• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 631
  • Last Modified:

Windows 7 and multiple VPNs

I have a client that serves a large number of offsite issues for their clients using various VPNs, I cannot dictate what VPN clients they can use nor best practice models. Some of the VPN clients are old citrix, some are cisco, some are Sonicwall, just any flavor really. In total ther are 11 stations each configured with 15 VPN clients, invariably using one, breaks another, the desktop client is XP. Some of the VPN clients that dont play nicely together are isolated in a "kiosk" type scenario. Today I need to bring these stations up to date with windows 7, most of these vpn clients dont work on 7 at all. The IT director does not want to use VMs to acheive the desired end result. I am seriously at a loss relating to advancing with this task.
0
microcomputers
Asked:
microcomputers
  • 3
  • 2
2 Solutions
 
QlemoC++ DeveloperCommented:
One idea is to use a single VPN client which is able to connect to different device types, like the free ShrewSoft VPN client or the commercial NCP. Both work on W7 (x64 and x86), and can replace Cisco and several more. Shrew does not support Sonicwall, and I don't know that for NCP.

In any case you will be able to cover only some of the VPNs. Citrix needs to be on its own, Check Point, and some others; I really would let those run with XP in Kiosk mode.

What I have done to support as much clients as possible is to try to let them run in router mode, and kick the connection by batch. Cisco VPN allows for that, if it does not block local network address. Some VPNs do not use a visible NIC, so they are not routable (Shrew is one of them). You can see how I did that in my article
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/A_350-Using-remote-client-connections-VPN-ISDN-PPTP-aso-for-routing-in-Windows.html
0
 
microcomputersAuthor Commented:
Most interesting approach, I could ostensibly reach the lions share of these clients using such a tool and then those that require isolation can be identified and seperated from the rest...most interesting approach. Shrew soft does look like a promising tool. I will need to test it myself..
0
 
microcomputersAuthor Commented:
Well I attempted this approach and more information was revealed to me as I began to chase this dog. The biggest offenders are Citrix clients. We have about 15 different VPN clients of them 6 are citrix, some of these citrix installs are very old clients and the newer clients break the older ones. Is there anyway to isolate these installs so they can exist together on the same box??
0
 
QlemoC++ DeveloperCommented:
Never tried that (never had to). I had only used ICA up to know, no VPN of Citrix. As far as it is documented, Citrix uses a net shim located in NDIS (written by Net6) to remap ports and addresses to local addresses, and encrypt that via SSL. That does not allow for different versions of SSL VPN, nor for other (IPSec) VPN clients. The latter is nothing new, it is the same with many VPN Clients. What really surprises me is that a newer SSL version does not work with older gateways. Bad design, if you ask me.

The only way to accomplish "coexistence" of such [censored] VPN clients is to use separate VMs for each release, e.g. with Xen (which would allow for a "low profile" solution, using the OS code for more than one machine). However, since that SSL VPNs are not routable, you need to run the SSLs in a RDP session. Bit clumsy, but I can't imagine anything else working here.
0
 
QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now