10

Given:

  • A multi location company. Every office has local routers that connect to a central VPN capable router in a data center.

All fine so far. We now need to move a computer off site into a hosting center across the globe, to get it closer to some supplier computers we work for. it will run limited logic but latency is important, and our latency so far is too large.

This computer will be in a data center and does not require incoming connections except for administrative purposes, although it needs outgoing connections. I have no real chance to put one of my VPN routers there, sadly - otherwise I would have no problem. Usage of RRAS is not recommended (we had various probblems there over time). I could deal with it. The computer MUST integrate into the corporate structure via VPN and join the domain and be fully "tracked" (controlled for performance).

What is the best suggestion? So far it looks like my best bets would be to log in via RRAS and deal with whatever issues arise there plus use the local firewall the limit incoming connections to this computer to what is needed (which runs down to an emergency RDP connection allowance). Anyone a better idea?

Moshe Katz
  • 3,112
  • 5
  • 28
  • 43
TomTom
  • 51,649
  • 7
  • 54
  • 136
  • What type of VPN is the router using? Can't you just configure the computer to connect to that VPN directly? – devicenull Nov 27 '11 at 16:07
  • I can handle pretty mjuuch every typ eof VPN (it is a Mikrotik router). I could set up direct connection to the company networks (i.e. the computer dials in), but somehow I dont have the best experience with windows RRAS... – TomTom Nov 27 '11 at 19:15
  • RRAS is the VPN server, which I don't think would be involved here. You'd need to setup the client on the remote server, but that does not make use of RRAS. – devicenull Nov 27 '11 at 23:57
  • Time to give it a try. – TomTom Nov 28 '11 at 05:09
  • Hmm perhaps you should check with the datacenter folks if they can create a VPN to that segment to your Microtik for you - I have found that our co-locators are more than happy to do that kind of thing... – ColtonCat Feb 03 '12 at 02:21

2 Answers2

1

Have a check to DirectAccess technology: http://www.microsoft.com/en-us/server-cloud/windows-server/directaccess.aspx

Danilo Brambilla
  • 1,031
  • 2
  • 15
  • 33
  • Requires to my knowledge iinternal use of IpV6 which we do not ahve at the moment. IT is also not able to be done for the moment due to router limiatations - which wil lbe handled in one of the next major releases, but that is a year away in the worst case. – TomTom Jan 30 '12 at 16:29
  • no it runs also on ipv4 by encapsulating ipv6 into ipv4. Read here: http://technet.microsoft.com/en-us/library/dd734591(WS.10).aspx – Danilo Brambilla Jan 30 '12 at 19:39
  • Yes, but it does reqquire to use an internal IPV6 network. I can not movy my internal invfrastructure over at the moment. Need to wait another 1-2 releases of the router firmware for some missing features. – TomTom Jan 31 '12 at 05:01
  • 1
    Ok, fixed with server 2012 ;) Doing ;) – TomTom Dec 29 '12 at 14:22
0

I'd set it up to use OpenVPN to connect back to your Mikrotik. You can set it up as a boot service.

I do something similar with a hosted machine outside of our network. Much better than mucking around with RRAS in my experience.

OpenVPN at startup

quadruplebucky
  • 5,139
  • 20
  • 23
  • -1. Why should I set up OpenVPN when WIndows has compatible VPN technologies already on board? RRAS at least gets maintained by MS - no additional searchng and updating. – TomTom Dec 29 '12 at 14:21