Slashdot Mirror
VPN Solutions for Small/Medium Businesses?
artbeall asks: "I work for a small company and we are looking at various commercial VPN solutions, however many seem to be too expensive for us. I am interested in what solutions other small/medium size companies are using for their VPN. Of course, we want a SECURE system that is compatible with common network gear like Cisco as well as being able to run the VPN client on Linux, Solaris, and Windows. Does anyone have suggestions or ideas?"
Depending on what you mean by a 'small' company, I would look into using a Cisco PIX 506E. On CDW right now, they're ~$830. It sounds like it would meet all of your needs. I've used the PIX 506E for several smaller sites and it 'just works.'
-- "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." -A.Einstein
I've been trying Hamachi. It seems to work as advertised. It makes a connection between a computer behind a hardware and software firewall with a cable ISP and another computer behind a hardware and software firewall with a DSL ISP. Both hardware firewalls have NAT (Network Address Translation. I know not everyone who reads Slashdot works with this.)
However, the cable ISP is Comcast. Comcast, in this area, seems to throttle or stop anything besides HTTP traffic.
Why not use openvpn ? We run this on Linux, Openbsd and Windows.
Hey. We run a medium sized ISP out of wilmington, delaware and we have hads GREAT luck using IPCOP and Linksys BEFSX41 endpoints. The linksys routers are easy to setup and configure and they can be bought cheaply on ebay or any staples or compusa. IPCOP is completely linux based , The setup is more idiot proof then a windows install, and it has a web based admin which rivals standard stand-alone routers. Ipcop can run on tons of hardware configurations. We personally run it with 5 Network cards and it handles the VAST MAJORITY OUR OUR ROUTING needs. did i mention ipcop is free? Give it a try.
Since its a small company, I assume you use a windows2000 or 2003 domain. Use an OpenBSD box that redirects PPTP connections to the windows server.
Sure there are superior systems but they dont necessarily 'fit' into the small business wintel setup. If youre running an all Linux network, you wouldnt be asking this question and you sure as hell wouldnt look around for commercial offerings.
If your users are OK with typing in an extra password, use OpenBSD's own SSH or ipsec based VPN, and L2TP on the client windows side.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
At work (~90 employees...I guess that would qualify as medium-sized??) we use a Cisco VPN 3000 Concentrator. It's been rock-solid for us for two years now, and I'd highly recommend it. If you want to go the VPN-client route, cisco has official clients for Mac, Windows and Linux, but the box is also compatible with the PPTP vpn clients that come with most modern operating systems and it's also fully IPsec compatible. So...for example, if you wanted to, you could set up a linux gateway at home that would connect to your work VPN and establish a LANLAN VPN link.
If this proves to be too expensive, you ought to look ag OpenVPN. It's quite stable at this point, and they have clients for Windows, Mac and Linux as well. You'll have to have some amount of knowledge of linux networking/firewalling to get it set up right, but there's plenty of documentation out there to guide you.
I've set up a PPTP VPN using a Ubuntu 5.10 server and PoPToP. All you need is to port forward the PPTP port to the set-up server.
Windows has the client native to the system. Linux can compile PPP and the PPTP client, and w/kernel 2.6.15+ you don't need to patch the kernel to get MPPE encrypton/compression. Solaris, alas, needs some patching. I googled this:
http://mcarpenter.free.fr/Dev/pptp.php
All works fairly well.
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
If you want good integration with windows (read: PPTP), and want to keep it on a nice cheap *nix box, try Poptop . Runs on most any *nix, entirely compatible with the builtin PPTP support in recent versions of windows. I've been running it for my own purposes (admittedly not on a "small business" scale, only one or two users) for years on a modest linux box and it hasnt given me any trouble connecting from WinXP or linux clients.
I'm not sure if you are using Windows Server 2003 on site, but if you have a license to it then Microsoft already has a VPN solution. See this how-to:o ws-2003-vpn-server/
http://blog.hishamrana.com/2006/04/07/how-to-wind
Go to openvpn.net. It's very straightforward to get a multiuser openvpn server up, using pre-shared keys or certificates. It's free, it's simple, it's multiplatform, and it's sufficiently secure for business purposes.
(However, if by "compatible with common network gear" you mean you need to host a VPN endpoint on a Cisco box, then OpenVPN probably won't work. If you can pass the connection through a firewall to a DMZ server, though, it should work fine.)
