Some of the execs in the company I do work for are complaining that they cannot access the (PPTP) VPN from various Business Class airport lounge wireless networks. They can access normal web pages. Being a lowly IT serf I've not had the chance to take a laptop into any of these places myself, so I've had to try and diagnose this 2nd hand.
The VPN server is a Snapgear linux appliance running PopTop. According to the logs the snapgear recieves the PPTP initiation request from the client and authenticates, but the client then times-out. To me this sounds like the TCP protocol session initiation works, but the airport lounge router/firewall may be blocking the GRE protocol. (Incidentally I've observed that some models Cisco wireless routers are by default not configured to allow GRE, and have assumed this might be the case here)
So... I'm not 100% sure what to do next. I could setup an OpenVPN server, but that would require installing client software on all the (Windows) laptops. The other idea might be to setup Windows 2008 Terminal Services Gateway, that would allow access to the terminal servers via HTTPS from the internet. That would solve the issue of remote TS access but then for email, I'd probably need to look at setting up RPC/HTTPS for Outlook clients. Is it feasible to setup both Windows 2008 Terminal Services Gateway and an Exchange RPC/HTTPS frontend gateway on the same machine? I am sure that an OpenVPN server would be more secure, but I'd be interested to know how well these windows based gateways work as an alternative to VPNs and if people would recommend them. Thanks in advance!
You're on the right track. You need to set up an SSL VPN of some kind. We use a Sonicwall SSL VPN appliance. It allows for installation of the client directly from the logon page (very simple, any user can do it) as well as reverse proxy functionality for web apps and terminal services.
http://www.sonicwall.com/us/products/Secure_Remote_Access.html
OpenVPN is a good software alternative.
Well, maybe it's a late reply, but OpenVPN ALS (aka adito aka ssl explorer) it's what you are searching for