[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a dynamic IP address from my cable company...
I would like to set up a VPN so that when on vacation I can use my laptop
to access my primary computer at home...

I signed up with OpenDNS so that it would resolve my public IP...
I set up the OpenDNS settings in my router...
And I downloaded the the OpenDNS updater...

Now....I don;t know what to do and I'm not finding any good explanation at OpenDNS...

Can anyone talk me thru this...???
0
I guess I really don't know what I am doing.

Working on an SBS 2011 Standard machine on subnet 192.168.1.0.

There's a vpn to a remote location 192.168.2.0

A new laptop at the remote site with windows 10 / office 2016 keeps getting an error about the autodiscover.domain.com certificate.  It says the name on the security cert is invalid or does not batch the name of the site.

Clicking on view cert, it says it's issued to: domain.com   issued by let's encrypt authority x3 with valid date of 8/14/18 to 11/12/18

WE DO have a certifficate for the domain issued by comodo.  From a browser, if you type remote.domain.com/owa, you get to the owa page and it says it's secured with the comodo cert.

anyone know where the lets encrypt certificate is coming from?

Other laptops at that remote location are working fine for email.
0
One of our clients uses the Draytek vigor 2960 and the Vigor 2830, and we have been having ongoing intermittent issues with VPN where when connected it cannot find devices on the remote LAN. Restarting the routers appears to fix the issue for a day or so, but then repeats. We have the most up to date firmware and have tried SSL VPN's to see if that makes a difference, but it has not.
0
Hi All,

I need some assistance setting up the below. I've got 3 "subnets" to set up internally. All must be able to reach the internet through the suppliers router.

The networks are 2x /26 and 1x /27. VLANS 601 & 603 are desktop pc's. VLAN 602 will be Cisco phones. 601 and 603 do not need any seperation, they're just to cover the seperate DHCP ranges. DHCP will be provided by an external source (hopefully) through a VPN setup on the ASA Firewall. I'm looking to setup outside interface, inside interface and access for all vlans.

Is anyone able to provide a sample config on how I could get this working?

Network Overview
Thanks,

J
0
After deploying Sonicwall SSL-VPN on a NSA 2400, an user thats been imported from Active Directory is unable to log in.  The problem has been isolated to the fact that in AD, the user has Log On To exclusions for PC's. After disabling this, the user is able to connect to SSL-VPN.  The question at hand is how can SSL-VPN be used along with the Log On To.  The user needs to be restricted via AD.
0
Hi all,
I have a FW problem,
I've got two fortigate firewalls connected by IPsec VPN which is working great. users can connect to the main site also with SSL VPN. The problem is that when an SSL VPN user can't get to the remote site computes,
The main site address is 192.168.1.0/24,
The remote site address is 10.0.0.0/24
The SSL VPN address is 172.16.0.(100-110).
The phase 2 in the IPsec VPN is configurd with 0.0.0.0 and I've tried all the policies from the cookboos I could find but I still can't get it to work. The SSL Tunnel is split and the remote site address is configure in it.
What am I doing wrong?
Is there any suggestions on how can I resolve it?

Thanxs in advance
0
I have a Visual FoxPro program running. it uses a local cursor engine.
To use the program from home, people use a VPN solution (openVPN)

Using this, we have poor performance.
We use lines with a 200mbit down and 50 mbit upload speed.  (vendor = Telenet Belgium)

The database has a traffic of 100mbyte totally  during a complete session, so it should fly.
However: on a 100Mbit network it works realtime. response times are very low.

Using openVPN, response times are like minutes.
The internet connection is real fast. So OpenVPN is what slows us down.

I put send and receive buffers to 0 in both server and ws config file. This fastenes the systyem up, but far..  far from enough.

There must be other settings to speed openVPN traffic up. But what can I do?
0
There are a LOT of VPN services available...
They all advertise  complete anonymity...worlds fastest speed...total security etc...
It's hard to figure out which one to go with...

My needs are...
I have cable TV but might dump it in the future...
I have Netflix and Prime...
I have a network of 7 computers, one Mac and one Linux...
My ISP is cable with 200 MB down speed...

