Best VPN solution in a Windows environment

Alan Dala
Alan Dala used Ask the Experts™
Hi -

I've inherited a network where PPTP is used as a VPN method for remote users. Obviously this is a security concern. I'm looking around to improve this but I'm not sure which way to go. I was thinking about SSTP or just a third party solution. Probably a third party solution would be the best but I'm looking for a free or very cheap solution. I'm running Windows 2012 R2 and most users have Windows 7/8.

Thank you for your help!
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Scott CSenior Engineer
Just some or cheap very rarely have quality in the same sentence when talking about network and server solutions.

Get something good and pay the money.
Paul MacDonaldDirector, Information Systems
You can set up L2TP using RRAS.  SSTP is an option as well, on the server side.
Agree with ScottCha!

I usually setup my clients with either Cisco AnyConnect SSL VPN on ASA or  SonicWall SSL VPN, but if you have the time and equitment, and old computer with a couple of nics, you can setup a pfsense VPN server. not for the faint of heart, but worth a try if you dont have the budget for a better solution. check the link below for a brief how to.

Again I agree with ScottCha!  you should spend the money and buy something good with support.
"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
For the occasional dial-in, PPTP is still a solution. It's not really secure, if you do not use extremely large passwords (because those are used to encrypt traffic).
L2TP requires a certificate on the client side, and AFAIK works only with a single IPSec passphrase for all connections.
SSTP adds a SSL layer, but SSL can be pretty weak too if parameters are chosen badly.

As ScottCha mentioned, better security (and reliability) goes with higher investment. A VPN device plus clients (plus licenses) is much more secure, no matter whether you choose IPSec or SSL VPN. For anything you choose, you have to pay either by lowering security, adding own effort or buying something.

If you want a no-cost secure solution, but without luxury in regard of firewall and authentication restrictions, you can implement a certificate-based (free) OpenVPN  solution. It uses its own kind of SSL, and allows for user authentication and scripting (for authentication, connection and many more). You'll have to pay the no-cost part with your work time, though - using OpenVPN needs some effort to get it right.
The commercial OpenVPN (OpenVPN Access Server) does a better job in supporting you if have more advanced needs with OpenVPN.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial