[ previous ] [ next ] [ threads ]
 
 From:  "Magne Andreassen" <magne dot andreassen at bluezone dot no>
 To:  "'Brandon Holland'" <brandon at cookssaw dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] PPTP
 Date:  Wed, 7 Jan 2004 11:44:20 +0100
Brandon Holland wrote
> 
> Does M0n0wall's pptp server work with windows clients?  Or 
> should I redirect all pptp connections to my main office 
> server and from there authenticate everyone?
>  

Windows clients works, though there have been some trouble
with XP and packet loss. But I don't think everyone has had
this problem.
Redirecting should also work fine, but if you only want the 
central authentication, let m0n0wall handle the VPN termination
and use a radius server for authentication...
Termination the VPN connection in the firewall or in a DMZ is
safer than terminating it on your LAN.

> What are the benefits to each situation if m0n0 supports 
> windows clients in both situations.
>  

Well, first off you would ease the load on m0n0wall if you 
redirect VPN traffic to a central server, though I think the
overhead is minimal(dependig on how many concurrent connections
you plan on supporting(16 max)). If you plan more connections,
a central server(dedicated?) would do the trick, preferrably
located in your DMZ.
For a small and simple setup, let m0n0wall handle it. Less fuzz.


> BTW, can Windows clients use IPSEC and how hard is that to configure?
>  

Yes, but I have never tried this myself...and I don't know if windows
supports this nativly. Windows supports PPTP out of the box, so this is
surely an easy path to choose...PPTP is also much more flexible when it
comes to roaming users(dynamic ip-addresses).
Someone else may have some first hand experience on setting up ipsec
on windows...?


Magne