<div>
If you want your existing connections to continue working, then you probably shouldn't make changes until you've validated a new configuration.<br />
<br />
I'd suggest standing up either a new Windows 2012 R2 box with a new RRAS implementation, or transitioning to something like OpenVPN or SoftEther on Linux.<br />
<br />
Another option would be to just set up a Linux box with SSH tunneling.
</div>


<div>
Hi Asavener,<br />
<br />
I would rather not go down that route of building an entire new server, I want to make it work with the current.<br />
<br />
Would it be an idea to ins RRAS management to select the &quot;add new server&quot; option, and still route it to the same server with stronger protocols, or can that create conflicts with existing routing?<br />
<br />
Thanks
</div>


<div>
Is the RRAS server physical or virtual? &nbsp;If it's virtual, you can just take a snapshot and then play around to your heart's content, and just revert to the snapshot if you need to.<br />
<br />
The problem is that any change to the production system risks disrupting all of your remote users. &nbsp;Whether you're willing to risk having users disconnected for a period of time is something only you can answer.
</div>


<div>
Physical I'm afraid. I would rather not kick all these users out of their current remote sessions.<br />
<br />
Do you have any other suggestions?
</div>


<div>
Schedule a maintenance window, make a backup, and then test while documenting everything you do so that you can revert your changes.<br />
<br />
<a href="https://blogs.technet.microsoft.com/rrasblog/2009/02/11/vpn-tunnel-strategy-defining-the-connection-order-between-various-tunnel-types/" rel="ugc">https://blogs.technet.microsoft.com/rrasblog/2009/02/11/vpn-tunnel-strategy-defining-the-connection-order-between-various-tunnel-types/</a>
</div>


<div>
Thanks for the sugesstions, but you haven't told me if there are any explicit services or protocols that are proven to go around the Chinese firewalls..
</div>


<div>
<div class="content wysiwyg-content">
Hi There,<br />
<br />
We have a 2k12 r2 box as an RRAS VPN server. Currently all the remote clients are on a PPTP connection using the domain authentication for username and password. This works fine as most most of the remote users are in the country. However there is 1 problematic user over in china.<br />
<br />
We have done some research on this and PPTP connections are too easily seen by the Chinese firewall and as such blocked.<br />
<br />
I am looking into adding in an IKEv2 or IPSec connection protocol. However with this already existing infrastructure I am hesitant to implement another protocol and risk breaking a lot of things. I'm still fairly new to VPN and RRAS's. I have made changes on existing setups just haven't added anything in myself.<br />
<br />
Thanks
</div>
</div>


Hi There,

We have a 2k12 r2 box as an RRAS VPN server. Currently all the remote clients are on a PPTP connection using the domain authentication for username and password. This works fine as most most of the remote users are in the country. However there is 1 problematic user over in china.

We have done some research on this and PPTP connections are too easily seen by the Chinese firewall and as such blocked.

I am looking into adding in an IKEv2 or IPSec connection protocol. However with this already existing infrastructure I am hesitant to implement another protocol and risk breaking a lot of things. I'm still fairly new to VPN and RRAS's. I have made changes on existing setups just haven't added anything in myself.

Thanks

implementing stronger VPN connection protocols

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Internet Protocol Security

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.