2
1
I'm administrating a small network and have a couple of users that would like to connect to local resources from e.g. their work PC or home. I cannot assume that they have admin privileges (on their Windows boxes) so I'm looking for a software that is easy to use and allows them to connect to internal resources.
For now, I'm going with the SSH tunnel way, e.g. I set them up with a putty profile that contains a couple of port forwards to the required services. Login is done using certificates, so all in all this is a working solution.
However some users have complained about the network performance, e.g. their connection (to inside resources, not the SSH connection itself) gets dropped or their bandwith is a lot lower than the direct internet connection. I fear this is due to the whole TCP over TCP issue.
Is their a way to tunnel ports (or otherwise access a remote network) over UDP that doesn't require admin privileges on a Windows client? I was thinking about something like mosh, which already opens a UDP port - but until now I coulnd't find any info on its ability to forward ports over UDP!
Please don't suggest installing OpenVPN as service or other approaches likes these. While it might be possible to get the client admin to install e.g. OpenVPN in some cases, it is almost always tedious and I definitely want to avoid it.
schneida
Posted 2018-05-01T14:42:52.880
Reputation: 121
Hands down.... https://www.softether.org/ is the best, easiest, etc. IMO... It performs very well too so get to reading as it's free and sounds like exactly what you are looking for. Works with Windows, Linux, and Mac too by the way.
– Pimp Juice IT – 2018-05-01T14:45:57.773@PimpJuiceIT am I missing something or does softether require admin privileges for installing!? The installer does offer an option to install as local user only, but then it can only install the management UI and not the actual VPN client... – schneida – 2018-05-02T06:03:48.903
Re OpenVPN - are you aware that you can package the the entire client config in a single easily generated .ovpn (text) file. Also, you can most probably bypass the whole UDP thing by simply fixing the MTU issues - which is generally no harder then a single iptables clamping rule. – davidgo – 2018-05-02T09:00:12.533
@davidgo I know about ovpn files, but won't I still need to install TUN/TAP drivers in the clients OS which generally require admin privileges? Can you point me to some more info about the MTU stuff, especially to said iptables rule? – schneida – 2018-05-02T09:01:58.617
Okay, I missed the local admin permissions portion of your question apparently but generally in order to install VPN client software for IPSEC type VPN you need admin permissions on Windows machines and I assume that is the case for it to install virtual VPN network adapters and such with SoftEther. I'm not familiar with SSL VPN type solutions with SoftEther but I thought I read about one so there may be an option where they connect to a correlated SSL website on port 443 and are able to establish VPN via that method without local admin permissions but I'm not 100% certain. – Pimp Juice IT – 2018-05-02T11:45:23.077
I think I was assuming you are an admin of this network and all machines that connect to it and you could install prerequisite client VPN software and then they'd be able to connect to it as a non-admin but yes you'd likely need local admin permissions to the OS to install the VPN client so I'm not sure about that software and working with it otherwise without local admin permission to install it but in my experience it was much easier to get up and running versus OpenVPN so I think I paid more attention to that requirement than the other you mentioned so my apologies. – Pimp Juice IT – 2018-05-02T11:47:50.407
I just read over https://www.softether.org/1-features/5._Easy_Installation_and_Management and the section labeled 5.7. User-mode Install indicates the server can be installed without admin permissions but I'm not certain if the client has such options or not so it may be worth reading a bit more up on that potentially just in case.
– Pimp Juice IT – 2018-05-02T11:54:00.567