Best VPN option for AD/RRAS?



  • I'm going to be implementing a VPN setup at a site that I've got PFSense deployed at. I'm very familiar with how to setup PPTP for Windows computers, but since that's been broken….  >:(

    Anyways, what VPN implementation would you recommend for my situation considering:

    -We have about 10 users that would be online at any given time
    -We have a pair of PowerEdge R200s online for PFSense
    -We are a 100% Windows/AD environment with an RRAS and NPS server
    -Username and password based auth is required. Secure though they may be, certs installed on both ends are out of the question.
    =EDIT- Also, the use of Windows' integrated VPN client is necessary

    Thanks!



  • Given your strict requirements list, I believe your only option is L2TP/IPSec Windows clients against the RRAS server.

    Anyhow the extra cost (in hardware, software and maintenance) for a dedicated RRAS server seems to exceed the effort of setting up a non Microsoft VPN client (ie Shrewsoft or OpenVPN).

    Regards,
      Corrado



  • Aye, that may be. We've got a heavily virtual environment so for us its zero marginal cost to spin up another VM for that purpose. Though I am intrigued by OpenVPN. That it can export a setup executable is really cool. I might just go with that instead.

    Other thoughts?


Log in to reply