If you want a completely free solution, use OpenVPN hosted on an OpenBSD (or other free OS) firewall.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
Other issues:
Hamachi setup: The setup time for Hamachi is exactly what they say: A few minutes. The interface is a bit quirky, and the documentaton is limited.
Anyone using Hamachi may want to run it as a service; see this explanation from Cyberonica.
Insecurity: Hamachi uses a very sensible technique for getting around firewalls and NAT. So does Skype VOIP. Of course, that means firewalls and NAT are not really protecting us.
In no way am I saying that Hamachi itself is insecure. I don't think that. They say all traffic is encrypted, and normally none passes through their servers. I am only saying that these techniques show the insecurity of our present protections.
ZoneAlarm Security Suite: We use ZoneAlarm Security Suite, a software firewall that notifies users every time something happens that might be an indication of a security breach.
If the users don't cooperate, and don't call us every time they see a notification, there is no security. ZoneAlarm's notifications are written in pure Geek, an unusual language which is used not to communicate but to pretend to communicate, while actually trying to avoid providing any useful information. Geek is a job security language, not a language for communication.
The real answer, of course, is to have a secure operating system, not one in which there is a lot of profit to be made selling the next version by criticizing the present version. We need an OS that is designed to be secure, not one that is allowed to be sloppy so that it is insecure.
Router VPN -- Netgear: We have had an enormous amount of trouble with Netgear router VPNs. We've had a lot of trouble with Netgear technical support. The Netgear products don't seem finished. Once they are working, our experience is that they stay working, with some quirks.
(Interestingly, Netgear is the worst company for avoiding sending rebates. We almost always have to go to the management of the store from which we bought Netgear equipment and have them get our rebates for us.)
I really like OpenVPN. It works as a client or a server on Windows, Linux, FreeBSD, Mac OS X, and other operating systems, and it is pretty easy to install, configure, and run. I just followed the how-to. It operates over UDP or TCP, you can tunnel it through HTTP or SOCKS proxies, and the server can use any cipher or hash available in the OpenSSL library. PPTP is ubiquitous, but it has serious flaws. IPSEC is supposed to be standard, but interoperability is a configuration nightmare (especially if you try to do something complex, like use X.509 certificates, or something non-standard, like authenticate users against RADIUS). Firewall/NAT traversal can present serious challenges in some cases as well, as some firewalls can't handle non-TCP/UDP protocols. CIPE requires special support in the operating system kernel and only works on Linux and Windows, and tunneling TCP over TCP (when running PPP over SSH) is a really bad idea.
I'm using OpenVPN to tie routers running OpenWRT (Linux), routers running FreeBSD, and workstations/laptops running Windows, FreeBSD, and Mac OS X together. It works flawlessly.
I'm proud of my Northern Tibetian Heritage
Maybe I'm just an idiot, but OpenVPN was difficult to sort out in the beginning. There really needs to be a quick setup guide that'll get you running in under 10 minutes. If not that, then maybe a GUI solution that's better than what currently is in place, especially for Windows installations. If this was done, I can imagine that OpenVPN would gain much more wide acceptance.
I've heard people have much success with Linksys VPN routers. But Cisco VPNs will always be a sure bet.
You could look at OpenVPN
I have definately become a fan of Astaro. It is not free, but in my opinion very reasonable, and worth the cost in time savings. It works with the built-in windows client, and the thing pretty much installs and sets itself up. They have a free 30-day full featured demo, and the entire thing is free for "home use".
Did I mention I have become a huge fan? or was it already obvious?
you don't tell us enough about your proposed VPN topology...
still, OpenVPN can do it all, so I vote for that.
Max.
Small company? Then either openswan or PPTP on a commodity server. No need to take sledgehammers to a cockroach.
All's true that is mistrusted
DUPE.
1 23283
:P
:D
http://slashdot.org/comments.pl?sid=182998&cid=15
I know, I know, that one said "distributed". Sheesh. My answer remains the same. OpenVPN, like 90% of the answers here.
I'm not being cynical. I'm just tired.
Karma: Chameleon (mostly due to the fact that you come and go).
