Community Forum

0 votes

Our current vpn solution is windows sbs 2003 server (it sits behind a service providers cisco router that is firewalled and has a route for the vpn pointing to the sbs server), which i believe is PPTP since all our current road warriors use the built in windows vpn client to connect.

We are going to put our ClearOS gateway in place soon and do not want to disconnect our current roadwarriors. Once they come in the office, or sometime after ClearOS is in place I want to convert them to OpenVPN, because everything I am reading is suggesting that it is better and more secure that PPTP, along with the fact that PPTP has to have the firewall modified for bi-direcetional passthrough if you still want to connect from the inside-out. I guess this makes security more vulnerable? (could someone explain)

Anyway.. I wanted to know if my thinking is correct, if anyone has any suggestions (better or otherwise), and if I could simutaneously run both until everyone was converted to OpenVPN and later disable the PPTP. The SBS server is going away as soon as we have everyone moved off of its email and vpn, or at least that is the plan.

Could I put a route in the ClearOS pointing to the Sbs server for the pptp like my current service provider has, and let it continue to run there until we get the OpenVPN running? I guess that would work too if different ports were used? right?

Thanks in advance for your help,


Thursday, September 02 2010, 09:08 PM
Share this post:
Responses (1)
  • Accepted Answer

    Friday, September 03 2010, 01:33 PM - #Permalink
    0 votes
    I ran PPTP and OpenVPN concurrently several updates ago. I don't need the functionality anymore so it is dismantled but then it worked flawlessly as long as I made sure there were no port conflicts. I would certainly expect that would still be the case but a bit of testing before committing is aways advisable.

    Channeling PPTP through COS should be easy. Simply DMZ the relevant ports to the old PPTP server.

    Inbound email could be forwarded (by mail address) to the PPTP server using Horde's mailfiltering functions; or you could use email aliasing to redirect to the PPTP server. Which way is better depends on the details of how you intend to implement the gradual transfer. Outgoing email from the PPTP server can simply be directed towards the COS server which, as default, is setup to accept mail forwarding from the LAN (but not from anywhere else)..

    The reply is currently minimized Show
Your Reply