@dafyre it's a good one.

@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:

@dashrender said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:

@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:

@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:

Thanks to @Dashrender for the assist. It looks like the problem was authentication. I authenticated to the VPN using domain\username rather than using the User Principal Name. Doing the latter allowed me to reach DFS shares.

Woops, that's crazy but definitely there is an issue with DNS

huh?

If the user cannot login with UPN there is an issue with DNS.... As you should be able to use domain.com.

User can login with UPN. They were using the old domain\username method rather than UPN, which apparently caused problems with accessing stuff via the DFS namespace.

@dashrender said in PORT - Rant about unsupported OS connecting to company VPN:

@dustinb3403 said in PORT - Rant about unsupported OS connecting to company VPN:

Why did it take 30+ calls to find out that the doctors personal equipment is running Ubuntu?

It took 30 calls and a 6 hour round trip to discover it was running Ubuntu - because their remote access solution wouldn't work either - likely because local kid didn't want them to know it Ubuntu - he was likely saying - aww, those idiots at the hospital, they don't know anything, Ubuntu will run anything.. LOL

Even if the application that the hospital is using, was built for Windows 2000, has no bearing on the matter of the VPN dropping the client.

Why the vpn server didn't have logging to say it was dropped because it was a blacklisted OS or anything else is the part that is insane. Even Cisco has this functionality. . (lol.. . )

@ambarishrh Thanks. I just sent him that link to check it out.

@zubairkhanzhk you're welcome!

And the actually question here is.....

@syko24 free... and useless:

Limitations of the free license:

The free license is limited to five locks per day which means the free edition defends your system against five unique attacks per day. [...] The free license does not contain reporting (like the PRO edition does).

Also, no official support for Windows Server 2016.

https://cyberarms.net/download-pricing/installation-configuration.aspx

Doing a bit of reverse name matching... I may have it now.

@Tim_G said in Installing VPN access on Windows Server 2016:

I don't remember experiencing or hearing about an MS RRAS server that was compromised or hacked do to the fault of the MS Software directly. It's always been because of dirt poor implementation and security oversights... connecting a Windows server directly to the internet, .....

If you consider exposing the server as a mistake leading to compromise, that's really the point that we were making 🙂

Hak5 OpenVPN Series: http://www.youtube.com/playlist?list=PL9Gx4S6DDjBvoIpQZiAhdRFpZ0yztZJms

I've used tor, it's functional, but removes a lot of what most people consider useful from most websites.

Thanks @Mike-Davis

That is just want was needed. added it to my other script and works great thus far.

@Dashrender said in Considering a New VPN:

@JaredBusch said in Considering a New VPN:

@scottalanmiller said in Considering a New VPN:

@JaredBusch said in Considering a New VPN:

@scottalanmiller said in Considering a New VPN:

@JaredBusch said in Considering a New VPN:

@scottalanmiller said in Considering a New VPN:

@Carnival-Boy said in Considering a New VPN:

Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?

ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.

This is not true, ZeroTier has gateway functionality.
https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

I was leaving that out for simplicity as he's not going to build custom Linux systems for this.

Why? Because a single VM setup as a gateway means that ZT now meets all needs also.

No different than replacing a router, etc.

I've not used it, does it require you to change your IP range or can you keep what you have?

The biggest recommendation is to make it inclusive of your LAN subnet so make life easier. I've not had the time to set it up on my lab yet.

I use ZT in a number of places, but not using the gateway anywhere yet.

Right, so being inclusive means that you did follow Scott's recommendation, only that you bent ZT to the current setup, instead of making a whole new IP setup with this in mind.

Did that solve all of the Windows DNS issues?

I have no idea WTF you are talking about. You are implying and inferring things that are not being discussed here.

@scottalanmiller for the sake of this thread, the link shows both ERL and ERPro

Viscosity is a nice OpenVPN client

@art_of_shred said in Thoughts on a Ubiquiti/Cisco comparo?:

This is just a project. What's the line? "Not my circus, not my monkeys"?

I think it goes "not my circus, not my Sonicwall".

We use Cisco Any Connect that authenticates against AD, but is not tied to any kind of GPS and it works for us just fine. Except for deployment, I see no need in using GPS.

If we use GPS for anything, it's with RADIUS for our wireless network. That works in one location but not the other. And this is only because both locations have different wireless systems and in how each system implements RADIUS and authenticates a laptop against an OU.

Yeah, WTF?

Are you connecting a permanent IPSEC tunnel with some other network you do not control?