Have you looked at SSTP? It's a PPP like protocol over a secure channel, which uses TCP port 443 and looks like normal HTTPS traffic to most firewalls. Recent Windows versions have the client built-in and I found a Mac client, but didn't test that yet. I run my SSTP server on a Mikrotik router, but the server option should be available in Windows server as well. The only downside I found so far is that it doesn't seem to be supported on the iPhone. Bram On 17-7-2017 00:09, Jason White via Blind-sysadmins wrote:

If you have access to a Linux machine that can run StrongSwan, this may solve your VPN problem, as it implements IPSEC.

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of George Bell Sent: Sunday, July 16, 2017 5:57 PM To: 'Blind sysadmins list' Subject: [Blind-sysadmins] VPN - L2TP and the Virgin Hub 3 (and perhaps BT)

If you do not use VPN - hit delete now.

Having installed a new Server running Windows Server 2016, our latest problem has been VPN communication from home to the office.

PPTP worked just fine, but Server 2016's Best Practices Advisor (BPA) said that we should be using a higher level of security communication.

Setting up L2TP, the minimum advised, failed. I'll spare those details for now, but if you try and fail, and also have Virgin's Hub 3, forget it. It simply will not ever work - officially.

There is a solution, but that involves purchasing a router (a wireless one if you need that too), at your own expense, to connect to the Virgin Hub 3. You then have to configure the Hub 3 as a Modem, and go from there.

Virgin did once support L2TP, but they have removed the option.

The Virgin user lists are full of IT managers who, since at least January this year, are complaining the their home workers have the problem, and that they are forced to open the PPTP server option.

And if you have the same with British Telecom, do not be surprised if you have the same problem. A colleague needing access to our server contacted BT, and the two support people he spoke to in Delhi (or was it Bombay), did not even know what L2TP was. He solved it himself but I don't have details.

With Internet Security a top priority, especially for businesses, I am staggered about this!

George.

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

ISP issued routers are quite often rubbish. That's if their not also blocking ports too. My aging Draytek router, can act as a L2TP, PPTP or Ipsec server. Though I second using Openvpn, it's a bit more straight forward to set up. Regards Chris Turner On 17/07/2017 12:15, Kelly Prescott wrote:

You could also try openVPN. It uses port 1194 udp, but you can make it use tcp. I use it through firewalls all the time.

On Mon, 17 Jul 2017, Bram Duvigneau wrote:

...

Have you looked at SSTP? It's a PPP like protocol over a secure channel, which uses TCP port 443 and looks like normal HTTPS traffic to most firewalls.

Recent Windows versions have the client built-in and I found a Mac client, but didn't test that yet. I run my SSTP server on a Mikrotik router, but the server option should be available in Windows server as well. The only downside I found so far is that it doesn't seem to be supported on the iPhone.

Bram On 17-7-2017 00:09, Jason White via Blind-sysadmins wrote:

...

If you have access to a Linux machine that can run StrongSwan, this may solve your VPN problem, as it implements IPSEC.

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of George Bell Sent: Sunday, July 16, 2017 5:57 PM To: 'Blind sysadmins list' Subject: [Blind-sysadmins] VPN - L2TP and the Virgin Hub 3 (and perhaps BT)

If you do not use VPN - hit delete now.

Having installed a new Server running Windows Server 2016, our latest problem has been VPN communication from home to the office.

PPTP worked just fine, but Server 2016's Best Practices Advisor (BPA) said that we should be using a higher level of security communication.

Setting up L2TP, the minimum advised, failed. I'll spare those details for now, but if you try and fail, and also have Virgin's Hub 3, forget it. It simply will not ever work - officially.

There is a solution, but that involves purchasing a router (a wireless one if you need that too), at your own expense, to connect to the Virgin Hub 3. You then have to configure the Hub 3 as a Modem, and go from there.

Virgin did once support L2TP, but they have removed the option.

The Virgin user lists are full of IT managers who, since at least January this year, are complaining the their home workers have the problem, and that they are forced to open the PPTP server option.

And if you have the same with British Telecom, do not be surprised if you have the same problem. A colleague needing access to our server contacted BT, and the two support people he spoke to in Delhi (or was it Bombay), did not even know what L2TP was. He solved it himself but I don't have details.

With Internet Security a top priority, especially for businesses, I am staggered about this!

George.

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

--- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

If only! With Virgin Cable, your only option is to switch it to modem mode, and purchase a wireless hub. This will work, but companies who have many home workers (as in 200 or more) are potentially faced with quite a major cost. The main point is that Virgin did once support L2TP and have removed the protocol. George -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Katherine M. Moss Sent: 17 July 2017 14:03 To: 'Blind sysadmins list' Subject: Re: [Blind-sysadmins] VPN - L2TP and the Virgin Hub 3 (and perhaps BT) Swap the rubbish your ISP gives you for either a UniFi Security Gateway or a EdgeRouter-X from Ubiquiti; both enterprise features for a steal. -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Chris Turner via Blind-sysadmins Sent: Monday, July 17, 2017 8:54 AM To: Blind sysadmins list Cc: Chris Turner Subject: Re: [Blind-sysadmins] VPN - L2TP and the Virgin Hub 3 (and perhaps BT) ISP issued routers are quite often rubbish. That's if their not also blocking ports too. My aging Draytek router, can act as a L2TP, PPTP or Ipsec server. Though I second using Openvpn, it's a bit more straight forward to set up. Regards Chris Turner On 17/07/2017 12:15, Kelly Prescott wrote:

You could also try openVPN. It uses port 1194 udp, but you can make it use tcp. I use it through firewalls all the time.

On Mon, 17 Jul 2017, Bram Duvigneau wrote:

...

Have you looked at SSTP? It's a PPP like protocol over a secure channel, which uses TCP port 443 and looks like normal HTTPS traffic to most firewalls.

Recent Windows versions have the client built-in and I found a Mac client, but didn't test that yet. I run my SSTP server on a Mikrotik router, but the server option should be available in Windows server as well. The only downside I found so far is that it doesn't seem to be supported on the iPhone.

Bram On 17-7-2017 00:09, Jason White via Blind-sysadmins wrote:

...

If you have access to a Linux machine that can run StrongSwan, this may solve your VPN problem, as it implements IPSEC.

-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of George Bell Sent: Sunday, July 16, 2017 5:57 PM To: 'Blind sysadmins list' Subject: [Blind-sysadmins] VPN - L2TP and the Virgin Hub 3 (and perhaps BT)

If you do not use VPN - hit delete now.

Having installed a new Server running Windows Server 2016, our latest problem has been VPN communication from home to the office.

PPTP worked just fine, but Server 2016's Best Practices Advisor (BPA) said that we should be using a higher level of security communication.

Setting up L2TP, the minimum advised, failed. I'll spare those details for now, but if you try and fail, and also have Virgin's Hub 3, forget it. It simply will not ever work - officially.

There is a solution, but that involves purchasing a router (a wireless one if you need that too), at your own expense, to connect to the Virgin Hub 3. You then have to configure the Hub 3 as a Modem, and go from there.

Virgin did once support L2TP, but they have removed the option.

The Virgin user lists are full of IT managers who, since at least January this year, are complaining the their home workers have the problem, and that they are forced to open the PPTP server option.

And if you have the same with British Telecom, do not be surprised if you have the same problem. A colleague needing access to our server contacted BT, and the two support people he spoke to in Delhi (or was it Bombay), did not even know what L2TP was. He solved it himself but I don't have details.

With Internet Security a top priority, especially for businesses, I am staggered about this!

George.

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins

--- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins