I was listening to episode 29 of Security Now and discovered that the encryption in Microsoft Remote Desktop had been hacked by the Cain & Abel crew. What’s really sad is that is was hacked last November and neither I nor anyone I know had heard anything about it. Since I frequently use remote desktop to access my home systems, I decided to reevaluate implementing a VPN solution.
About six months ago, I foolishly picked up a wireless router with claims that it would also act as a VPN Endpoint. Little did I know that in order to use it as a VPN endpoint I would have to eliminate my SSL web server. I tried multiple alternatives to using the software provided with the router, but had very little success. Most of the solutions required that I purchase a third party client in order to connect to the VPN, and I couldn't even get demo copies to talk.
After awhile, I decided to skip the VPN in the router and set up Routing and Remote Services in Windows Server on one of my servers. That’s when I discovered that the router blocks the Generic Route Encapsulation (GRE) protocol; thus blocking virtually any VPN behind it. Of course, had I addressed all this back when I bought the router, I could've taken it back. Procrastination will get you nowhere.
In any case, I needed something and was getting to my wits end. Luckily, my Google hopping led me to a product called SSL Explorer. While it’s not a full VPN solution, it does provide a pretty decent middle ground by allowing me to communicate securely with portions of my network. Through it, I am able to use a secure remote desktop session, access my file server, and various other features behind the firewall. It also provides the ability to setup custom secure tunneling of common services, such as IMAP and SMTP. It takes a little more to setup these up, because it uses a Java client to redirect ports on your local system through the secure tunnel. This means you have to login to your SSL Explorer server and kick off the Java client in order to use any tunneled services.
I was impressed that the software seamlessly tied into my Active Directory with little more than creating a special account for it to use. I also like being able to access my router and cable modem administration pages without having to open a Remote Desktop connection. And, as aforementioned, it lets me access my file server using either a vanilla web browser interface or the much more robust Web Folders feature of Internet Explorer.
The software has far more features that I’ll probably never use. So far, I’m quite happy with the features it offers compared to the complexity of getting it up and running. Not counting time wasted fiddling with settings; I had the server up and running in about an hour. I would highly recommend the product to anyone looking for a low cost, easy to use, VPN alternative.