• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 589
  • Last Modified:

Dial-up VPN within Terminal Services session

Hi experts,

Bit of an unusual scenario here, but we are doing a desktop replacement (to thin client) rollout and some users have an application which requires a soft (i.e. dial-up) VPN.  

They currently have this app and the VPN settings installed on their desktop (XP) machines but every user will now go full Citrix XenApp desktop.

Question is, can I allow per-user VPN connections from Terminal Services and what effect will that have on the server and the other users on the box?

Thanks.
0
Codestone
Asked:
Codestone
  • 2
  • 2
2 Solutions
 
nappy_dCommented:
Do you have a separate device that is your firewall/router on your network? If so, this should be used to manage all client VPN connections.

I would not recommend that you implement a VPN solution on your box that is also your Citirx server.
0
 
CodestoneAuthor Commented:
Hi nappy,

Thanks for your reply, but II think you've misunderstood.

I'm not suggesting we use a XenApp server as a VPN/RAS Server.

The users which are 'sat' on the box need to establish a [Windows Dial-Up networking] VPN to a remote service so that their application can communnicate with a remote server.

I hope that is clearer?

Thanks.
0
 
woodmouseCommented:
That's not what nappy meant... I think he quite understood, not to install any 3rd party VPN software on a terminalserver or Citrix server.
You'd end up to have virtual networkcards that build up the IPSTACK, either by IPSEC vpn software or PPTP VPN - and that can confuse your terminal server big time.

I would recommend to try XenDesktop to virtualise desktops indepentantly... and install VPN software there... that way, you won't end up having multiple users connecting software-like VPN's on one box...

You don't make multiple VPN connections using software neither (at least, not at random...) and this is what's just going to happen, if you let multiple users login to Citrix (or TSE), and work each with (the same) VPN software solution...

I really think that this is "not done" on a terminal-server.
0
 
nappy_dCommented:
Agrred with woodmouse.

In your case, if the vpn connections from the XenApp desktops are being made to another end point, I woul recommend that you relieve your virtual desktops of this task and work with the remote site admin(if not you) to create a site-ste vpn between your networks.

It would make more sense.
0
 
CodestoneAuthor Commented:
I agree with both of you and this is not a design of my choosing - I'm putting this question up here for some back up on my own points which you have both made, so thank you.

Agreed nappy, site-to-site VPN would be more appropriate but is unfortinately not a possibility for political reasons outside of my control.

Points split 70/30; nappy.

Thanks both.

J.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now