I currently have 10 windows workstations setup that establish a VPN connection each to the same server and then each establish a RDP session. I would like to share a single VPN connection between these workstations, and then allow them to establish their individual RDP connections. Does this make sense?
I apologize if my question has already been answered. I tried looking online for solutions and did not see any. Most of my background is in software development - I am trying to learn more about systems administration.
I appreciate your time in reading this and helping me learn. Thanks.
You need to initiate the VPN connection at your gateway, which is the device that provides your internet connection.
Entry-level and home devices generally don't permit this, so you'll need a mid-level device, or flash your device with a new firmware if you can (such as tomato or dd-wrt). There are also entire OS's dedicated to firewalling that you could put in-front of your router to use as your default gateway such as PFSense (Unix & Free), or Microsoft TMG (Windows, not free). All server OS's can also do this (Linux - iptables and pptpd, and for Windows Server RRAS).
Depending on the support of your firmware, you will then create the VPN connection to your host. A lot of modern routers have dropped support for PPTP tunnels (too insecure? not sure why), so you need to use L2TP or IPSec. This will depend entirely on your device. If you're using OpenVPN you might be out of luck.
If the destination network is on a different subnet to your local network (you better pray it is), then routing rules will be created automatically on the router to send all VPN traffic over the VPN link. So, then you probably (read: definately) want to lock down the source and destination networks and protocols that can run over the VPN.
So you would want to lock VPN traffic down to:
And then a final rule: