• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 474
  • Last Modified:

VPN connection


I have two sites connected via ISDN and the first site accesses a computer on the second site by calling its ISDN phone number then controls it remotely using Net OP. Both computers run Windows XP.

ISDN has many problems so I want to replace it with another technology.

I thought about VPN, so I have some questions:
- I need a guide/tutorial on how to set up this connection.

- Will I need a server operating system such as Windows server 2003?

- If I need a server OS, will I need an a domain and active directory?

- Will I need special hardware?

Thanks and best regards,
1 Solution
ISDN is the WAN technology I would recommend looking at either ADSL, FTTC or Leased Line this will improve stability and speed of access.

You can then look at VPN site to site connectivity once your connection is stable.

Dimitris IoakimoglouNetwork AdministratorCommented:
There are several ways to set up a VPN. The most solid way is the site-to-site IPsec VPN using 2 routers. As safe as it can get, set up once and never bother again (Except in case of hardware failure) etc.

Then there's software to do this. Microsoft has a vpn server functionality on its windows servers, I don't know if it works site-to-site or just as dial-in (client to site). And as far as I remember in windows 2003 they didn't have ipsec. Maybe I'm wrong about it, in ANY case this should be your last option. You don't want your VPN to be vulnerable to things like BSOD or, well, any OS anomaly.

Then again, if you choose to go with software, you could use openvpn. It's ssl-based and, well, it's free. And here's how you do that:


and you WILL need that too: http://openvpn.net/index.php/open-source/documentation/howto.html#windows

(you'll need to set it up over AT LEAST an ADSL line...the good part is that your ISP might hook you up with 2 vpn-enabled routers, or you can even ask them to.)
Or you could just buy a single cisco ASA 5505 for example and setup remote VPN

it comes with support so cisco can set it up for you.
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Do you have any sort of internet connection on the two machines or are they disconnected from the grid and your isdn connection is the only external connection they both have?
egyptotsukaAuthor Commented:
I have ADSL on all computers on both sites including the two devices which are connected with ISDN as well.
Have you looked at something like logmein or teamviewer? We use logmein for remote maintenance of servers, and teamviwer for a quick look at a users desktop to see what they are talking about. Teamviewer can be configured for remote access as well.

Is the connection and control only needed in a strict peer-to-peer scenario, as in one pc controlling the other pc and it is only ever those two devices involved? Or is it a one to many scenario where multiple far end devices are used when connecting to the machine to be controlled?

Another option might be teamviwer but utilising the soft vpn connection feature, or the similar service from logmein called hamachi.


egyptotsukaAuthor Commented:
Dear A-Unit,

I already have tried teamviewer for remote connection (it's just a peer-to-peer scenario), it gave me exactly the required functionality but very slowly. It was weird that ISDN connection of a low bandwidth works much faster than teamviewer on a 2 Mb ADSL connection.

Due to the slowness of Teamviewer I decided to look for other solutions.

But I didn't try the VPN option of teamviewer, but I don't think there will be obvious change in speed.
I understand your concerns around latency. This is because your connection is not direct peer to peer, it's via a web service. The VPN functionality will just give you local file access for both devices. Logmein Hamachi has a trial, but you'll have essentially the same type of service so I wouldn't expect to much of a difference with the experience. The ISDN connection is a true peer to peer connection, and is as direct a connection as you can get besides going for a leased line connection or direct fibre link between your sites. All the other solutions will be using your ISP and the rest of the web then the tunnel is virtual, not physical so you'll always have some inherent lag introduced. ISDN is based entirely on your number of channels in use and is always what you have configured with that connection, no surprises. That's why it's still the industry standard for customer voice delivery.

Not too sure what else to tell you for recommendations. All of the above connection methods work and all of them have fors and againsts. Probably the only other recommendation would be a simple firewall rule/acl and port forward (not too sure what your routing hardware is however) that allows a port forward for RDP connections through your router only from the far end external IP address going to the xp box inside the network that you are wanting to connect to. This negates any overheads for your tunnelling protocol, but it's obviously not going to be the most secure for data transmission.
egyptotsukaAuthor Commented:
Thanks A-Unit.

So, do you recommend the use of a VPN router in the site with the server?
It's probably the most straight forward way to go for what you're trying to achieve. It'll be a "dial up" connection for one machine at the far end site connecting to the router at the site with the pc you want to control. You might find your router on site already has this capability too. It doesn't have to be high end to have a simple vpn capability, it just might be more limited than something like a Cisco ASA or router.

Once you've got the VPN in place you can either use the existing program you have been using or rdp in to the desktop of the machine. You'll need to make sure your two sites are in different subnets to keep your routing simple but apart from that it should be fairly straight forward. (e.g. and at your respective sites)

Doing it this way means the link isn't always up as is the case in a hardware based vpn so the traffic is limited to only the machine that is configured with the vpn connection, and it also keeps your config down on the routers - only one end to configure for a dial up vpn connection plus one client to configure.


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now