I'm in a bit of a bind with my old PPTP RRAS VPN server—it finally doesn't work on iOS, which has been overdue for an upgrade! I've tested a few modern setups with new VMs:
- L2TP with PSK is okay, but the NAT-T problems mean I have to manually tweak registry settings on every Windows PC. That's such a hassle, especially for personal machines where users are confused by tech.
- SSTP is a viable option since I learned how to set up Let's Encrypt certificates. I'm considering investing in a paid cert for reliability, but I'd like to avoid the learning curve of certificate renewal if possible.
- My firewall has a built-in VPN server that supports SSL and other options, but deploying clients can be a nightmare for users with personal devices. Updates down the road would also be a pain.
- OpenVPN is also available, but getting clients installed is another hurdle I'd rather not jump through.
Looking for some advice from the community on what to choose! I realize security is a big concern, but honestly, I want a solution that both users and IT staff find functional and user-friendly. Honestly, the simplicity of the built-in Windows client feels like a thing of the past!
5 Answers
I personally prefer a firewall that handles VPN connections directly. This way, you can manage all your connectivity rules from one place, which is far more efficient. If you're leaning towards a cloud solution, something like Tailscale or ZeroTier might work out better, especially if your setup isn't strictly on-premises.
Have you considered Tailscale? We switched to it about a year ago, and it's been fantastic. The deployment and management are super easy, and while there's a cost involved, it's manageable unless you're going for a more complex setup like Zero Trust.
Honestly, it's time to reconsider using traditional VPNs and look into Zero Trust Network Access (ZTNA) solutions. They provide better security and control for modern remote workforces. You might find it more beneficial in the long run.
That's a fair point, but even a well-configured VPN can provide some level of Zero Trust if you set it up right.
If you're looking for something straightforward, the built-in Windows VPN with SSTP is a solid choice. You can 'deploy' it using PowerShell, which is just a couple of lines. It keeps things simple while also handling the necessary authentication.
You can use free Let's Encrypt certs but be prepared to automate the renewals.
What about the certificates? Are you using Let's Encrypt or something you have to buy?
You could also check out WARP, which is free for up to 50 users. It's straightforward and can integrate with tools like Intune for easy deployment. Plus, there are plenty of other open-source options like Netbird or OpenZiti that might fit your needs.
While ZTNA is great, I don’t need complex security for what I’m doing—reliability and ease are my main focus.