I would consider setting up  my router with DD-WRT...

So...I am looking for opinions on the various VPN suppliers....who are you using and
is it doing the job for you...
0
Is it possible to configure the SSL VPN on Sonicwall such that all traffic will route through Sonicwall, except the networking printing, where it should go to the client's network printing ?

Currently, a remote VPN client can't print to his network printer if "Tunnel all mode" is on. It can only work if the setting is off.

Can I setup a routing table in SSL VPN to tell Sonicwall how to route a client's network subnet back to the client ?

Thx
0
What steps do I need to take to change the internet routing settings so that internet traffic is routed through an Always On VPN connection (whenever I am connected to the Always On VPN)?

Can this be done by configuring proxy server settings on the Windows 10 client computer that is connected to the Always On VPN connection?

I need to be sure that I can still connect to the internet whenever I am not connected to the Always On VPN.
0
BACKGROUND:
I run a small association, with about 400 members.  We're implementing new technology all the time, to support our vision for the future of what we want to do for members, and we have just recently invested in an HPE Proliant ML110 Gen9 server.  I'm the defacto "CIO" and tech guru, so I got to install Windows Server 2016, setup (so far) three Virtual Machines, and have just installed Microsoft "CAL's" to allow access for RDP clients.   We host an accounting application for a few of our members, and we want to increase those "mini-cloud services", including bookkeeping services.   Thus the investment in a new server.  

Each VM I have assigned a static IP address.  Our current Windows 10 Pro server allows users to login (up to 10) and run the application, from their personal desktop.  I wanted to beef up security, partitioning the disk into VM's, so each user doesn't even know their are other users on the server.   So, we recently purchased a Linksys Router -- an EA9400 wireless unit -- but the Linksys support folks tell me that the reason our RDP clients can't get access to the VM's is the router tables don't support a VPN connection; and that this is what we'll need to setup for them to get access.  

My plan is to have each user assigned to a unique IP port (not 3389, but something like 5000, 5001, 5002, etc. and for each entry, create a VPN table entry that routes the user to the correct virtual machine.   Seemed rather straight forward to …
0
I just implemented Microsoft Always On VPN within my Server 2016 network.

However, I am finding that I am not able to connect to this VPN from many places including public guest Wi-Fi networks. When trying to connect I get an error message saying that "The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g. firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem."

So far I have only been able to successfully connect to this Always On VPN network in around 15% of the places where I have tried connecting. Whenever I am unable to connect I receive the error message mentioned above and shown in the screenshot. Otherwise, everything works great as long as I am able to successfully connect.

So is it possible to change the ports that Direct Access VPN is using to more commonly used ports (such as 80 and 443) that won't be blocked and then using NAT or some other technique if necessary to convert these ports back to their original port numbers? The firewall that is being used in this network is a SonicWALL TZ600.

Always on VPN error
0
What steps do I need to follow to configure the Direct Access VPN to connect to the VPN before a user logs onto his/her Windows 10 laptop while outside of the office?

Or how can I make it so that the Direct Access VPN will connect to the VPN right after the user types in his/her username and password so that the logons to the Windows 10 laptops (while outside of the office) will be authenticated by the Server 2016 domain controller?

I would like to make it so that all logins to the Windows 10 laptops (while outside of the office) will be authenticated by the Server 2016 domain controller.

According to our corporate policies, the only places users are allowed to log in to their laptops is while at home and all users have internet access at home.
1
I just implemented Microsoft direct Access VPN within my Server 2016 network.

However, I am finding that I am not able to connect to this VPN from many places including public guest Wi-Fi networks. When trying to connect I get an error message saying that "The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g. firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem."

So far I have only been able to successfullly connect to this Always On VPN network in around 15% of the places where I have tried connecting. Wheneve I am unable to connect I receive the error message mentioned above and shown in the screenshot. Otherwise everything works great as long as I am able to successfully connect.

