I’ve inherited an aging environment that has out of date systems like WEP APs and PPTP VPNs in place.
What is the most straight-forward VPN option? It’ll need to support Windows 7 (as a stopgap), Win10, macOS and iOS.
Any suggestions are welcome
OpenVPN is super simple and also has clients for every OS imaginable. A lot of firewalls (eg. pfSense, watchguard) actually have OpenVPN baked in as their primary VPN server. Wireguard is the shiny and new. Both will do what you want effectively.
OpenVPN.
Wireguard may be technically better, I’ve not tried it.
Windows Server can also do SSTP or L2TP. You also have your firewall appliance.
FortiGate’s SSLVPN is pretty painless.
-
PFSense VM
-
Install wireguard on it
-
Setup a route on the router so it can route to the PFSense VM, as well as a port forward.
Only downside to Wireguard is you need to do a bit of configuring for each client, if there’s too many then look into using OpenVPN with the client export extension and point it to a RADIUS server instead (I’m assuming there’s an internal windows AD).
Wireguard is the best option, and probably the future when it comes to vpn.
Run it on linux or docker.
Sstp with let’s encrypt cert for auto renew.
We have some Linux computers. No nothing on mac’s.
Openvpn has shit documentation to help you troubleshoot issues.
Is there any way you can remove the VPNs from the server to a capable router at the edge of the network? If so, then work with what’s available for your business-grade router(s).
As much as possible avoid having anything within your internal network open to anything on the Internet - and if you have something that can’t be completely invisible from outside, look into what you can do to restrict or filter access to it (e.g. via something like Cloudflare’s Web Application Firewall or URL filtering).
100% Openvpn .
Years ago a vendor quoted something ridiculous on a per user per month cost basis which over 5 years would have been about 1 million
Setup pfsense vm, even has 2fa and OTP, openvpn client for any OS. Setup in a few hours. Open source ,free, work’s better than any paid solution I tried.
This. Assuming it’s a server already hosting the PPTP, L2TP is pretty much add a passphrase and change up firewall ports. Not perfect, but FAR better than PPTP.
I’ve been using OpenVPN on pfSense for years. While WireGuard is the new hotness, I think OpenVPN is a bit easier to configure (and with pfSense, you can use the built-in Certificate Authority support, which makes everything even simpler).
Have you implemented PFSense in a business setting? did you buy the support package?
I love wireguard but that windows client needs some love!
Run it on linux or docker.
any reason specifically for running it in Linux vs just putting it on one of my hyper-V instances? just curious
Not very painless to support sstp for mac clients.
Wireguard support is built into the Linux kernel.
You can run Linux VMs in Hyper-V. It also doesn’t cost anything in additional licensing to run it there. Windows server licenses on HyperV hosts only applies to Windows Server VMs. You can run as many Linux VMs as you want as long as the hardware can handle it.