Best VPN solution in a Windows environment

Hi -

I've inherited a network where PPTP is used as a VPN method for remote users. Obviously this is a security concern. I'm looking around to improve this but I'm not sure which way to go. I was thinking about SSTP or just a third party solution. Probably a third party solution would be the best but I'm looking for a free or very cheap solution. I'm running Windows 2012 R2 and most users have Windows 7/8.

Thank you for your help!
Alan DalaITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott CSenior EngineerCommented:
Just some advice....free or cheap very rarely have quality in the same sentence when talking about network and server solutions.

Get something good and pay the money.
Paul MacDonaldDirector, Information SystemsCommented:
You can set up L2TP using RRAS.  SSTP is an option as well, on the server side.
lruiz52Commented:
Agree with ScottCha!

I usually setup my clients with either Cisco AnyConnect SSL VPN on ASA or  SonicWall SSL VPN, but if you have the time and equitment, and old computer with a couple of nics, you can setup a pfsense VPN server. not for the faint of heart, but worth a try if you dont have the budget for a better solution. check the link below for a brief how to.

Again I agree with ScottCha!  you should spend the money and buy something good with support.

http://www.derman.com/blogs/IPSec-VPN-Server-Setup-No-Certs
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
For the occasional dial-in, PPTP is still a solution. It's not really secure, if you do not use extremely large passwords (because those are used to encrypt traffic).
L2TP requires a certificate on the client side, and AFAIK works only with a single IPSec passphrase for all connections.
SSTP adds a SSL layer, but SSL can be pretty weak too if parameters are chosen badly.

As ScottCha mentioned, better security (and reliability) goes with higher investment. A VPN device plus clients (plus licenses) is much more secure, no matter whether you choose IPSec or SSL VPN. For anything you choose, you have to pay either by lowering security, adding own effort or buying something.

If you want a no-cost secure solution, but without luxury in regard of firewall and authentication restrictions, you can implement a certificate-based (free) OpenVPN  solution. It uses its own kind of SSL, and allows for user authentication and scripting (for authentication, connection and many more). You'll have to pay the no-cost part with your work time, though - using OpenVPN needs some effort to get it right.
The commercial OpenVPN (OpenVPN Access Server) does a better job in supporting you if have more advanced needs with OpenVPN.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.