VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

I would like someone to explain to me in simplistic terms what is the "VPN"?.  Do I need it and if so what is the easiest app and method  to set up and is it Free?
0
Determine the Perfect Price for Your IT Services
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Hi guys

As part of the last question I asked about firewall rules, I am looking at our firewall right now and monitoring the traffic. I'm looking at the traffic between VPN connections from our stores to a main server. These stores are all using the same application to communicate with the server. However, I'm looking at the server and it is receiving connections from our various stores, but every single store is communicating via a different port. So one store will be coming through port 4274. The other one will send it via port 4288. My point is, are applications specifically written in this way to prevent security breaches from happening by constantly randomising their port sequences so that they can't be 'guessed' by a malicious attacker?

And if that is the case, surely going back to the answers being given previously, this does warrant the ability for the 'ANY' ports to be open from site A to site B via VPN.

Thank you
Yash
0
Is it possible to use Cisco AnyConnect VPN client to make VPN connections instead of old Cisco VPN client v5.0.07.0440?
Here is a screenshot of the old VPN client connection settings:Old Cisco VPN connection properties
If yes, what the anyConnect's XML profile would be?
0
Hello,

I am looking for help to configure Juniper SSG5 VPN. we have 1 locally hosted website. we want our remote laptop user to access this website when they are out of office. our lan IP is 192.168.0.1 and server IP is 192.168.0.15 Firewall local IP is 192.168.0.8. Firewall is direct connected with service provider WAN IP.
0
This is likely networking 101, but.... I'm stuck.

SBS 2011 server at location A (192.168.1.0 subnet)
Location B is connected to location A with VPN, subnet 192.168.2.0.  The router at location B currently gives out public DNS IP addresses

What's the right way to set things up for domain added laptops running win 10 pro at location B to be able to access shares on the server like \\serer\files?  The server is the domain controller.  There's only that 1 server.

Use a Hosts file?  It has that now with entries:

server  192.168.1.3
server.domainname.local  192.168.1.3 (is this needed?)

When they click on a mapped drive, a windows security box pops up asking for credentials, and even though we check 'remember my credentials', it asks again after a reboot.  This window ALSO says 'the system cannot contact a doimain controller to service the authentication request.  Please try again later.

You click OK after adding credentials, get to the files and all is fine.  till a reboot.

What do I need to do so it can get to the domain controller across the VPN?

Why doesn't it save the credentials after a reboot?

Why does it even ask for the credentials - the user and password entered when logging in are the credentials.

THANKS!
0
I have a dynamic IP address from my cable company...
I would like to set up a VPN so that when on vacation I can use my laptop
to access my primary computer at home...

I signed up with OpenDNS so that it would resolve my public IP...
I set up the OpenDNS settings in my router...
And I downloaded the the OpenDNS updater...

Now....I don;t know what to do and I'm not finding any good explanation at OpenDNS...

Can anyone talk me thru this...???
0
I guess I really don't know what I am doing.

Working on an SBS 2011 Standard machine on subnet 192.168.1.0.

There's a vpn to a remote location 192.168.2.0

A new laptop at the remote site with windows 10 / office 2016 keeps getting an error about the autodiscover.domain.com certificate.  It says the name on the security cert is invalid or does not batch the name of the site.

Clicking on view cert, it says it's issued to: domain.com   issued by let's encrypt authority x3 with valid date of 8/14/18 to 11/12/18

WE DO have a certifficate for the domain issued by comodo.  From a browser, if you type remote.domain.com/owa, you get to the owa page and it says it's secured with the comodo cert.

anyone know where the lets encrypt certificate is coming from?

Other laptops at that remote location are working fine for email.
0
One of our clients uses the Draytek vigor 2960 and the Vigor 2830, and we have been having ongoing intermittent issues with VPN where when connected it cannot find devices on the remote LAN. Restarting the routers appears to fix the issue for a day or so, but then repeats. We have the most up to date firmware and have tried SSL VPN's to see if that makes a difference, but it has not.
0
Hi All,

I need some assistance setting up the below. I've got 3 "subnets" to set up internally. All must be able to reach the internet through the suppliers router.

The networks are 2x /26 and 1x /27. VLANS 601 & 603 are desktop pc's. VLAN 602 will be Cisco phones. 601 and 603 do not need any seperation, they're just to cover the seperate DHCP ranges. DHCP will be provided by an external source (hopefully) through a VPN setup on the ASA Firewall. I'm looking to setup outside interface, inside interface and access for all vlans.

Is anyone able to provide a sample config on how I could get this working?

Network Overview
Thanks,

J
0
After deploying Sonicwall SSL-VPN on a NSA 2400, an user thats been imported from Active Directory is unable to log in.  The problem has been isolated to the fact that in AD, the user has Log On To exclusions for PC's. After disabling this, the user is able to connect to SSL-VPN.  The question at hand is how can SSL-VPN be used along with the Log On To.  The user needs to be restricted via AD.
0
Big Business Goals? Which KPIs Will Help You
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

I have a Visual FoxPro program running. it uses a local cursor engine.
To use the program from home, people use a VPN solution (openVPN)

Using this, we have poor performance.
We use lines with a 200mbit down and 50 mbit upload speed.  (vendor = Telenet Belgium)

The database has a traffic of 100mbyte totally  during a complete session, so it should fly.
However: on a 100Mbit network it works realtime. response times are very low.

