Sharing a PPTP vpn on LAN
I have a scenario where my office need to connect to another client office vpn using pptp. My office is connected to internet via router and a sonicwall firewall. Say PC1 in my office in the LAN will dial to client server and establish the vpn. This PC1 will be connected 24/7 VPN with client. Now my question how can I allow other PCs (say for eg PC2 and PC3) on the LAN to share the vpn on PC1 whenever they needed it to access the client server. Also while accessing the VPN the Local access as well as the internet should not be disconnected.
there are already site to site vpn established with other offices using sonicwall and this particular client office provides only pptp vpn. they don't have sonicwall devices in their network
Still much more handy to continue site to stie. You can even use a lower priced router (Draytek Vigor) for this issue (though some are limited to only 2 lan-to-lan profiles).
strongly advise to replace the box then. PPTP is unencrypted and insecure, also by doing PPTP through the firewall on your end, you can't inspect the traffic...
Infact this scenario need to be enabled for a testing purpose, where the client won't allow any other form of vpn environment other than PPTP.
I found a link which describes the vpn sharing
https://www.securitykiss.com/resources/tutorials/shared_vpn/windows/
I will try this and update you.
I found a link which describes the vpn sharing
https://www.securitykiss.com/resources/tutorials/shared_vpn/windows/
I will try this and update you.
The solution from your link is useful if you dedicate one PC as a router. Obviously, you need the current router device already, meaning you will now have Internet > modem/router > PC with VPN sharing (2 LAN cards) > LAN
It means, you will complicate the whole network quite a bit.
If you are really firm on only using PPTP and sharing it, replace the router with the aforementioned Draytek Vigor series, not only do they support the easy to setup IPSEC Lan-to-Lan, it also has PPTP dial out profiles.
It means, you will complicate the whole network quite a bit.
If you are really firm on only using PPTP and sharing it, replace the router with the aforementioned Draytek Vigor series, not only do they support the easy to setup IPSEC Lan-to-Lan, it also has PPTP dial out profiles.
If you are stuck on using PPTP, make sure the PPTP terminator is in a DMZ zone of your firewall and not straight in your lan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That may work, but you need two NICs. A better way is to use Routing and Remote Access for that.
On a server OS it is very easy to set up; just add the interface in the NAT section as private without using an address pool.
On a client OS it is more tricky as you cannot access RRAS via GUI. I've written an (old) article to that regard: https://www.experts-exchange.com/articles/350/Using-remote-client-connections-VPN-ISDN-PPTP-aso-for-routing-in-Windows.html which should stil work for recent client OS.
On a server OS it is very easy to set up; just add the interface in the NAT section as private without using an address pool.
On a client OS it is more tricky as you cannot access RRAS via GUI. I've written an (old) article to that regard: https://www.experts-exchange.com/articles/350/Using-remote-client-connections-VPN-ISDN-PPTP-aso-for-routing-in-Windows.html which should stil work for recent client OS.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
For a 24/7 it's more advised to use a Site-to-Site VPN tunnel
View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com
Multiply the effectiveness of your APT Sandbox, stop unknown and zero-day attacks at the gateway. See a demo on http://apt-demo.com or http://atp.demo.com
You can also view the Next-Generation Firewalls via
http://next-generation-firewall.com or http://next-generation-firewall-demo.com