topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 10:47 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: server 2008r2 x64 VPN to Windows 8.1 Home Premium x64 for remote access  (Read 4927 times)

questorfla

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 570
  • Fighting Slime all the Time
    • View Profile
    • Donate to Member
Those are the specs I have to work with and so far I can't seem to find a way to make this reliable without going to third party software such as Open VPN.  Not even sure about that 
The intent is to manage to host the internal company files in the internal company network (which is not a problem at all) and provide a way to access those same files to the same3 people when they are not in the office.  As from home or a Hotel Wi-Fi.

Before Windows 8.1, this was a fairly simple task to provide a reliable VPN connection.  Since 8.1 it seems to have been relegated to the pages of history in favor of cloud storage for to provide the same access.
Unfortunately, this is not yet a reliable resource due to constraints on the speed of transfer of the internet. 
When OneDrive first began offering the 1TB of storage per user, I had high hopes for it but it seems they are less likely to be a reality in the near future every day.  The space is there but access to it is nowhere near what we need.  "
Back in the day" this was a simple thing on Server 2003 and Windows XP.  Each new progression by Windows has made that same access slower and more difficult as it went forward
Any advice on the best way to accomplish this on a small scale would be appreciated.  This is not a "Domain" network, simply a need to share file access by about 30 people regardless of whether they are on-site or working from home or on the road.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
If you only want to use Windows native VPN to allow access from remote places, an SSTP based VPN is possibly the way to go for maximum availability since it uses port 443, (HTTPS), which almost all internet access points are going to allow.

Third party: OpenVPN you can set for port 80 or 443 to also bypass overly restrictive internet access.  I'm currently using SoftEther VPN on all my VPSs since it is simple to setup, multi-protocol (PPTP, L2TP, SSTP, OpenVPN, SoftEther), can remote manage the VPNs, provide configs for the clients, even bypass some Captive Portal setups via VPN over DNS/Ping requests.

BTW, what about your router hardware - a lot of them these days usually have some form of VPN server - it would save screwing around with the Windows server.
« Last Edit: February 01, 2015, 07:26 PM by 4wd, Reason: GFU »

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Any advice on the best way to accomplish this on a small scale would be appreciated.  This is not a "Domain" network, simply a need to share file access by about 30 people regardless of whether they are on-site or working from home or on the road.

I'd strongly advise you to set yourself up to use a domain and AD if at all possible. Microsoft's entire security model is built around using both of them. Once those are in place, everything (i.e. additional "roles" such as VPN, routing, and remote access/desktop services becomes relatively easy to accomplish using the features built into Windows Server itself. (Note: you'll also want a separate hardware based firewall in addition to what Microsoft provides on your network perimeter for boundary protection.)

This is something you really might want to consider having someone (who's local) handle for you if you haven't done this sort of project before. Seriously! To do it right isn't something that can be accomplished by simply working off a checklist if you don't know the ramifications, or the whys & wherefores. Done wrong, it can open your company up to a host of headaches and woes.

So again, I'd have to recommend you contract with some qualified local resource to help you out with this one. It shouldn't be that expensive.

Just my :two:  :) :Thmbsup:
« Last Edit: February 01, 2015, 10:22 PM by 40hz »

questorfla

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 570
  • Fighting Slime all the Time
    • View Profile
    • Donate to Member
I wish a doman was an option 40HZ but I can only work with what I have.  I have requested fubndng to provide a Domain layout for many years and never got it.
It is only a headache for me to keep asking as I have already been told not to ask.  That is one reason we are on Server 2008 and not 2012 and if I had not sneaked it into a budget we would still be on Server 2003.

4WD, I 100% agree with you and have done exactly what you suggest as this was the only option offered by the new NetGear NightHawk R8000 router.  Open VPN worked so well I was amazed.  I should have known it was too good to be true.  There was a "catch" though that was not mentioned or stated in the setup anywhere untili searched for the problem.  On the HELP boards on Netgear's site, I was informed of the following:

Question: What is the maximum number of concurrent clients that can connect to the VPN service?
Netgear's Answer:  It supports a maximum of up to 4 concurrent VPN clients.  

If there is any way to increase this to 15 I would be jumping at the chance but so far I can't seem to ask the right question.  No one I can find seems to understand.  I guess most people are happy with only 4 users.?

Windows 8.1 (Native VPN) is so convoluted that  all  can find about it is PROBLEMS>  I Googled it for many pages.  Windows' motto seems to be "For every Solution, there is another problem".

I have tried every thing I can think of  OpenVPN worked perfect.  But, nothing else seems to and I can only get 4 I guess unless I buy another router?

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
It is only a headache for me to keep asking as I have already been told not to ask.  That is one reason we are on Server 2008 and not 2012 and if I had not sneaked it into a budget we would still be on Server 2003.

Good grief! What exactly does this business you work for do, if you can say? :tellme:

BTW, good thing you did. Microsoft will be tomb-stoning W2K3 Server on July 15, 2015. Per the mothership:

Windows Server 2003 support is ending July 14, 2015

What does end of support mean for you? After July 14, Microsoft will no longer issue security updates for any version of Windows Server 2003. If you are still running Windows Server 2003 in your datacenter, you need to take steps now to plan and execute a migration strategy to protect your infrastructure.
« Last Edit: February 03, 2015, 04:47 PM by 40hz »

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Good grief! What exactly does this business you work for do, if you can say? :tellme:

Specialists in finding the cheapest way to avoid investing money with no thought as to long term effects or benefits  ;D

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 888
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
If you need VPN, how about setting up a pfsense firewall and use it for OpenVPN? There isn't an arbitrary limit on the number of clients, it's just up to your hardware. Surely you have a spare PC with a couple nics hanging around. Give it a reasonably current PC with a reasonable CPU and you ought to be fine. My very modest home network does fine with pfsense even running on an old pc with 2gb of memory and an Athlon 64 3200. Release 2.2 is out, based on FreeBSD 10.1 (current production release).

In fact, I have been using pfsense as my firewall for a year or so now, and I hang my wireless routers behind it - and just use them as access points. Easier to power cycle the wireless boxes when they get flaky, and it doesn't disturb the wired connections. Plus, save the pfsense config, and you can move to a faster box if you find any resource constraints. Or throw in a new pc if the old one croaks, very little down time. Or add a second box as a failover. Or... you get the idea. :-)
vi vi vi - editor of the beast
« Last Edit: February 03, 2015, 09:28 PM by x16wda »