Return to Level1Techs.com

PPtP VPN

Hey All

Does anyone have any input/experience on PPtP VPN methods. have been looking to switch to something new. Would prefer a hardware appliance, as what we are currently using is software based in a VM.

I’d suggest moving to IPSec, perhaps on a pfSense platform. Maybe if you shared a bit more of the scope of what you’re trying to do I can suggest a better solution.

@xradeon So currently remote sites are connected using Kerio VPN tunnels, Wanting to switch to something new as Kerio cannot run on anything newer than VMware ver6.

Have been tossing between maybe using edge-routers and setting up IPsec tunnels using those.

But we are also looking at using a Sophos firewall at the main site and then using the Sophos Red devices at the remote sites to connect back to the main. Sophos is just really pricey, but the set up looks to be pretty foolproof

I guess my title is a little inaccurate.

Also of note we have appox 30+ remote sites.

I think the edge-routers would work just fine, just make sure you look at IPSec throughput performance on it if you need to push a high amount of bandwidth through the tunnel. Unifi can do auto VPNs between sites if you really want a simple solution. You lose features, but it’s easier to setup.

I have not done the Sophos Red solution, but we almost went with it once. It did seem very slick, it just didn’t tick a few boxes we needed that our current Cisco routers could do (needed 802.1X support to auth clients wired into the remote sites). It’s is probably a bit pricey for what you need and I think it forces you into a support contract.

I second that.

Don’t run PPTP because basically it’s not secure at all. Especially if you’re doing a new installation.

You want to run at least L2TP/IPsec or something else that is secure. We run L2TP/Ipsec here as it is built into Windows, iOS, macOS, etc. No third party client install required.

Basically read this for yourself:

@xradeon Yup I just noticed that Unifi can set up the auto VPNs as well. May be a good choice as most of out network is Unifi already.

@thro Yea. I put my title/first post a little misleading/inaccurate. I was getting at wanting a point to point VPN tunnel.