I’m using it with SSTP client on Windows and works very very very well and stable.
Runs on Linux vm and my clients never complain about their VPN connections.
I like to make shortcuts with rasphone -d “VPN Name Here”, that way the shortcut just pops up asking them for their credentials. Little better for some of my more technology challenged users.
Well, I guess I came to know of ZT first:)
Generally, I’m very happy with it. Works like a charm, even in the country where VPN is generally in “gray area”
Isn’t CLI doing its job? I never had any issues.
Not too many endpoints TBH but so far, more than a year, no issues whatsoever.
You’re right, I don’t know. From the post it seems like they’re trying to VPN back to the office though.
I suggested some alternatives to an NGFW at the edge.
Agreed. This whole idea of protecting the perimeter has felt pretty dated for a while now. I’m still sticking with SonicWALL for the near future, but they’re one of the most expensive security pieces we have and cover the least. This was even true before Covid.
I wouldn’t say subscribing to those services is bad, but I would put almost everything else ahead of it. Next-gen AV, robust email filter, DNS protection, user training, DLP, excellent backups and cyber insurance are the big ones that come to mind.
As far as I’m aware though there isn’t a way to automatically turn it off when you’re on the corporate network. So traffic to subnets other than the one you’re directly connected to will always traverse via the VPN appliance.
In the Windows VPN client you define corporate networks and dial whenever you’re not on one of those. That’s the key missing feature.
You run the virtual appliance on the customer site and there’s a Windows 10 client you run on the remote PC to connect back.
I suspect you might be looking for something more like Hamachi if you just want something simple that you install. Not that I would recommend it in any way.
Wireguard is a VPN solution, Zerotier is a virtual L2 network. While there is considerable overlap, they are not fully interchangeable. Some people need L3 for monitoring, routing, security, etc.
3th for OpenVPN 2.5.0: https://github.com/arjansturing/Auto-OVPN-2.0
We have a variety of clients using UniFi VPNs, including medical & financial. Yes, just using the built-in Win10 client.
What issues specifically are you running into?
Take a look at Wireguard. It is a pure udp vpn solution. It is fast.
You can setup a ubuntu box as a vm and the connect that way or get a vm from Untangle. They have native support built in. Untangle has wireguard support built in
If you want a cloud solution Perimeter 81 Works well.
Hardware based Meraki 65 or 85.
R-
You can work around that on the firewalls or OpenVPN server side, don’t accept OpenVPN traffic from the internal corp subnets. That way the VPN tunnels from the clients will never come up. The clients will retry ad infinitum, but that shouldn’t be an issue (unless the verbosity is too high and the logfiles grow too much.)
I had to write my own service to handle that part - I’ve been testing it at one client for a few weeks now. I’m going to open-source it once I get one legal issue sorted in the next week or so.
Pretty much anything you can have.
This morning, they had errors saying the connection was terminated by the remote computer before it could be completed and also that the remote computer didn’t respond in a timely fashion.
I’ve had “security layer encountered a processing during initial negotiations”
“The network connection between the your computer and VPN server couldn’t be completed because remote server isn’t responding”
I see a lot of successful Fortinet deployments. Not so much Palo.
I choose it because its SSTP support. The integration on Windows it makes simple for clients.
This is exactly the right answer. It’s how we configure it and it works very gracefully.