I'm using a Mikrotik hAP AC as a home network router with good results. Chris On Fri, Aug 25, 2017 at 08:54:18PM +0000, Billy Irwin wrote:
Can you elaborate on the 10MBPS issue? Mine are gigabit. It has no limit on the speed or connections.
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Katherine M. Moss Sent: Friday, August 25, 2017 2:37 PM To: 'Blind sysadmins list' <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] Direct access Windows server 2016, anyone?
My friend's roommate has a Microtech router; it's actually on the edge; we were so concerned with consistency of hardware (everyone else including me use Ubiquiti routers, which we love), that he never thought of that. I mentioned OpenVPN. But the problem for clients is that it would kick the network down to 10 MBPS. We have about four residential sites (in four different states if that matters) connected to a datacenter infrastructure. Not to mention with different network speeds at each site, so nothing's consistent there.
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Billy Irwin Sent: Friday, August 25, 2017 2:17 PM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] Direct access Windows server 2016, anyone?
Hi Guys,
Have any of you tried MikroTik devices? I have their Core Router and Switch. I love their stuff so far. Haven't had time to get into their VPN but it looks to support all that you would ever want. A friend of mine who runs a 100+ 2way radio site system to connect each site uses their stuff for VPN.
Thanks,
Billy
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Scott Granados Sent: Friday, August 25, 2017 1:45 PM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] Direct access Windows server 2016, anyone?
I agree with what you???re saying.
When I said public facing I meant put a windows box on the network exposed directly to the Public internet. You could use a regular firewall of course (would never trust the Microsoft firewall) but the issue there is a firewall can be a choke point for denial of service attacks. I would however and do daily put Linux based boxes on the public internet, no hardware firewall, a well configured I-chains or ip filter, hardening of the services and so forth. If you are looking for a great VPN solution though that???s free to install and just requires a server definitely check out open VPN. I use this extensively in my home projects and love it. Good certificate support, nice big 16K bit keys, encrypted firewall and strong SHA512 hashing. If my demands are greater I???d go with a Pulse VPN or Cisco ASA maybe even a Juniper SRX. All 3 of these options also let you identify attacks and malware on the wire before it transit the security alliance so something like that might be good out front of a Microsoft cluster.
On Aug 25, 2017, at 1:34 PM, Mika Pyyhkala <Mika_Pyyhkala@nhp.org> wrote:
I am also thinking maybe you could use a different vpn solution. I don't think I have ever heard of a company that uses the Microsoft vpn. I know Cisco has a cloud solution. Maybe they even have some sort of trial or nonprofit discount.
It does seem like Windows builds in a lot of services that are there, but nobody really uses them in real life; they are just there for the books and the tests :).
Best, Mika @pyyhkala
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Scott Granados Sent: Friday, August 25, 2017 1:30 PM To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Direct access Windows server 2016, anyone?
Other than I would never put Microsoft Windows in a network facing roll, especially public facing. It???s to easy to own a windows box. I think the last time I checked on average a windows box will be compromised with in 12 hours of being attached to the network. I have a copy of a defense department manual that states the only acceptable security option for Microsoft based systems is to have them disconnected from the network, locked in a room and powered off.;) Oh and linux interfaces with active directory just fine. You can emulate all windows services and be or join domains etc. Of course, use what works for you I wasn???t meaning you should change. Just commenting that your thread made me count my lucky stars that I don???t live and or work in that MS hell. And in full disclosure, I am biased because I have seen first hand (I was in the room) Microsoft Windows kill someone. (As in dead, assumed room temperature, bag him and slab him and all that). The company I worked for at the time started a migration to Solaris the very next day. So be careful.
On Aug 25, 2017, at 1:14 PM, Katherine M. Moss <kmoss@winterhillsolutions.com> wrote:
I thank you for your opinion, but my infrastructure is already set up with active Directory and other things that we specifically want to use. Do you have anything specific networking wise to add to this thread?
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Scott Granados Sent: Friday, August 25, 2017 1:09 PM To: george@techno-vision.co.uk; Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] Direct access Windows server 2016, anyone?
Wow, this thread makes me happy that I???m a unix man myself and we use Linux across our enterprise.;)
In my last gig we managed about 5000 servers with chef scripts and Open LDAP and it was the bees knees. Especially m making bulk changes. Add puppet to this mix and you could also automatically provision the network hardware. I???ve tried to work in some of these windows environments and just can???t make it work for me so you both have my respect for putting up with an MS environment.
On Aug 25, 2017, at 4:39 AM, George Bell <george@techno-vision.co.uk> wrote:
Hi Katherine,
Having spent the last 6 months battling with our Windows Server 2016 Domain Controller here, you have my deepest sympathy and understanding. I feel that we almost have a hotline between ourselves and Microsoft's support in Delhi or Bombay.
First, do you have access to, or indeed have anyone who can handle the 2016 server itself? I mean in terms of running Server Manager and Best Practices Analyzer (BPA) plus reviewing Event Viewer errors and warnings.
There are many issues coming to light, and it is vital that these are resolved first or Direct Access and VPN will fail.
Happy to chat off list if you'd like to compare notes.
George W F Bell (MD) Techno-Vision Systems Ltd. 76 Bunting Road Ind. Est. NORTHAMPTON, NN2 6EE United Kingdom.
Tel: +44 (0)160 479 2777 Fax: +44 (0)160 479 2726
e-mail: George@techno-vision.co.uk Web: http://www.techno-vision.co.uk
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Katherine M. Moss Sent: 24 August 2017 15:50 To: blind-sysadmins@lists.hodgsonfamily.org Subject: [Blind-sysadmins] Direct access Windows server 2016, anyone?
Hi all,
Has anybody gotten this to work? I want to try; would love to get my group off of the free version of PulseSecure VPN since it's obvious that it's broken, and we don't have the networking skills to fix it, nor the money to buy a license. Plus I want to succeed in getting a native Windows complex technology working. Everyone has tried but me, and none can get it going. We have a setup where the DA server would be behind a NAT, not on the EDGE (except for the one in the datacenter, but all of the local internal networks would have their behind a NAT.) We would also have to avoid use of the Teredo protocol, considering we don't have multiple public IP addresses to play with. Any suggestions on a good configuration to connect a few sites? Thanks.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
________________________________
This message contains information from Neighborhood Health Plan that may be confidential or privileged. This message is directed only to the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution, or use of the contents of this email is prohibited. If you have received this email in error, please notify the sender immediately and delete the message and any attachments. _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins