VPN or other solution to access files over internet. 1

[nerbonne]

Hi. I have a Windows 2003 server with Windows 2000 clients. I have users at remote locations running Windows 200 and Windows XP that want to be able to access their files located at the central location.

My question is, should I try to configure VPN or is there another solution that will allow me to share the files between the locations. The reason I am hesitant to use VPN is that I've tried to configure it numerous times and I haven't gotten it to work. Once I did get it to connect, but I could not browse network files.

Any suggestions on the available options would be appreciated.

 

[Stevehewitt]

VPN would be the best way, although I don't like them generally as most VPN clients are unmanaged nodes - e.g. they are not controlled via group policies and domain settings so could have spyway and viruses installed - and a VPN will carry any worm replication traffic just the same as a LAN client!

You could try secure web folders or even FTP..? What's your view on that?

As an alternative, there's alway remote desktop / terminal services too.




Steve.

"They have the internet on computers now!" - Homer Simpson

 

[SquaredNull]

I would recommend using Terminal Services. It's secure and still easy managable.

 

[SuperJenks]

Non of those solutions are secure unless u run them over vpn. You can get ssl-ftp server software but have to also have ftp client capable of providing ssl protocol. Its a pain to set up too. If you want group policy in place, I would set up a pc dedicated to except incoming vpn connections on the internal network. This would be done using microsofts built in pptp protocol under my network places (add a new connection). Forward Port 1723 through firewall to vpn Gateway computer. Done. You wont need to install any special client software, just use microsofts built in vpn software also located in "add a new connection". Users domain authentication will be used to log in with. Now you have group policy control. U can also browse the network or rdt to any pc on the same subneted network. I use this setup all the time for work. If you want more details let me know. Im not going to spell it all out unless u intend to do it... reply if u intend to, i can help ya. Good luck!!!

 

[nerbonne]

SuperJenks,

I like your group policy idea the best.

Would the dedicated computer on the network have to be Windows 2000 or XP?

What is RDT? I am unfamiliar with this term?

I would greatly appreciate the spelled out instructions!

Thanks a bunch.

- Tim

 

[SquaredNull]

If you want to work through SSH, then you can use remote manager from Desktop Authority (

http://www.scriptlogic.com/desktopauthority).

It includes SSH server so you can work with remote machine over SSH. Password authentication is surely supported. Desktop Authority has built-in Java client that allows to do that within any environment. What's useful with it is the possiblity to send special keystrokes without using on-screen keyboard. Thus it's possible to send ALT codes for example.

 

[SuperJenks]

OK, RDT is Remote DeskTop. As Far as deciding plattform, I use xp pro, use it for my self only. I think there maybe be some limitations to how many simultaneous connections the pc will except based on licensing. If this is a true office/work envirnment, and may have multiple connections at a time, I would use 2000/2003 server. If its just one or maybe two users using vpn, u could get away with xp pro. Below, is how to set it up.

On Dedicated Server:

Goto properties of MY Network Places-->
Click create new connection-->
Click Next-->
Click setup advanced connnection-->
Click accept incoming connections-->
The next screen is where you would select dialup modem if you were using Ras through dialup, But from the sounds of it, you want access through internet. Make sure the modem or direct parallel is unchecked.-->
Check allow vpn connections-->
Check the users that will be accessing the network in the user list. If they dont exist, you must create them.-->
Here is where you will highlight the TCP/IP protocol and select Properties-->
Make sure allow user to access my local area network is checked. Below that field is where you specify a valid IP address range that is not in use on your internal data network as these are the ranges of address the remote users will be assigned when connected to the network-->
Click next and then you are done configuring the server.-->
Make sure the firewall is turned off on the pc no matter what platform you decide to go with.-->
You must forward port 1723 on the outside firewall to the Ip address of the server.

Configuring Client PC:

Goto properties of MY Network Places-->
Click create new connection-->
Click Next-->
Click connect to my working place using dialup/vpn-->
Click Using VPN Connection-->
Enter the label or name of this connection-->
Click Do not dial Initial connection-->
Enter Internet IP address of the Office or Company (ISP IP address)-->
Select which option is necessary for needs, For a single user or anyone who uses pc can access this connection-->
Click next and you are all done.
You will then find the connection listed in my network connections.

This will work great. By default, the vpn uses 128bit encryption which should be plenty. If its not, you can adjust that in security policies I think. I never changed it but im sure you can up it to 256bit. If you need more assistance, drop a message here. I check back every couple of days or so... Good Luck