Using openVPN, response times are like minutes.
The internet connection is real fast. So OpenVPN is what slows us down.

I put send and receive buffers to 0 in both server and ws config file. This fastenes the systyem up, but far..  far from enough.

There must be other settings to speed openVPN traffic up. But what can I do?
0
There are a LOT of VPN services available...
They all advertise  complete anonymity...worlds fastest speed...total security etc...
It's hard to figure out which one to go with...

My needs are...
I have cable TV but might dump it in the future...
I have Netflix and Prime...
I have a network of 7 computers, one Mac and one Linux...
My ISP is cable with 200 MB down speed...

I would consider setting up  my router with DD-WRT...

So...I am looking for opinions on the various VPN suppliers....who are you using and
is it doing the job for you...
0
Is it possible to configure the SSL VPN on Sonicwall such that all traffic will route through Sonicwall, except the networking printing, where it should go to the client's network printing ?

Currently, a remote VPN client can't print to his network printer if "Tunnel all mode" is on. It can only work if the setting is off.

Can I setup a routing table in SSL VPN to tell Sonicwall how to route a client's network subnet back to the client ?

Thx
0
What steps do I need to take to change the internet routing settings so that internet traffic is routed through an Always On VPN connection (whenever I am connected to the Always On VPN)?

Can this be done by configuring proxy server settings on the Windows 10 client computer that is connected to the Always On VPN connection?

I need to be sure that I can still connect to the internet whenever I am not connected to the Always On VPN.
0
BACKGROUND:
I run a small association, with about 400 members.  We're implementing new technology all the time, to support our vision for the future of what we want to do for members, and we have just recently invested in an HPE Proliant ML110 Gen9 server.  I'm the defacto "CIO" and tech guru, so I got to install Windows Server 2016, setup (so far) three Virtual Machines, and have just installed Microsoft "CAL's" to allow access for RDP clients.   We host an accounting application for a few of our members, and we want to increase those "mini-cloud services", including bookkeeping services.   Thus the investment in a new server.  

Each VM I have assigned a static IP address.  Our current Windows 10 Pro server allows users to login (up to 10) and run the application, from their personal desktop.  I wanted to beef up security, partitioning the disk into VM's, so each user doesn't even know their are other users on the server.   So, we recently purchased a Linksys Router -- an EA9400 wireless unit -- but the Linksys support folks tell me that the reason our RDP clients can't get access to the VM's is the router tables don't support a VPN connection; and that this is what we'll need to setup for them to get access.  

My plan is to have each user assigned to a unique IP port (not 3389, but something like 5000, 5001, 5002, etc. and for each entry, create a VPN table entry that routes the user to the correct virtual machine.   Seemed rather straight forward to …
0
I just implemented Microsoft Always On VPN within my Server 2016 network.

However, I am finding that I am not able to connect to this VPN from many places including public guest Wi-Fi networks. When trying to connect I get an error message saying that "The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g. firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem."

So far I have only been able to successfully connect to this Always On VPN network in around 15% of the places where I have tried connecting. Whenever I am unable to connect I receive the error message mentioned above and shown in the screenshot. Otherwise, everything works great as long as I am able to successfully connect.

So is it possible to change the ports that Direct Access VPN is using to more commonly used ports (such as 80 and 443) that won't be blocked and then using NAT or some other technique if necessary to convert these ports back to their original port numbers? The firewall that is being used in this network is a SonicWALL TZ600.

Always on VPN error
0
What steps do I need to follow to configure the Direct Access VPN to connect to the VPN before a user logs onto his/her Windows 10 laptop while outside of the office?

Or how can I make it so that the Direct Access VPN will connect to the VPN right after the user types in his/her username and password so that the logons to the Windows 10 laptops (while outside of the office) will be authenticated by the Server 2016 domain controller?

I would like to make it so that all logins to the Windows 10 laptops (while outside of the office) will be authenticated by the Server 2016 domain controller.

According to our corporate policies, the only places users are allowed to log in to their laptops is while at home and all users have internet access at home.
1
I just implemented Microsoft direct Access VPN within my Server 2016 network.

However, I am finding that I am not able to connect to this VPN from many places including public guest Wi-Fi networks. When trying to connect I get an error message saying that "The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g. firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem."

So far I have only been able to successfullly connect to this Always On VPN network in around 15% of the places where I have tried connecting. Wheneve I am unable to connect I receive the error message mentioned above and shown in the screenshot. Otherwise everything works great as long as I am able to successfully connect.

So is it possible to change the ports that Direct Access VPN is using to more commonly used ports (such as 80 and 443) that won't be blocked and then using NAT or some other technique if necessary to convert these ports back to their original port numbers? The firewall that is being used in this network is a SonicWALL TZ600.

