Jump to content



Photo

[Input Req]Redesigning My Network

Answered Go to the full post

  • Please log in to reply
25 replies to this topic

#16 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 06 January 2014 - 19:23   Best Answer

I wouldn't be so worried about printer stuff, but this points to something out of whack.

An Warning Event occurred. EventID: 0x00001695

Time Generated: 01/06/2014 13:40:52

Event String:

Dynamic registration or deletion of one or more DNS records associated with DNS domain 'eatvac.org.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).


#17 OP pairughdocks

pairughdocks

    Neowinian

  • Joined: 06-June 09
  • Location: /bin/bash

Posted 06 January 2014 - 20:38

No errors left :) everything seems to be good now. MUCH QUICKER (even than before) log ons! BudMan, +2 to you! I guess now I just have to review some of the proposed network solutions for redesign. Unfortunately we can't do much with CISCO since our budget does not allow for such equipment.



#18 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 06 January 2014 - 20:56

Well there are plenty of budget managed/smart switches on the market that would allow for vlans. How many ports do you need? You could always go with a smaller ported managed/smart switch as your core and then just use dumb switches in the closets or to add port count.

You could go with something something like a router distro, pfsense, m0n0wall, smoothwall, ipcop on some old pc hardware to give you a decent firewall/router at your edge vs some soho wireless thing. A e900 is something you would run in your house if you ask me, not a place of business.

You would be amazed at what you can accomplish on a shoestring budget ;) A cheap PC hardware with bit of ram and you could run content filtering with squid, ntop for reporting, snort for IDS, etc. Could run a captive portal for your guest wireless, using WPA enterprise for your normal wireless, etc. etc.

#19 OP pairughdocks

pairughdocks

    Neowinian

  • Joined: 06-June 09
  • Location: /bin/bash

Posted 06 January 2014 - 21:06

The E900 was a serious quick fix when our original router took a dive. I'm looking at a NetGear FVS338 or FVS538 VPN/Firewall combo to allow for IPsec VPN as opposed to PPTP via Server 2008 which we have right now. When the new server arrives it will be a virtual Server 2008 installation and the old server will be an Untagle server more than likely running web filtering, and reporting. I love that it integrates with AD but I would like a free alternative so I can have users authenticate via their AD credentials and have their activity logged. I also would like to segment our Wifi and have a guest network so when we have "company" they don't have access to internal resources etc... Basically popping up our internet terms of service upon connection. I will definitely look into some of the router distros you mentioned as I have never heard of some of those and I'm sure you wouldn't mention them if they weren't looking into ;)

 

Edit: It looks like m0n0wall will be the winner for router distro :D



#20 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 06 January 2014 - 21:21

pfsense is a fork of m0n0wall - m0n0wall rocks it for router/firewall. Pfsense adds some bells and whistles is all.

It would be a fine choice to be sure.

If you ask me ipsec is dying as a road warrior solution to vpn access - I would look more to openvpn to be honest. It can run over 1 port (443 SSL for example) which is pretty much ALWAYS open no matter your location. Can even work over a proxy, for example to get ipsec vpn to work at a hotel quite often you have to request that type of connection.

Openvpn has released clients for both android and ios devices that works great. My ipad for example - click, click and vpn'd into my home network from anywhere there is wifi connectivity since when do they block 443.. While ipsec vpns use ESP protocol 50 and 51 AH and ISAKMP.. Its a fairly complicated solution that is not always available. There are better solutions to be sure.

#21 OP pairughdocks

pairughdocks

    Neowinian

  • Joined: 06-June 09
  • Location: /bin/bash

Posted 06 January 2014 - 21:59

My only concern with OpenVPN is it can not run as a server on Windows (so it seems), but I do agree with the logic... lots to think about there.

 

Edit: I'm dumb... http://forums.openvp.../topic7806.html

 

Smh... I'm going insane with all of this ;)



#22 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 06 January 2014 - 22:01

Who told you that?

https://community.op...y_Windows_Guide

But I would not suggest running it on a "server" inside your network be it linux, bsd or windows or OS X. The VPN endpoint belongs on the edge of the network - not some box "inside" the network.

#23 OP pairughdocks

pairughdocks

    Neowinian

  • Joined: 06-June 09
  • Location: /bin/bash

Posted 06 January 2014 - 22:23

So what you're saying is create a dedicated server specifically for OpenVPN?



#24 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 06 January 2014 - 22:37

No what I am saying it run it on the edge ;) With pfsense for example its click, click and up and running - one of those bells and whistles I was saying that m0n0wall does not have ;)

openvpnconnection.png

Whatever you pick for your router distro - it supporting the vpn server would be a nice bell or whistle ;)

You can run into problems with a vpn endpoint inside a NAT as an endpoint. For starters that server inside your network is NOT the gateway of your other devices on your network. So you might need to NAT your vpn clients into your lan network. Or create other routes, be it on your other edge router or the other hosts in your network. Or use tap vs tun interface where you bridge the remote clients into your network.. Now your sending broadcast traffic over a wan connection, etc. etc.

Its nothing that can not be worked out - but it is much simpler if the vpn endpoint is at your networks edge/gateway anyway.

#25 OP pairughdocks

pairughdocks

    Neowinian

  • Joined: 06-June 09
  • Location: /bin/bash

Posted 06 January 2014 - 23:02

Ah, I see! Hmm, I was really liking m0n0wall, which would be an IPsec VPN on the edge, but pfsense does look like it will integrate the VPN much easier. My users are absolutely TERRIFIED of technology so OpenVPN would make their connecting in a bit easier. I hope you are getting paid for schooling me in Windows networking... if not, I'll send cookies or something. I learned more today than I have in classes.



#26 riahc3

riahc3

    Neowin's most indecisive member

  • Tech Issues Solved: 11
  • Joined: 09-April 03
  • Location: Spain
  • OS: Windows 7
  • Phone: HTC Desire Z

Posted 07 January 2014 - 12:27

Hello,

I learned more today than I have in classes.

Yeah, happens a lot with BudMan....

The best thing you can do for Neowin is mark the best answer he wrote.