I've never set up a VPN from scratch before and I'm wondering how I should go about it. Anyone have experience with this sort of thing?
Here's the scenario:
- Office LAN at a small real estate office.
- Office is connected to the internet via DSL router that has a built-in NAT/Firewall.
- Router does not have VPN built in to the hardware. It does allow me to put in port forwarding (I think that's what they call "pinholes" in the router's menu).
- Office runs all Windows systems.
- Office has a server that's running Windows 2003 Server.
- A select few people, all NATed broadband at home, need to get into the office LAN remotely, in order to run a certain piece of client/server software and also for me to get in and remotely manage the server.
I see a few ways I can go about this:
1. I can make the server a DMZ. **NOT**. Windows is too unsecure to expose out from behind a firewall like that.
2. I can port-forward the VPN requests through the router to the 2003 server, and activate/configure RRAS on that server.
3. I can replace the office router with one that has VPN built-in.
Never having done this before, my questions are...
If I do option 2, is it only one port that needs to get forwarded, and do I only need to do that on the office's router? Or do I need to do tricky stuff on the client side too?
If I do option 3, will the clients need hardware too, or can they just use the VPN client software that comes with windows?
Anyone have any other tips?