I've been using the built-in PPTP server (Poptop) that comes with ClarkConnect Home and it works like a charm. Very easy to setup and configure via web interface. As long as you don't expect too many high bandwidth connections it should be a good solution.
http://www.clarkconnect.com/
Important Note: The Linux kernel does not have support for MPPE encryption, which is what PPTP uses. Most distros will require a kernel patch and recompile to do this, ClarkConnect does all of this for you (I believe Mandrake does as well).
MS ISA Server.
HEY I'm just providing an alternative.
I'm the systems admin (domain admin. donning asbestos suit.) for a small/medium busines in New Orleans. We use one Netscreen25 in our main office downtown. That gives us granular control over individual users' security policies if desired, but I'm in the process of moving them all to a single policy to ease administration. The box can maintain 125 concurent tunnels. It can do quite a bit of other craziness as well, but I haven't worked here long enough to get deep into it. Too much other stuff to do. Not absolutely certain about the cross-platform client, so you can look that up yourself. ;)
In addition to the individual user VPNs, the Netscreen maintains persistant tunnels to two remote sites. They're equipped with Netgear ProSafe FVL328 routers. Less capable with low(er) throughput, but the branch end has to deal with a whole lot less traffic. The NS downtown maintains security with its lesser peers, too.
We looked at OpenVPN. It looked like a lot of work to get it to function behind a NAT firewall. A google search restricted to the OpenVPN web site brings up many, many questions, and not many answers.
Anyone have experience?
Hamachi is pretty much what you're looking for.
Or if you like to stuff around, OpenVPN.
"Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
I was just looking for something to do this same thing. I haven't solved the problem yet, but Netgear and Linksys have some inexpensive stuff. I ordered the Linksys RV042 and it should arrive today. I'm anxiously awaiting setting it up and testing it because of the Dual WAN functionality. My second internet connection should arrive on Thursday :)
r outer_wired_security_sb.php u ct_C1&childpagename=US%2FLayout&cid=1117775454480& pagename=Linksys%2FCommon%2FVisitorWrapper
http://www.netgear.com/products/business/prod_vpn
http://www.linksys.com/servlet/Satellite?c=L_Prod
We tried a Google search that eliminates mailing list messages, which mostly seem to be answered in a very limited way.
As you can see, there are very few documents that mention NAT firewalls.
In some ways OpenVPN appears to be a typical Open Source project. Documentation is often more work than writing the program, and most Open Source developers don't want to do the documentation, and don't want anyone else to do it, because of perceived loss of credit.
see also http://ask.slashdot.org/article.pl?sid=06/04/13/17 16227
I setup an IBM x300 server and m0n0wall as my router and it has worked fantastically. It supports IPSec tunnels, as well as PPTP connections. I have two IPSec tunnels to remote sites which both have PIX routers (501 and 506E), as well as connections from remote PPTP clients which is easy to setup and I have never had any problems. Highly recommended for anyone looking for both a simple and powerful solution.
There are currently easy-to-find howtos that take 10-15 minutes to set up a simple VPN, and they are clearly marked on the OpenVPN website. The Windows client, while it doesn't have a GUI, it is a service, which makes it fairly simple to enable/disable with a GUI, or just leave on all the time. Config files can be copied from one client to another, only a couple of lines need be changed -- and it's possible to avoid even that.
Don't thank God, thank a doctor!
http://www.smoothwall.org./ Free. Pay for corporate support if you want to feel better. Use tons of free clients (ssh sentinel, openvpn).
Depending on what country you are in, there are bound to be various ready-made solutions with which you do not need to worry about the actual implementation. For example, in Germany there is globalways, a small but fine ISP specialized in providing small to medium companies with out-of-the-box Internet & VPNs. As it is based on OpenVPN, all the positive stuff from the other posts applies. No idea about companies in other countries, but you are sure to find one if you look around a little bit.
You might want to consider the Java based SSL Explorer as a possibility. No client side code is required, just a browser and one hole punched through the firewall to the server.
LW
Or is this just a stupid question? Every firewall product I have seen in the past 5 years (I have used NetScreen, Watchguard, Fortinet, Cisco PIX and Cisco ASA units) has IPSec VPN capability built in. IPSec is a standard and is supported in a wide variety of clients available on just about every operating system. Being a standard it is also compatible with other firewall/VPN vendors' implementations of IPSec. Assuming that your small/medium business has a firewall, just use what it has built in. License copies of their client software for your PCs, or use a free/OSS alternative. It's not rocket science.
