Title: Simplifying VPN Access on Microsoft Windows-managed Networks Post by: EveningStarNM on Saturday 11 January 2014, 08:48:39 pm I really like the firewall services that Endian supplies. IMHO, the IPS, when combined with Clam, provides more than the minimum level of deep packet inspection that is required for small networks. On the other hand, I am not a fan of it's VPN support. OpenVPN, while it is certainly secure, adds a layer of complexity to workstation configurations that is redundant when Active Directory (or even just the Windows Routing and Remote Access Service) is employed. However, if Endian provided L2TP and Active Directory integration for authentication, as older versions of Endian do with plugins, then it would be ideal.
I've chosen to poke the two necessary holes (one for the TCP port, one for the protocol) in the Endian firewall to send all VPN traffic to a server behind it. It's simple, and takes advantage of the facilities already built in to Windows. Even networks than don't use Active Directory can take advantage of that configuration. I urge those having problems with Endian and VPN --- and who have a server available to provide routing for the local network -- to consider using that server to authenticate VPN connections. |