VPN, FTP, or remote desktop

[xfile]

Hi,

I have been searching and testing a networking solution primarily for file
sharing and intranet web site development for a while.

However, I am getting more and more confused about what is the ideal
approach(es) for our tasks. Appreciate those who have helped answering many
questions before but would like to clarify all the confusions, if possible.

The following are our wishes and current situations:

(1) We have two work locations and each one has its own wireless routers
(Buffalo WBR-G54 and WBR2-G54) for LAN and Wireless connections, and each
location has its own DSL service and also has an ISP assigned static IP
address.

(2) All computers belong to the same domain but not all are at the same
physical location.

(3) One location has a Windows 2003 Server (Standard) but not always on and
will be turned off once a while. All other computers are using XP Pro. DHCP
server function is done by the primary router of each location so does the
Default Internet Gateway. DNS server is also done by the two primary
routers and Win 2003 also serves as the intranet DNS server.

(4) All client computers can browse and use others' shared folders without
any problems, and if them all at one location where the server sits, they
can share folders as well.

(5) All computers can access to Internet without any problem.

Questions:

(1) If for file sharing purpose (such as access a shared folder or an
employee wishes to access his/her second computer at a remote location),
what is the ideal approach for the networking method between the two sites
and at another location? Specifically, will it be the VPN, remote desktop,
or FTP?

It seems all of the three can accomplish this with different levels of
complexity. We have not set up VPN yet, but tried FTP and remote desktop
and seems both can accomplish the task, except we have not tried from "pure"
internet environment yet - that means sitting at a cafe shop and try to
access

(2) If someone is trying to edit the intranet web site sits in the Win 2003
server, will VPN be the only approach?

(3) In our case, do we need anything like Dynamic DNS or something similar?

(4) Finally, can someone point us to where can we find tutorial materials
that fit into our situations? We have tried many but seems to be more and
more confused now.

Many thanks in advance.

 

[Sooner Al [MVP]]

Well, I would recommend a VPN versus FTP simply because of security issues.
You could also look at using Secure Shell (SSH) versus VPN. It would still
require a PC at either site to be running as a SSH server for remote access.

Remote Desktop to individual PCs is a good choice simply because of the
flexibility and the fact the native RDP data link is encrypted.

FTP is not encrypted natively although there are, I believe, secure FTP
options out there. Personally I don't think FTP is a good choice.

If your budget allows there are VPN end-point type routers that would...

* Allow a site to site VPN tunnel to be setup independent of the
availability of PCs at each site.
* Allow remote client VPN tunnels to be setup to either site.
* Include a wireless network function for the two different sites either by
adding a wireless card to the router...

http://www.zyxel.com/product/model.php?indexcate=1037588623&indexcate1=&indexFlagvalue=1021873683

....using the existing Buffalo access point/routers as access points only and
plug it into a port on the end-point router...

http://www.zyxel.com/product/model.php?indexcate=1082973192&indexFlagvalue=1021873683

....or built-in wireless...

http://www.linksys.com/servlet/Sate...818868&pagename=Linksys/Common/VisitorWrapper

My personal solution for secure remote access to my *home* LAN is to use
Secure Shell (SSH) and run Remote Desktop through the SSH tunnel.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[xfile]

Hi,

Many thanks for your kind reply.

I guess our immediate choice will be testing on the possibility of remote
desktop for accessing individual systems, using your suggestions on the
other post.

I was told the WBR and WBR2 provide some VPN functions but could not find
any appropriate configurations assistance from their technical support.

If the cost of recommended router is not too expensive, we might be able to
get one but we already have more than needed routers.

Would appreciate if you or someone could also point us to where could we
find some tutorial materials for putting everything together including
router, Windows 2003 server and XP Pro.

It seems to be easy for experts but we know that as long as one part is
being configured incorrectly, there will be no connections and it's so
difficult to know which part is wrong.

Many thanks.