Always on VPN error
0
I have a client environment within AWS, that uses a Direct Connect solution to connect to an external resource.  I have now been asked to create a VPN connection to the environment for a new resource for the web solution.
We currently have the direct connection associated with a Virtual Private Gateway, which is attached to the VPC that the solution resides.
Having not had a massive amount of experience with this part of AWS I'm a little unsure how i can proceed - from reading I can only have 1 VPG attached to a VPC at any one time - so creating a second VPG and creating the VPN connection on that is not possible. but if i create a new VPN connection on the existing VPG, will this work and how will the routing for this work to decide what traffic goes were after i add a route to the VPG for VPN traffic?
0
Webinar: Miercom Evaluates Wi-Fi Security
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

I have multiple OpenVPNs running on my updated Windows 10 workstation.  I did until they stopped working anyway.  I used to be able to get 3 TAP adapters working, then after a reboot they stopped.  I deleted all of them with "C:\Program Files\TAP-Windows\bin\deltapall.bat" and re-installed two adapters with "C:\Program Files\TAP-Windows\bin\addtap.bat."   Sadly, only the first one will connect.  A second OpenVPN connection fails with the following messages in log:

Thu Aug 23 17:01:07 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Thu Aug 23 17:01:07 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Aug 23 17:01:07 2018 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Enter Management Password:
Thu Aug 23 17:01:09 2018 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Thu Aug 23 17:01:09 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]100.100.100.100:1198 
Thu Aug 23 17:01:09 2018 TCP/UDP: Socket bind failed on local address [AF_INET6][undef]:1194
Thu Aug 23 17:01:09 2018 Exiting due to fatal error

Open in new window

(Actual IP Replaced above)
Note that it fails on LOCAL port 1194 -- the remote port for this connection is 1198, but it is the second connection.  There is a live connection on REMOTE PORT 1194, but I have no ide what that has to do with local port 1194.  It does not matter which adapter I delete or which remote port the VPN is on, it will connect any VPN on any adapter, but only 1 at a time.  All others fail with the above error.
I hope some expert can help, this is hurting my productions.
Thanks!
0
I am adding a branch location to my main office. I have a domain server in the HQ and now adding a domain server in the branch office and will set up a site-to-site AD replication.
I will need a VPN connection to do the replication; I do not want to replace my routers to a VPN router, rather would install the server VPN role and make a VPN connection between both host servers.

The domain server is a hyper-v server

Is this something you would recommend?
0
I have a sonicwall TZ300, that seems to be causing our AD server to peak above 90% when someone log's in on the SSL single sign on VPN.
The reason we believe it's the VPN SSO, is that the we can see on the server, CIAservice.exe hit 49% cpu usage. This service is the SSO agent that links to our AD.

Any idea how we can stop this from peaking so much ?

DC is windows 2012
0
We continue to fail a PCI scan on our Cisco ASA firewall due to cipher vulnerabilities as following (Note - all on UDP port 500,  TLS minimum set to TLS1.1);
- Weak encryption ciphers, such as DES or 3DES, were identified as supported on this VPN device.
- Weak Diffie-Hellman groups identified on VPN Device. Use Diffie-Hellman Key Exchange Group 5 or higher where possible, or the highest available to the VPN endpoints.

We use the Cisco Anyconnect client for connections, with all clients accessing AES256

After setting the firewall DH group level to 5 and Cipher security level to MEDIUM (no DES/3DES support) I am still seeing PCI failures due to DES/3DES and a DH group level of 2.
Can anyone explain this (and how to resolve)? Does the ASA require a reload to use the new settings?

Following is the cipher information from the firewall;
asa1234x# sh ssl cipher
Current cipher configuration:
default (custom): AES256-SHA:AES128-SHA
  AES256-SHA
  AES128-SHA
tlsv1 (medium):
  DHE-RSA-AES256-SHA
  AES256-SHA
  DHE-RSA-AES128-SHA
  AES128-SHA
tlsv1.1 (medium):
  DHE-RSA-AES256-SHA
  AES256-SHA
  DHE-RSA-AES128-SHA
  AES128-SHA
tlsv1.2 (medium):
  DHE-RSA-AES256-SHA256
  AES256-SHA256
  DHE-RSA-AES128-SHA256
  AES128-SHA256
  DHE-RSA-AES256-SHA
  AES256-SHA
  DHE-RSA-AES128-SHA
  AES128-SHA
dtlsv1 (medium):
  DHE-RSA-AES256-SHA
  AES256-SHA
  DHE-RSA-AES128-SHA
  AES128-SHA
asa1234x#
0
every now and then the ikev1&ikev2 settings on the outside interface disappeared and the vpn stopped working.
has any of you seen such issue?

only way i fix it is to re enabled by ticking the checkboxes via asdm.

devices used: cisco asa5506

please advise.
0
I have an Asus RT-AC68U, it works really well. For a while I've been using the DDNS service and PPTP to VPN home, when needed.
We've recently upgraded our home internet service, now my WAN IP is an internal, private address - 192.168.0.4.
I can still surf, no issue, but I can't use either DDNS for PPTP.

Any ideas?

Thanks,

Frank
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.