Until recently, the small company I work for (~10 people) has relied on an IT resource to manage our network infrastructure. One of the last things he implemented before leaving was a VPN connection to our SVN repositories hosted inside the company firewall (so people could update and commit to SVN remotely). I wanted to expose a couple more resources via VPN (namely, we're revving up some internal Git repositories that we'll want to access through VPN), so I was exploring how to get that working.
While investigating how VPN had been configured for SVN, I found that we weren't using our SonicWall's VPN/SSLVPN – we were using our Windows Server 2008 machine's "Routing and Remote Access Service".
I'm pretty new to dealing with server configuration and firewall stuff, so I had a couple questions about this:
-
Is it "better" to use the VPN functionality built into SonicWALL or to use Windows "Routing and Remote Access Service"? By "better", I mean, are the two equivalent choices with one being a clearly superior option to the other?
-
If I go with SonicWALL, it seems that it would be better to use the SSL-VPN rather than the "normal" VPN option. Is that correct?
-
In a tutorial video, I saw that SSL-VPN through SonicWALL uses a web portal system to connect to VPN. With our current Windows implementation, anyone who wants to connect via VPN just creates a new VPN connection in their OS. If we use SSL-VPN, do we have to use the web portal, or can people still use their OS-configured VPN connections (like OSX's System Preferences > Network > VPN Connection type)?
Best Answer
The sonicwall vpn is better in my own opinion, why?
Your server load to do the job is gave to the router, which is optimized for that.
You keep only one device facing the internet, while with rras + a router you expose more gear to the internet.
The ssl vpn allow you to easilly configure the vpn as that mean you got a router that got a web portal, that you can create menu on it in case someday you decide to publish more ressource.
2 - No, its easier for the end user if they dont know hat they do, but both option work.
3 - Yes and no, as by default you need the sonicwall global vpn client, as it add another layer of security, but you can create pptp compatible configuration in the sonicwall. (and you got the vpn extension from the webpage, which is in reality an activex that autoconfigure the vpn)