|
|
|
> HOME > PROJECTS > VPN AND RAS
|
 |  |  |
 |
VPN and RAS
VPN and RAS
Remote access has changed in form but not function over time.
VPN
The VPN serves the needs of roadwarriors everywhere.
Our current public VPN is based on the PPTP protocol, geared for mobile users
to make connections back to home base. In the tradeoff between security and
ease of client configuration, it was certainly chosen for the latter. Other
VPN technologies such as IPSec and OpenVPN see use for other special needs.
Client connections are authenticated using the MSCHAPv2 authentication
protocol. This is the least insecure option that does not require cleartext
password retrieval, and can be tied to our Windows domain for unified logon.
Once authenticated, the user's connection is tunneled (GRE) onto the guest
network.
Ideas for this setup were influenced by the last phase of the legacy campus
dial-up service.
RAS (Dial-up)
Dial-up survived past the millenium: analog phone line modem connections in
2005! We resurrected our modem pool primarily for our cell phone users,
because cell phone data plans were even more of a rip off at the time.
Clients dial in and authenticate using PAP, CHAP, MSCHAP, or MSCHAPv2
authentication protocols. RADIUS is tied to the enterprise LDAP cluster for
unified logon. Once authenticated, the user's PPP connection is terminated on
the guest network.
|
 |
|
|
 |  |  |
|
|