|
||||||||
Brandon Holland wrote > > Does M0n0wall's pptp server work with windows clients? Or > should I redirect all pptp connections to my main office > server and from there authenticate everyone? > Windows clients works, though there have been some trouble with XP and packet loss. But I don't think everyone has had this problem. Redirecting should also work fine, but if you only want the central authentication, let m0n0wall handle the VPN termination and use a radius server for authentication... Termination the VPN connection in the firewall or in a DMZ is safer than terminating it on your LAN. > What are the benefits to each situation if m0n0 supports > windows clients in both situations. > Well, first off you would ease the load on m0n0wall if you redirect VPN traffic to a central server, though I think the overhead is minimal(dependig on how many concurrent connections you plan on supporting(16 max)). If you plan more connections, a central server(dedicated?) would do the trick, preferrably located in your DMZ. For a small and simple setup, let m0n0wall handle it. Less fuzz. > BTW, can Windows clients use IPSEC and how hard is that to configure? > Yes, but I have never tried this myself...and I don't know if windows supports this nativly. Windows supports PPTP out of the box, so this is surely an easy path to choose...PPTP is also much more flexible when it comes to roaming users(dynamic ip-addresses). Someone else may have some first hand experience on setting up ipsec on windows...? Magne |