Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Safest way to VPN to network? Configuring Server 2008 as Gateway...?

08 Apr 2012   #1

W7x64P
 
 
Safest way to VPN to network? Configuring Server 2008 as Gateway...?

I am doing an overhaul of my home network, in particular related to safe external connections and safe sharing.

There is no conn issues or alike, I am only looking for an opinion regarding how to connect to my home network from an external computer, and tips regarding safe configuration.

As it is I have one Radmin license which should be a pretty safe way to connect but I am, currently, also able to use RDP protocol.
The obvious advantage with RDP is that I can use any Windows 7 computer. Even my phone,

I have two Windows 2008 based servers, one WHS and one Standard. I was thinking of letting the Standard act as a Gateway and thus removing direct external access to the WHS, I assume that would increase security, but I am not sure of how to configure the Standard server securely. Or if I could use another software than Radmin and RDP to connect.

Tips? Thoughts? Questions?

My System SpecsSystem Spec
.

08 Apr 2012   #2
2xg
Microsoft MVP

Win7 & Win8 64bit
 
 

Hi Coram,

if you are concerned about security, the safest way of protecting your network is adding a Security Appliance like Sonicwall. You may use VPN or Remote Desktop Services (RDS), either one will be fine but again having a very secured network is beneficial. I am a big fan of Sonicwall.

Hope this helps.
My System SpecsSystem Spec
09 Apr 2012   #3

W7x64P
 
 

Looking at that.

Other tips?

Edit:
Are you telling me to buy something like this

or could you be a tad more specific as to what product you are referring to?

Its for a HOME network, if that was not clear, I am not spending a gazillion bucks on a enterprise solution...
My System SpecsSystem Spec
.


09 Apr 2012   #4

W7 X-64 W8.1 X-64 Opensuse 13.1 W2003 Server
 
 

Hi there
one of the Simplest ways is to set your computer to ensure that from outside you only RDP to a VIRTUAL Machine then VPN to your INTERNAL LAN.

With VMware workstation rel 8.0 Nobody needs to be logged on to the HOST so that can be kept locked.

RDP'ing to a VM is exactly the same as to a REAL machine -- . Your Router should be able to ensure only authorized connections from outside are permitted to access the VM.

You'll need to Port forward in your router RDP I think uses 3809 but you can google for this bit). If your remote ISP doesn't have that port open then just use Putty and Tunnelling -- again subject a bit complex for this post but plenty on Google. Putty.exe is FREE BTW.

Only allow those inward connection ports to be open on your Router.

Don't go Bonkers with this security stuff - normal Windows firewall and decent settings in your home router should be MORE than enough and if the VM is unfortunate enough to become infected - just bin it and fire up a new one. You can "clone VM's" easily.

This way your HOST should be more than adequately protected -- CHEAPLY.

If you don't have a static IP address or an accessible domain at home then use one of the FREE dynamic DNS providers to ensure you can connect from the "public Internet" to your machine.

Most Security people go totally Overboard with this sort of stuff -- You aren't protecting the CIA's machines.

Incidently your router should have a decent set of logs so you can see who's logged in or attempted to login and when.

Once you've successfully logged in to your VM then you can sort out what connections you need to your INTERNAL network with possibly something like OPENVPN (Free). It's much easier operating a VPN from an INTERNAL LAN anyway and you won't have some problems with ISP's not being compatable with some VPN systems.

Very FREE (apart from the license for the OS for your VM).

You could if you were feeling "Geekish" make the VM a Linux machine. You can then connect to your Internal LAN via your VPN. Linux in any case has decent built in security.

(Linux is free -- you'd have to use VNC or TightVnc - from your remote computer to access the Linux machine VM -- looks and feels just like RDP -- then plenty of free VPN software to access your LAN. If you only need to access ONE machine then Linux's RDESKTOP (built in ) will connect to the Windows machine).

Cheers
jimbo
My System SpecsSystem Spec
09 Apr 2012   #5

W7x64P
 
 

Thanks Jimbo, thanks for giving the VM tip.
I do not mean to sound ungrateful for the length of your post, but I have the rest pretty much covered.

I can guess, but why would a Virtual machine be safer to connect to? The different filesystems?
A VM needs as much protection as a RM (Real Machine) regarding AV and such, else it will "break" as well.
Linux would be ok, I am a bit n00b so some conf may be tricky'sh but I think I can handle it.
My System SpecsSystem Spec
09 Apr 2012   #6

Windows 7 Pro x64 SP1
 
 

Coram Daes. I use a VPN called hamachi which has a free version. I have used it for years to connect to my clients machines via 5.xxx.xxx.xxx IP address, which is not routable on the internet routers. I works via tunneling.
Just my opinion. opening port 3389 which is the standard RDP port is where the bad guys keep trying to get into people's servers Remote Desktop Sevices and just keep trying, sometimes they guess some credentials and luck out.
give it a google and see what you think, https://secure.logmein.com/products/hamachi/

they have a pay version, what I use and have been very satisfied. I can RDP to any of my clients and their machines. Love it.

Rich
My System SpecsSystem Spec
09 Apr 2012   #7
2xg
Microsoft MVP

Win7 & Win8 64bit
 
 

Coram - The Basic appliance is reasonable. There's no need to buy other options such as Gateway Security package (Anti-Virus/Anti-Spyware/Advanced content filtering). Amazon.com: Tz 100 Network Security Appliance: Electronics

I wouldn't spend gazillion for that image that you've posted either.
I've been exposed with Sonicwall so I would highly recommend it if you running Windows Servers in your network with either VPN or RDS.
Quote   Quote: Originally Posted by Coram Daes View Post
Looking at that.

Other tips?

Edit:
Are you telling me to buy something like this

or could you be a tad more specific as to what product you are referring to?

Its for a HOME network, if that was not clear, I am not spending a gazillion bucks on a enterprise solution...
My System SpecsSystem Spec
10 Apr 2012   #8

W7x64P
 
 

I have used Hamachi as a game-related server so that could be worth checking up, they have obviously expanded their services.

That Sonicwall router seems competent enough, but maybe I could use Mikrotik instead, they are way cheaper.
My System SpecsSystem Spec
Reply

 Safest way to VPN to network? Configuring Server 2008 as Gateway...?




Thread Tools



Similar help and support threads for2: Safest way to VPN to network? Configuring Server 2008 as Gateway...?
Thread Forum
Server 2008 for home server... Opinions please. Network & Sharing
Setting up home network server using windows server 2008 R2 Network & Sharing
Best Antivirus in server windows 2008 server 2008 r2 System Security
Windows 2008 Server or Linux for server Network & Sharing
Windows home server vs Server 2008 R2 Software
VS 2008 & SQL Server 2008 compatibility Software
Win7 unable to see 2008 R2 server on network. Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:40 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33