My small business (300 users) has a Fortigate 400 used for our Internet connection (a pair of T1 circuits). We run Fortinet's VPN client for about a dozen remote workers. The same device also manages persistent VPNs with about a half-dozen business partner companies. Performance isn't an issue. Before we had the Fortigate we were using NetScreens (now Juniper Networks I believe), and we were still using the NetScreen IPSec clients for remote workers 2 years after we switched to the Fortigate firewall. IPSec is pretty much IPSec, and they all talk to each other.
The only thing that I would add to what has been said here is that if I were to buy a Cisco device I would go with an ASA instead of a PIX. You usually get more features for the same or less money with an ASA.
I was asked by my boss to evaluate VPN between the red interfaces of two IPCop machines. Talk about simple. I don't know exactly how well it scales, but it can't be horrible. Today, one of my tasks is find out if and how well it works with m0n0wall and in roadwarrior configuration.
There isn't enough information provided, but it sounds like a pretty small operation and simplistic setup sounds like what you need.
A main office with several small satellite offices (or small retail stores) I would suggest SonicWall product. (or NetScreen) Small remote offices can use the small single point VPN TZ series devices that allows a single site-to-site VPN and the main office can use a larger product like the 2040 or the 5060 with support I beleive 50 and 2000 VPN sessions respectively. (with several models in between) There are many products out there that will work. SonicWall's products are very easy to use and arn't that expensive.
If you are just looking for personal VPNs to the office network, Sonicwall also offers VPN software that you can install on laptops/Desktops. There VPN is IPSec so it will support any IPSec client (Linux, etc) without the need to purchase software. There software is very easy to use. Thats why I brought it up.
Free, it works great under both Windows and Linux, and you don't need to be a computer whiz to setup your laptop to connect to it. Good stuff.
-- null
One of the big issues with VPN technologies is the NAT routers that protect home offices. The corporate office side is easy, just punch the appropriate holes in the firewall and the remote clients can easily connect to the network.
Where things fall apart is that you have multiple laptop users who are behind their own NAT routers at their homes. You need to use VPN software on the laptops (not on the NAT routers) because you only want their work machines connecting in. That's easy enough, until you run into a situation where you have 2 or 3 users who get together and collaborate frequently behind a single NAT router.
It seems like PPTP (maybe SSL?) was better suited for situations where you might have multiple users VPN'ing in from the same source IP address (hidden behind a NAT router, such as an ad-hoc meeting in someone's house or multiple users meeting in a coffee shop). All of my readings on IPSec indicated that IPSec can't handle that particular usage style.
Wolde you bothe eate your cake, and have your cake?
Cyberguard bought snapgear, but they still sell the same products. These are great little boxes that we used to set up a 7 office network across the state of alabama across whatever networks were cheapest (cable, dsl, T1)
We had 530s in each of the hub offices and a 575 in the main office. (Still have the 575, have since closed all the branches) I still have the 530s and I refuse to sell them because they are such nice little boxes. I'm going to take one home and make it vpn back to here.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
I have used IPCop for many, many months. With
the OpenVPN addon, it makes a sweet RoadWarrior
setup. The OpenVPN GUI is even easy enough for
our executives to use.
For us and our 30-something employees, it cost
us nothing to put IPCop online. It ran for a
year on a P-III/700mHz/256M Dell. We recently
upgraded the RAM to 768M so we could make better
use of the Squid cache.
You can get an IPCop server online with VPN in
under an hour. As long as you have a computer
in the spare parts closet, IPCop is far less
expensive than any other solution.
Matt
We have 2 vpn methods. Our main vpn is a hub and spoke topology where our branch offices all connect into our corporate hq. What we use in this case are cheap off the shelf Netgear routers + either dsl, cable, or T-1 connections to our corporate hq which has 3 T-1 lines bonded. The branch routers are FVS318v3 (the v3 is very important much improved processor + ssl for remote mgmt). Our hq uses a FVX538 which has fail-over and load balancing capabilities. I know some do not like Netgear but we have been using this solution for 5+ years and have had very little down time. Plus the routers are cheap so you can keep a hot spare on hand. Now our other solution for out of office work is SSL Explorer which is an open source ssl vpn. It works pretty good and if you want AD authentication you can purchase the "xtra" add on. Hope this helps!
