PDQ Link
-
Great info, thanks for sharing.
-
@Ambarishrh said in PDQ Link:
The only catch I could see is the mandatory port 443 as per their site
The majority of work for Link is done with our installer, but there is one bit that will have to be done by you or your network team. Your external firewall will need to route incoming TCP 443 to your PDQ Link server. 443 is the only port SSTP can utilize. This configuration is mandatory to allow your external clients to connect.
If you already have another service on 443 with a public IP, we need to use an additional IP for PDQ link.
That is what inbound proxy servers are for.
-
AD only. Odd.
-
From the main site, it seems like it is basically a limited, AD-connected VPN.
-
This has piqued my interest as well. Might be a good option for people in their key demographic. I will be attending the webinar on Thursday to learn more.
-
@scottalanmiller said in PDQ Link:
From the main site, it seems like it is basically a limited, AD-connected VPN.
That's what it seems like to me. But I don't see that as a bad thing for primarily windows shops.
-
PDQ Link is an add-on for the W.F.H. era. It keeps PDQ Inventory and Deploy usable so they do not lose market share.
It being integrated with AD makes perfect sense for their use case, as their product suite is for updating/managing Windows devices
-
@jaredbusch said in PDQ Link:
@Ambarishrh said in PDQ Link:
The only catch I could see is the mandatory port 443 as per their site
The majority of work for Link is done with our installer, but there is one bit that will have to be done by you or your network team. Your external firewall will need to route incoming TCP 443 to your PDQ Link server. 443 is the only port SSTP can utilize. This configuration is mandatory to allow your external clients to connect.
If you already have another service on 443 with a public IP, we need to use an additional IP for PDQ link.
That is what inbound proxy servers are for.
digging an older topic as I am testing this now. Regarding inbound proxy
, what would you suggest to be used? -
@ambarishrh said in PDQ Link:
@jaredbusch said in PDQ Link:
@Ambarishrh said in PDQ Link:
The only catch I could see is the mandatory port 443 as per their site
The majority of work for Link is done with our installer, but there is one bit that will have to be done by you or your network team. Your external firewall will need to route incoming TCP 443 to your PDQ Link server. 443 is the only port SSTP can utilize. This configuration is mandatory to allow your external clients to connect.
If you already have another service on 443 with a public IP, we need to use an additional IP for PDQ link.
That is what inbound proxy servers are for.
digging an older topic as I am testing this now. Regarding inbound proxy
, what would you suggest to be used?First I try to simply do it through Cloudflare, and use a Cloudflare origin cert on the end device.
When I cannot use Cloudflare, I like Nginx for most things. Single purpose, etc.
Certain users here like Caddy. It tries to be "magic". I'm not a fan of that in general.
-
@ambarishrh said in PDQ Link:
@jaredbusch said in PDQ Link:
@Ambarishrh said in PDQ Link:
The only catch I could see is the mandatory port 443 as per their site
The majority of work for Link is done with our installer, but there is one bit that will have to be done by you or your network team. Your external firewall will need to route incoming TCP 443 to your PDQ Link server. 443 is the only port SSTP can utilize. This configuration is mandatory to allow your external clients to connect.
If you already have another service on 443 with a public IP, we need to use an additional IP for PDQ link.
That is what inbound proxy servers are for.
digging an older topic as I am testing this now. Regarding inbound proxy
, what would you suggest to be used?This isn't that simple, you need a proxy that supports TCP streams, unless SSTP behaves just like HTTPS. You'd need to talk to PDQ support to get more details. If you do end up needing TCP streams, I think Nginx, Traefik, and Haproxy all support that, and there's a mod for Apache too, but if I recall it correctly, it was specifically for MSRPC, so Exchange OWA or RDS.