So is it possible to change the ports that Direct Access VPN is using to more commonly used ports (such as 80 and 443) that won't be blocked and then using NAT or some other technique if necessary to convert these ports back to their original port numbers? The firewall that is being used in this network is a SonicWALL TZ600.

Always on VPN error
0
I have a client environment within AWS, that uses a Direct Connect solution to connect to an external resource.  I have now been asked to create a VPN connection to the environment for a new resource for the web solution.
We currently have the direct connection associated with a Virtual Private Gateway, which is attached to the VPC that the solution resides.
Having not had a massive amount of experience with this part of AWS I'm a little unsure how i can proceed - from reading I can only have 1 VPG attached to a VPC at any one time - so creating a second VPG and creating the VPN connection on that is not possible. but if i create a new VPN connection on the existing VPG, will this work and how will the routing for this work to decide what traffic goes were after i add a route to the VPG for VPN traffic?
0
I have multiple OpenVPNs running on my updated Windows 10 workstation.  I did until they stopped working anyway.  I used to be able to get 3 TAP adapters working, then after a reboot they stopped.  I deleted all of them with "C:\Program Files\TAP-Windows\bin\deltapall.bat" and re-installed two adapters with "C:\Program Files\TAP-Windows\bin\addtap.bat."   Sadly, only the first one will connect.  A second OpenVPN connection fails with the following messages in log:

Thu Aug 23 17:01:07 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Thu Aug 23 17:01:07 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Aug 23 17:01:07 2018 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Enter Management Password:
Thu Aug 23 17:01:09 2018 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Thu Aug 23 17:01:09 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]100.100.100.100:1198 
Thu Aug 23 17:01:09 2018 TCP/UDP: Socket bind failed on local address [AF_INET6][undef]:1194
Thu Aug 23 17:01:09 2018 Exiting due to fatal error

Open in new window

(Actual IP Replaced above)
Note that it fails on LOCAL port 1194 -- the remote port for this connection is 1198, but it is the second connection.  There is a live connection on REMOTE PORT 1194, but I have no ide what that has to do with local port 1194.  It does not matter which adapter I delete or which remote port the VPN is on, it will connect any VPN on any adapter, but only 1 at a time.  All others fail with the above error.
I hope some expert can help, this is hurting my productions.
Thanks!
0
I am adding a branch location to my main office. I have a domain server in the HQ and now adding a domain server in the branch office and will set up a site-to-site AD replication.
I will need a VPN connection to do the replication; I do not want to replace my routers to a VPN router, rather would install the server VPN role and make a VPN connection between both host servers.

The domain server is a hyper-v server

Is this something you would recommend?
0
I have a sonicwall TZ300, that seems to be causing our AD server to peak above 90% when someone log's in on the SSL single sign on VPN.
The reason we believe it's the VPN SSO, is that the we can see on the server, CIAservice.exe hit 49% cpu usage. This service is the SSO agent that links to our AD.

Any idea how we can stop this from peaking so much ?

DC is windows 2012
0
We continue to fail a PCI scan on our Cisco ASA firewall due to cipher vulnerabilities as following (Note - all on UDP port 500,  TLS minimum set to TLS1.1);
- Weak encryption ciphers, such as DES or 3DES, were identified as supported on this VPN device.
- Weak Diffie-Hellman groups identified on VPN Device. Use Diffie-Hellman Key Exchange Group 5 or higher where possible, or the highest available to the VPN endpoints.

We use the Cisco Anyconnect client for connections, with all clients accessing AES256

After setting the firewall DH group level to 5 and Cipher security level to MEDIUM (no DES/3DES support) I am still seeing PCI failures due to DES/3DES and a DH group level of 2.
Can anyone explain this (and how to resolve)? Does the ASA require a reload to use the new settings?

