 7 clients along with two public IPs.
Configuring Windows Server 2008 as a Remote Access SSL VPN Server (Part 1)
How to install and configure a Virtual Private Network server in Windows Server 2003
Security in Windows Server 2003 - L2TP + Certificate
Provide VPN services using Windows Server 2003 : TechGuides : Windows Server : ZDNet Asia
Installing and Configuring a Windows Server 2003 Stand-alone Certification Authority
Install Windows Server 2003 CA
Lots of good guides there, thanks.
We're using server 2003 and XP clients although I've been testing with my home laptop that's running Windows 7 and it connects fine using PPTP.
I know what you mean about exploition which is why I only want VPN to be used from 3 or 4 certain laptops.