I have a very small business with three locations (one is my home). The ISP connection varies some are Comcast some are Verizon residential DSL.
As I see it I have three problems. 1. The IP address will be dynamic from the ISP's and 2. Most of the PC's are running Win XP home 3. Would prefer a no cost solution
I would like to be able to remote desktop (ie contral/access) any pc from any location.
I have successfully installed http://hamachi.cc/ Hamachi to address the dynamic IP issue but am working on the XP Home issue (ie. RD server only in XP Pro). I recently downloaded http://ultravnc.sourceforge.net/ UltraVNC but I'm lost after the installation. What do you application do you use to start the desktop sharing.
Most of the PC's are behind a Linksys router some are behind a Linksys router then linksys wireless router.
I've played with dyndns.org and no
I'm not a CCNE but I'm no schlub any help would be appreciated.
That is a really, REALLY nice guide.
For those who say that OpenVPN's guide is straightforward either have years of networking experience behind them, or simply haven't tried to set up OpenVPN with it. (That is, at least on Windows)
racoon is a very good Internet Security Association Key Management Protocol (ISAKMP) and Internet Key Exchange (IKE) daemon. It is used to auto-negotiate keys for IPsec sessions.
/etc/passwd for authentication. This concentrator allows the Cisco VPN Client software to connect into the network for Road Warrior style access (also does much better with NAT traversal than tunnel-mode IPsec).
At work we have three VPN concentrators built using Linux and racoon. Two are configured as normal tunnel-mode concentrators, using fully-qualified usernames on the endpoints for authentication. One of these is for employees, the other is for customers. We are able to use any commodity VPN endpoint device which supports IKE identifiers (for example, Netgear FVS114).
We also have a third concentrator which is configured to use Xauth and
It's a pretty kick ass setup, actually. In particular, you don't have to have a Linux/BSD box or other PC at every endpoint location, just lil' IPsec-enabled gateways/routers (Netgear FVS114 is the best I've found so far, even other Netgears like FVS318 devices suck or are broken).
-=/\- Jizzbug -/\=-
How is Hamachi what you're looking for? I could be mistaken but I gave Hamachi a whirl cause it was quick to get up and running and basically it just lets you browse the machine you install hamachi on in the remote network. I'm not sure about this user but for me VPN needs to let me logon to the domain remotely. For example, my client has his company laptop at home and he logs onto the company domain via vpn so as far as he's concerned he's connected to the lan. Can you do this with OpenVPN?
Just get a Sonicwall SSL vpn for like $700 and you're done. Takes all of 30 minutes to unpackage, mount and configure and that's it. You have super granular control as to who can access what, whether it be a published web app or direct access to your shared files, folders and printers. Truly a wonderful solution at a CHEAP cost.
Note that OpenVPN requires that you have access to the router to open a port.
Hamachi works when you don't have access to the router. In some cases in which the router in administered by someone who won't give you access, Hamachi can work where OpenVPN won't.
Running it now on Soekris Net-4801 device http://soekris.com/. Sweet. Smooth.
depending on how you define small and what type of access you want to provide; go for the Juniper Networks SSL VPN (the firewalls have been mentioned as well). These devices will allow, depending on which box you have and the license purchased, from 10-5000 concurrent users. You have the option of providing full VPN connectivity to web-based intranet connections to partial intranet access (access to the intranet without providing a node on the network).
You don't state how many users you have, whether you're using the VPN for site to site or user access, but: I just read about the Sonicwall SSL-VPN 200. Since its SSL it doesn't need a client installed on your users machines and is much easier to configure than the Cisco. For Windows users, there's even an applet that allows TCP/IP applcications to connect to their servers. I've not tested it, but for $600 bucks it's not to bad a deal and Sonicwall has always made good hardware. If you already have a firewall, this could be a good bet. We're using a low end Cisco PIX - the 510 with the Cisco VPN client. It works too. We generally only have one or two people connecting through the VPN at any one time.
OpenBSD vpn(8) man page
Zero to IPSec in 4 minutes
OpenBSD IPSec with Cisco HOWTO (slightly old, but may still be useful to you as a pointer in the right direction)
And don't forget to check out the mailing list archives
I use OpenBSD on my Sokeris firewalls and they run very well indeed.
Has easy-to-use built-in PPTP and L2TP VPN that works with Windows, Mac OS X and Linux clients. It also includes nice goodies like Apache, Samba, Directory Services, Jabber Server, etc.
