OpenVPN is a very powerful free VPN solution that is supported on Solaris, Linux, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Windows 2000/XP/Vista. I tried the Open Source SSL/TSL-based VPN software on Windows Vista x64 and SuSE Linux 10.1. I think the fact that OpenVPN is available for so many different platforms alone makes it an interesting alternative to commercial products. Can you believe that Cisco’s VPN solution, one of the most popular VPN products, doesn’t run on Windows Vista x64? They don’t even plan to release a 64-bit version. Well, OpenVPN does, albeit only the latest version 2.1, which is still a release candidate.

I tried to install the OpenVPN 2.0.9 client on Vista x64, but I wasn’t able to get it running. The installation procedure already complained that there are compatibility issues with the TAP driver (bridged tunneling). I also had a few issues on Vista x86, not with the driver, but with routing commands. Because I read that OpenVPN 2.1 has better Vista support, in particular for 64-bit, I didn’t bother with those problems for too long, but installed OpenVPN 2.1_rc15 instead.

(more…)

In my last article I listed all important features of DirectAccess. Today I will share some experiences I made when I placed a little with it.

DirectAccess has to be installed as a feature on Windows Server 2008 R2. I wonder why it is a feature and not a role, considering that it is recommended to use DirectAcess on a server that has no other function. I must admit, I still don’t understand the difference between server roles and features.

It is interesting to note that two network interfaces are required, which indicates that DirectAccess has firewall functionality. One network card is usually enough for VPN. DirectAccess also complained that I have no Public Key Infrastructure. After I installed the Certificate Server role on the same machine, the DirectAccess setup was satisfied. The setup wizard then let me configure the user groups that are allowed to use DirectAccess.

(more…)

DirectAccess is a new feature of Windows 7 and Windows Server 2008 R2. It has the same purpose as VPN, i.e., it allows users to connect securely to the corporate network through the Internet. The main difference is that the connection is established in the background without requiring user interaction. This article is mostly a summary of Microsoft’s white paper Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. I also installed DirectAccess on Windows Server 2008 R2, but since there is no technical documentation yet, I had to postpone more detailed tests until Microsoft provides more information. In my next post I will share some practical experiences.

(more…)

Microsoft acquired Whale Communications in 2006. Its SLL-based VPN appliance became Intelligent Application Gateway (IAG) 2007. Wikipedia gives a good overview of this product. Basically, it is a Web application firewall and endpoint security management solution offering more sophisticated features than the ISA Server. According to Microsoft, the new features of IAG 2007 SP2 are simplified deployment, interoperability for environments not running Windows, enhanced application support, improved user experience, and improved performance. You can download IAG 2007 SP2 or try it in a virtual machine.

Poptop is an open source VPN server supporting Microsoft’s PPTP (Point-to-Point Tunneling Protocol). It allows you to use a Linux Server as a VPN Server for Windows machines. This way you can encrypt any communication between the Linux server and your Windows workstation easily. You can use NAT (Network Address Translation) to hide your workstation’s IP address when you access the internet thru the VPN Server. Windows comes with a built-in and easy-to-configure VPN client. Nothing has to be installed on the Windows machine. In this post, I would like to share my recent experience installing Poptop.

(more…)