Dial-up VPN within Terminal Services session

Posted on 2010-09-17
Last Modified: 2013-11-21
Hi experts,

Bit of an unusual scenario here, but we are doing a desktop replacement (to thin client) rollout and some users have an application which requires a soft (i.e. dial-up) VPN.  

They currently have this app and the VPN settings installed on their desktop (XP) machines but every user will now go full Citrix XenApp desktop.

Question is, can I allow per-user VPN connections from Terminal Services and what effect will that have on the server and the other users on the box?

Question by:Codestone
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 32

Expert Comment

ID: 33699858
Do you have a separate device that is your firewall/router on your network? If so, this should be used to manage all client VPN connections.

I would not recommend that you implement a VPN solution on your box that is also your Citirx server.

Author Comment

ID: 33699904
Hi nappy,

Thanks for your reply, but II think you've misunderstood.

I'm not suggesting we use a XenApp server as a VPN/RAS Server.

The users which are 'sat' on the box need to establish a [Windows Dial-Up networking] VPN to a remote service so that their application can communnicate with a remote server.

I hope that is clearer?


Assisted Solution

woodmouse earned 150 total points
ID: 33700112
That's not what nappy meant... I think he quite understood, not to install any 3rd party VPN software on a terminalserver or Citrix server.
You'd end up to have virtual networkcards that build up the IPSTACK, either by IPSEC vpn software or PPTP VPN - and that can confuse your terminal server big time.

I would recommend to try XenDesktop to virtualise desktops indepentantly... and install VPN software there... that way, you won't end up having multiple users connecting software-like VPN's on one box...

You don't make multiple VPN connections using software neither (at least, not at random...) and this is what's just going to happen, if you let multiple users login to Citrix (or TSE), and work each with (the same) VPN software solution...

I really think that this is "not done" on a terminal-server.
LVL 32

Accepted Solution

nappy_d earned 350 total points
ID: 33700144
Agrred with woodmouse.

In your case, if the vpn connections from the XenApp desktops are being made to another end point, I woul recommend that you relieve your virtual desktops of this task and work with the remote site admin(if not you) to create a site-ste vpn between your networks.

It would make more sense.

Author Comment

ID: 33700500
I agree with both of you and this is not a design of my choosing - I'm putting this question up here for some back up on my own points which you have both made, so thank you.

Agreed nappy, site-to-site VPN would be more appropriate but is unfortinately not a possibility for political reasons outside of my control.

Points split 70/30; nappy.

Thanks both.


Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #XenApp #Citrix Scout #Citrix Insight Services #Microsoft VMMAP #Microsoft ADEXPLORE #Microsoft RAMMAP #Microsoft TCPVIEW #Microsoft AUTORUNS #Microsoft PROCESS EXPLORER #Microsoft PROCESS MONITOR
What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question