• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 470
  • Last Modified:

VPN connection

Hi,

I have two sites connected via ISDN and the first site accesses a computer on the second site by calling its ISDN phone number then controls it remotely using Net OP. Both computers run Windows XP.

ISDN has many problems so I want to replace it with another technology.

I thought about VPN, so I have some questions:
- I need a guide/tutorial on how to set up this connection.

- Will I need a server operating system such as Windows server 2003?

- If I need a server OS, will I need an a domain and active directory?

- Will I need special hardware?

Thanks and best regards,
0
egyptotsuka
Asked:
egyptotsuka
1 Solution
 
DJ2liveUKCommented:
ISDN is the WAN technology I would recommend looking at either ADSL, FTTC or Leased Line this will improve stability and speed of access.

You can then look at VPN site to site connectivity once your connection is stable.

HTH
0
 
Dimitris IoakimoglouCommented:
There are several ways to set up a VPN. The most solid way is the site-to-site IPsec VPN using 2 routers. As safe as it can get, set up once and never bother again (Except in case of hardware failure) etc.

Then there's software to do this. Microsoft has a vpn server functionality on its windows servers, I don't know if it works site-to-site or just as dial-in (client to site). And as far as I remember in windows 2003 they didn't have ipsec. Maybe I'm wrong about it, in ANY case this should be your last option. You don't want your VPN to be vulnerable to things like BSOD or, well, any OS anomaly.

Then again, if you choose to go with software, you could use openvpn. It's ssl-based and, well, it's free. And here's how you do that:

http://openvpn.net/index.php/component/content/article/27-server-config/209-how-do-i-setup-openvpn-access-server-to-use-site-to-site.html

and you WILL need that too: http://openvpn.net/index.php/open-source/documentation/howto.html#windows

(you'll need to set it up over AT LEAST an ADSL line...the good part is that your ISP might hook you up with 2 vpn-enabled routers, or you can even ask them to.)
0
 
mo_patelCommented:
Or you could just buy a single cisco ASA 5505 for example and setup remote VPN

it comes with support so cisco can set it up for you.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
A-UnitCommented:
Do you have any sort of internet connection on the two machines or are they disconnected from the grid and your isdn connection is the only external connection they both have?
0
 
egyptotsukaAuthor Commented:
A-Unit,
I have ADSL on all computers on both sites including the two devices which are connected with ISDN as well.
0
 
A-UnitCommented:
Have you looked at something like logmein or teamviewer? We use logmein for remote maintenance of servers, and teamviwer for a quick look at a users desktop to see what they are talking about. Teamviewer can be configured for remote access as well.

Is the connection and control only needed in a strict peer-to-peer scenario, as in one pc controlling the other pc and it is only ever those two devices involved? Or is it a one to many scenario where multiple far end devices are used when connecting to the machine to be controlled?

Another option might be teamviwer but utilising the soft vpn connection feature, or the similar service from logmein called hamachi.

HTH,

A.
0
 
egyptotsukaAuthor Commented:
Dear A-Unit,

I already have tried teamviewer for remote connection (it's just a peer-to-peer scenario), it gave me exactly the required functionality but very slowly. It was weird that ISDN connection of a low bandwidth works much faster than teamviewer on a 2 Mb ADSL connection.

Due to the slowness of Teamviewer I decided to look for other solutions.

But I didn't try the VPN option of teamviewer, but I don't think there will be obvious change in speed.
0
 
A-UnitCommented:
I understand your concerns around latency. This is because your connection is not direct peer to peer, it's via a web service. The VPN functionality will just give you local file access for both devices. Logmein Hamachi has a trial, but you'll have essentially the same type of service so I wouldn't expect to much of a difference with the experience. The ISDN connection is a true peer to peer connection, and is as direct a connection as you can get besides going for a leased line connection or direct fibre link between your sites. All the other solutions will be using your ISP and the rest of the web then the tunnel is virtual, not physical so you'll always have some inherent lag introduced. ISDN is based entirely on your number of channels in use and is always what you have configured with that connection, no surprises. That's why it's still the industry standard for customer voice delivery.

Not too sure what else to tell you for recommendations. All of the above connection methods work and all of them have fors and againsts. Probably the only other recommendation would be a simple firewall rule/acl and port forward (not too sure what your routing hardware is however) that allows a port forward for RDP connections through your router only from the far end external IP address going to the xp box inside the network that you are wanting to connect to. This negates any overheads for your tunnelling protocol, but it's obviously not going to be the most secure for data transmission.
0
 
egyptotsukaAuthor Commented:
Thanks A-Unit.

So, do you recommend the use of a VPN router in the site with the server?
0
 
A-UnitCommented:
It's probably the most straight forward way to go for what you're trying to achieve. It'll be a "dial up" connection for one machine at the far end site connecting to the router at the site with the pc you want to control. You might find your router on site already has this capability too. It doesn't have to be high end to have a simple vpn capability, it just might be more limited than something like a Cisco ASA or router.

Once you've got the VPN in place you can either use the existing program you have been using or rdp in to the desktop of the machine. You'll need to make sure your two sites are in different subnets to keep your routing simple but apart from that it should be fairly straight forward. (e.g. 192.168.1.0/24 and 192.168.2.0/24 at your respective sites)

Doing it this way means the link isn't always up as is the case in a hardware based vpn so the traffic is limited to only the machine that is configured with the vpn connection, and it also keeps your config down on the routers - only one end to configure for a dial up vpn connection plus one client to configure.

Cheers,

A.
0

Featured Post

[Video] Create a Disruption-Free Workspace

Open offices have their challenges. And Sometimes, it's even hard to work at work. It's time to reclaim your office and create a disruption-free workspace. With the MB 660, you can:

-Increase Concentration
-Improve well-being
-Boost Productivity

Tackle projects and never again get stuck behind a technical roadblock.
Join Now