 

[Sooner Al [MVP]]

Note the WBR-G54 (which I have) and the WBR2-G54 do not natively support
multiple VPN tunnels through the router. In fact my WBR-G54 is problematic
getting a PPTP VPN tunnel through the router even though Buffalo claims it
works. It comes down to a firmware issue, at least for the WBR-G54, and not
passing GRE Protocol 47 traffic. No WBR-G54 firmware version I have tried
works as far as letting me get in to my home LAN with a PPTP VPN.

That is why I went to a Secure Shell (SSH) solution to for remote access of
my home LAN. With SSH I can access any of my desktop PCs with Remote Desktop
(RDP) through the SSH tunnel. The advantage is I only need to open one port
on my router, ie. TCP Port 22, to do this...

http://theillustratednetwork.mvps.org/Ssh/RemoteDesktopSSH.html
http://theillustratednetwork.mvps.org/Ssh/Private-publicKey.html

Another very nice SSH client that supports RDP natively and SSH File
Transfer Protocol...

http://www.bitvise.com/tunnelier.html

You can also access multiple desktops through a router by opening multiple
ports on the router...Of course you expose more of your private LAN this
way...

http://theillustratednetwork.mvps.org/RemoteDesktop/Multiple_PC_RD.html

There are third-party firmware versions that may provide a VPN end-point
function for those two routers. I have never used them so I can't say if
they work or not.

As far as setting up a Windows 2003/XP Pro box as a VPN server you would
still run into the issues with the routers. Beyond that see these links for
help...

http://www.onecomputerguy.com/networking/xp_vpn_server.htm
http://www.onecomputerguy.com/networking/xp_vpn.htm

http://www.broadbandreports.com/forum/remark,15190829
http://www.broadbandreports.com/forum/remark,15144756
http://www.broadbandreports.com/forum/remark,14418801

Also check the...

microsoft.public.windows.server.general
microsoft.public.windows.server.networking

....news groups...

Testing PPTP VPN links using "PPTP Ping". See the "PPTP Ping" and "VPN
Traffic" sections in this Cable Guy article...

http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx

Lastly some SSL VPN solutions...

http://openvpn.net/
http://3sp.com/showSslExplorer.do

SSL-Explorer was quite easy to setup and it natively supports RDP through
the tunnel. I have never use OpenVPN...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[xfile]

Hi,

Thanks again for your detailed suggestions.

The firmware issue of WBR series is familiar and I kind of remembered
reading it from the net.

So I guess we need to buy one (or two?) routers for connecting the two
locations or from another remote location.

Is there a less expensive wireless router that is designed specifically for
these type of task and for the use of dummies?

I sincerely hope ZyXEL is not too expensive and not too difficult to set up.

Will study in great details about those links.

Many thanks and really appreciate your kind help.

 

[Sooner Al [MVP]]

Thanks for the feedback.

Yes I had seen that FAQ when I first installed my WBR-G54 a long while back
now and it should work. BUT, If it takes placing the server PC in the DMZ
then I don't do that. There should be no need to do that if the router
actually passes GRE Protocol 47 traffic.

If your PC is in the DMZ then you need to be running a software firewall to
protect the PC...

As I noted before I run Remote Desktop through a Secure Shell (SSH) tunnel
and that works very well..

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[xfile]

Hi,

Just a quick update.

We have succeed on using remote desktop across the site

To share with you, this link from Buffalo teaches how to configure VPN
pass-through: http://www.buffalotech.com/support/faq.php#16

Please noted that the Q&A does not mention about configuring DMZ while our
test and their technical support confirmed, DMZ has to be configured as
well.

We also checked with Buffalo that their WBR series do support PPTP VPN.

At one point, we did connect to VPN server, but we could not use shared
resources and lost the internal LAN and so on.

So we decided to abandon VPN for a while until we tried if using port
forwarding and one NIC as other suggested could make any difference.

At this time, remote desktop is wonderful.