Solved

Dial-up VPN within Terminal Services session

Posted on 2010-09-17
5
575 Views
Last Modified: 2013-11-21
Hi experts,

Bit of an unusual scenario here, but we are doing a desktop replacement (to thin client) rollout and some users have an application which requires a soft (i.e. dial-up) VPN.  

They currently have this app and the VPN settings installed on their desktop (XP) machines but every user will now go full Citrix XenApp desktop.

Question is, can I allow per-user VPN connections from Terminal Services and what effect will that have on the server and the other users on the box?

Thanks.
0
Comment
Question by:Codestone
  • 2
  • 2
5 Comments
 
LVL 32

Expert Comment

by:nappy_d
Comment Utility
Do you have a separate device that is your firewall/router on your network? If so, this should be used to manage all client VPN connections.

I would not recommend that you implement a VPN solution on your box that is also your Citirx server.
0
 
LVL 1

Author Comment

by:Codestone
Comment Utility
Hi nappy,

Thanks for your reply, but II think you've misunderstood.

I'm not suggesting we use a XenApp server as a VPN/RAS Server.

The users which are 'sat' on the box need to establish a [Windows Dial-Up networking] VPN to a remote service so that their application can communnicate with a remote server.

I hope that is clearer?

Thanks.
0
 
LVL 3

Assisted Solution

by:woodmouse
woodmouse earned 150 total points
Comment Utility
That's not what nappy meant... I think he quite understood, not to install any 3rd party VPN software on a terminalserver or Citrix server.
You'd end up to have virtual networkcards that build up the IPSTACK, either by IPSEC vpn software or PPTP VPN - and that can confuse your terminal server big time.

I would recommend to try XenDesktop to virtualise desktops indepentantly... and install VPN software there... that way, you won't end up having multiple users connecting software-like VPN's on one box...

You don't make multiple VPN connections using software neither (at least, not at random...) and this is what's just going to happen, if you let multiple users login to Citrix (or TSE), and work each with (the same) VPN software solution...

I really think that this is "not done" on a terminal-server.
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 350 total points
Comment Utility
Agrred with woodmouse.

In your case, if the vpn connections from the XenApp desktops are being made to another end point, I woul recommend that you relieve your virtual desktops of this task and work with the remote site admin(if not you) to create a site-ste vpn between your networks.

It would make more sense.
0
 
LVL 1

Author Comment

by:Codestone
Comment Utility
I agree with both of you and this is not a design of my choosing - I'm putting this question up here for some back up on my own points which you have both made, so thank you.

Agreed nappy, site-to-site VPN would be more appropriate but is unfortinately not a possibility for political reasons outside of my control.

Points split 70/30; nappy.

Thanks both.

J.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Citrix XenDesktop 7.6 Citrix Policies Graphics
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now