![]() A part from ISP issues, most users had a pretty positive experience with working from home (or at least that's what they told me). ![]() Remoting in and changing either the config file to the ip or adding a host entry in the host file resolved the issue. At any rate an ISP was giving only IPV6 DNS and the translation to IPV4 was not working properly since our DNS host was not setup to use IPV6 some users could not connect to the VPN. The issues did not affect the remote access using the remote support apps but did cause issues connecting to the VPN which was setup to use a DNS address in case we want to change or need to change our ip address. Overall the experience for the users wasn't terrible, there were a few hiccups that occurred caused by ISP DNS. Since our VPN is OpenVPN based we used the following:Īpple App Store Link for Microsoft Remote Desktop Application: We still chose to support them but made the documentation primarily Windows based and because of the extra security setup required for Apple Computers, we decided it was best to just provide the links for required software, and staff would walk though the "extra" requirements for the Apple machines. To that end, only 6% of our staff were on Apple Computers. ![]() I choose to support both Apple and Windows users. Below is a sample document with non-working links, this is more/less the document I sent out to staff to get them setup on the VPN. My organization uses GSUITE so I have a secure way of providing the VPN documentation to the users for those who thought they can set it up on their own. I setup the OpenVPN client on the corporate devices we had and used MSP360 or teamviewer quickconnect apps to setup and install the open VPN client on any devices that needed setup. Also with RDP Attacks on the rise, I also feel it more/less avoids that kettle of fish.įor issues 2 and 3, to treat corporate and personal devices as simple RDP Client's is easy, it really doesn't matter what or how they connect so long as they have an RDP client and connect. Going with OpenVPN allowed me to setup long secure passwords then move to a certificate based authentication once I get that setup so users wouldn't want to fight the updating of their Active Directory passwords. ![]() I also had an issue with having to get users to update their passwords to something more secure. though this wasn't the easiest solution (such as setting up RD Gateway) it was the one I felt was more secure and easier for me to support. With less then a week to set up a new RDP server and prep any corporate devices we had available it was going to be a huge challenge.įor issue 1, I have had experience in setting up PFSense to also be an OPEN VPN Server My idea was to treat both the corporate and personal devices as simple remote desktop clients. To solve issue 2 and 3 since it would be a combination of corporate and personal devices, I decided to use MSP360 and Teamviewer with a how to document. To solve issue 1, I decided to setup a new RDP Server (2019) based using OpenVPN. How to troubleshoot issues with remote desktop clients with visibility How to support users systems as remote desktop clientsģ. How to connect users to the company's network securelyĢ. I had three issues that I had to immediately solve.ġ. So when COVID-19 hit, we were scrambling to get a remote setup that could handle enough users, and have a way to connect them without really compromising security or making us an easy mark for an attack with few IT resource for defense. From an IT perspective this brings up many challenges as most work places (mine included) are not a mobile first or mobility first type of organization. The biggest change has been the working from home (remote working). March 2020 changed a lot of things for everyone, everywhere.
0 Comments
Leave a Reply. |