Of course, you need a Macintosh to run it. I would suggest a Xserve G5. They're very nice. But any 'ol Power Mac or Dual Core will do...
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
That said I'd recommend either a Pix 501 or 506 for a SOHO until Cisco finishes their replacement in the ASA product line. If neither of those devices will fit your needs then I'd recommend stepping up to a x800-series Cisco router. All current Cisco ISR routers have builtin hardware encryption from the basic 850 all the way up to the 3845. Gone are the days of the 2600s which required addon modules. Easy VPN(tm) is quite nice as is the basic IPSec offerings. If you need something even better then step up to a low-end ASA. The ASA 5510 is very nice. The 7.x code on the Pix/ASA line is a major improvement (as is the replacement of the PDM with the ASDM).
as of version 4.3 (released a few months ago), OpenSSH can now tunnel _any_ arbitrary traffic (including layer 2 traffic) over SSH. The syntax is about as simple as traditional SSH port forwarding, although the developers note that it may not be suitable for latency-sensitive apps (e.g. VoIP) due to the crypto overhead.
illum oportet crescere me autem minui
Are we talking 5-10 man offices, over a DSL line?
Get a WRT54G. Run DD-WRT. Use either the PPTP server or OpenVPN.
Done and done.
Of course, your WRT54G won't handle more than 10 users or so; you'll want to switch to a dedicated box or router for that. But you can't beat it in terms of cost/avaliability-- you can get this sucker up and running in 5 minutes flat, pick one up from bestbuy for ~$50, and there are no moving parts whatsoever.
For a very small office, its great. For a series of small offices in a larger company, its okay too. We use this sort of segmented VPN in our offices because of bandwidth reasons; we don't have enough uplink at any given location to really setup a better solution, and we can't financially justify purchasing more than 1 Mbit/s of uplink anywhere.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
It's FreeBSD 6.1+OpenBSD's pf + ALQ-Traffic-Shaper+IPSEC+PPTP + CARP + lot's more stuff all wrapped into an easy to understand interface.
Forget about all the other firewall "GUIs" (or lame attempts at GUIs) you've seen before, especially for the unreadable, ever-changing Linux-firewall engines.
pfSense has the performance, the feature-set, the reliability and the usability to be a real Checkpoint- and Netscreen-killer.
One quote from the mailing-list says it all: "I tested all the firewalls and GUIs that are available on freshmeat - and pfSense was the only one that didn't suck".
Windows 2000 - from the guys who brought us edlin
Citrix bought a company called Net6 a couple of years ago. Net6 made an SSL VPN "appliance", which runs a hardened Linux OS. Citrix rebranding it as the "Citrix Access Gateway", or CAG.
t .asp?contentID=15005
The 1st iteration was not so good because they rushed the rebranding and integration stuff. The 2nd and 3rd iterations were OK.
The latest revision is quite good. It supports around 2000 concurrent users, has easy to use yet powerful access controls and integrates nicely with Citrix's Presentation Server 4 product.
The cost is pretty good: the box is $2500 and licenses retail for around $100/concurrent user. If you have 100 users and your highest expected concurrent remote access count is 25, your cost would be $2500 + 25 x 100 = $5,000. If you buy 2 boxes (they have a built-in failover mechanism for redundancy), the cost would be $7500.
I work for a major healthcare provider and we're replacing Cisco VPN concentrators with the CAG. We bought 4 CAGs and are using Citrix's Advanced Access Control (AAC) product to integrate the CAGs with our internal portals (AAC makes the cost go up pretty high, though). We have around 40,000 users and our max concurrent remote users is currently around 4,000.
Check it out: http://www.citrix.com/English/ps2/products/produc
And no, I'm not the CEO of Citrix in disguise. I just believe in their products; we've saved a ton of $$$ using them!
Don't believe anything I say. I crash test crack pipes for a living.
any one can teach me how to build VPN from the bigining .. please :((
Thx
Does OpenVPN require opening a port in the hardware firewall? Can OpenVPN establish a connection when the firewall does not have an internet address, but is connected to another firewall, over which we don't have control?
I don't see anything on the OpenVPN web site about this.
One side of our system is behind a NAT with an Internet address. The other side is at an international airport, and we don't have control over the Internet arrangements there. We can only connect to their firewall.