Following is the cipher information from the firewall;
asa1234x# sh ssl cipher
Current cipher configuration:
default (custom): AES256-SHA:AES128-SHA
  AES256-SHA
  AES128-SHA
tlsv1 (medium):
  DHE-RSA-AES256-SHA
  AES256-SHA
  DHE-RSA-AES128-SHA
  AES128-SHA
tlsv1.1 (medium):
  DHE-RSA-AES256-SHA
  AES256-SHA
  DHE-RSA-AES128-SHA
  AES128-SHA
tlsv1.2 (medium):
  DHE-RSA-AES256-SHA256
  AES256-SHA256
  DHE-RSA-AES128-SHA256
  AES128-SHA256
  DHE-RSA-AES256-SHA
  AES256-SHA
  DHE-RSA-AES128-SHA
  AES128-SHA
dtlsv1 (medium):
  DHE-RSA-AES256-SHA
  AES256-SHA
  DHE-RSA-AES128-SHA
  AES128-SHA
asa1234x#
0
every now and then the ikev1&ikev2 settings on the outside interface disappeared and the vpn stopped working.
has any of you seen such issue?

only way i fix it is to re enabled by ticking the checkboxes via asdm.

devices used: cisco asa5506

please advise.
0
I have an Asus RT-AC68U, it works really well. For a while I've been using the DDNS service and PPTP to VPN home, when needed.
We've recently upgraded our home internet service, now my WAN IP is an internal, private address - 192.168.0.4.
I can still surf, no issue, but I can't use either DDNS for PPTP.

Any ideas?

Thanks,

Frank
0
Anyone here have experience implementing and managing a good parental control app on their child's iOS device(s)?

I'd prefer one that does not utilize a VPN (too easy to disable) and does not require the client to be on wifi. It should function on both LTE and WiFi. I don't care if the product is overly complex. I just want a reliable tool to be able to monitor usage, disable Internet access on the fly, potentially set time limits at the app-level and make sure the entire app can't be easily skirted by my kid.

There are so many different products on the market, there are hundreds of unhelpful review sites and the actual app-store 'user reviews' are full of negative comments made by people who have minimal technical experience. It's made the process of narrowing down the selection, extremely cumbersome.

I'd like to hear your personal experience with specific apps and what the shortcomings were that you ran up against. I expect I'll have to make concessions as far as functionality goes, so I'm hoping to hear about potential dealbreakers.
0
ipsecvpn.JPG




We  have  a network similar  to the diagram  shown above ,,
And  we  want  to configure IPSEC  IKv1 VPN between 2  sites .  we  have  A cisco  4321 Router at Branch A and  A Palo Alto firewall on  the  other end  …

After  doing  the well known configuration provided by Cisco at

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/119425-configure-ipsec-00.html

we found  that  we  still could not  form  a successful a tunnel  between sites ,,   ..  
we  think that  there  a hope or a firewall somewhere in the  WAN path  blocking or  filtering
the  IKEv1  traffic  and  ICMP

so  the Questino consist of  two  parts :-

First :-   Kindly  provide  us  with  your suggestion regarding the proper an optimim configuration for the
Devices  at  both ends

Second :-   In  the  WAN  how  could  we  specify  the hop that  filter that traffic exactly ?
                          We  want  to prove that one hop is blocking or filtering IKv1 and ICMP traffic
              Then how could we find and prove that it  prevents specific data traffic  ?
0
Hi, I have a L2TP VPN server set up on a windows server 2012 R2 box. For some reason the transfer speed to clients are capping out at 10mbps although we have an unthrottled internet link of 100/100. Is there any way of increasing the max speed of the vpn connection? The client is connecting from a 100mbps connection as well.
0
For Cisco AnyConnect VPN access to work, I'd prefer not to buy a 2nd computer and keep it fully patched.

I considered maybe making a separate "Work User" on my home pc and only use it for VPN access.

However, theoretically,  because my everyday windows user profile has admin rights, should it become infected, it could write startup items for other users on the same machine.  And, I suppose it could infect the boot loader.  (I'm not sure how likely that scenario is).

Because Cisco AnyConnect VPN has lots of system requirements, I'm guessing I couldn't boot from a BART_PE flash drive.  (Does AnyConnect verify windows patch level and anti-virus status - stuff that wouldn't be up to date on a windows flash drive)

What's my best option?

Thanks in advance for all thoughts and opinions.
-Mike
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.