What is VPN solution which requires minimum support for not technical users? I need a solution which would not require lot support at least for windows users without technical knowledge. And could be supported by phone most of the time. This would be a solution for university, where every student can connect to university network.
SnapOverflow
The easiest solution I've seen is SSL VPN with a web-based VPN client. They work by the user logging into a webpage that starts a Java applet that downloads and installs the platform-specific VPN client software.
Our university uses Cisco, but Barracuda and Juniper also have similar products.
The VPN that is easiest to use is often the one that comes with the OS because it is so well integrated. The one exception to that is the Cisco VPN because the client has been so well tested across so many users.
One to watch in the future, DirectAccess as provided by Windows 2008 R2 coupled with Windows 7.
The beauty of this system is that it'll establish a VPN connection without the user having to even be logged in. That is, as soon as the laptop sees a network connection it'll try to talk to your Windows 2008 R2 DirectAccess gateway and attempt to create the secure connection. This is particularly handy for remote admining/patching laptops out in the field etc. And, you can also enforce Group Policies this way, as the laptop is already talking to your domain controllers when the user logs in, they'll pick up your GPs.
Users won't know they've got a VPN connection established; they don't need to 'dial up' or 'disconnect' a VPN connection, they just click on the link to that shared file in that email they just received and the file will open up directly from your network file server. Minimum user support required!
Well worth keeping an eye on later this year.
Cisco makes a great VPN client. We use this in a very large organization and I have have minimal problems with it.
Our University uses Cisco VPN solutions (ASA 5500). Stable, scalable and with educational discounts, "cheap". For the users, a non-brainer. Either use Cisco provided VPN client, or built-in Windows client.
The main problem your going to have with this is getting the users to setup the VPN client to connect to the network. Using the built in Windows client means there is no need for the user to install any software , but they will need to configure the client, unless you can supply some sort of script to do this for you. Then you need to consider what about users with OSX or Linux, how will they be configured?
Using some third party product such as OpenVPN or a Cisco client means that all users can use the same software regardless of OS, and that you can supply setup scripts with the connection details pre-configured. However this does involve users installing software.
So based on your user base you need to decide which is preferable and easier for you to handle. Any of these can be configured and support over the phone, or the internet quite easily.
PPTP is very easy to set up - the client is built into Windows. It's lacking in security compared to IPSec, so it's certainly not ideal. But depending on the nature of what you're doing, it might be a possibility.
I use the SSL VPN capabilities on the Astaro Security Gateway. It works quite well. Basically, the user browses to the firewall, authenticates, and is able to download the client and certificates. Then, if they want to connect, they click on the "stop light" icon in their tray and provide the user and password.
My "vision" is something easier (i.e. auto connect, authenticate using domain user and computer domain membership), but this is a pretty close second. I would not be surprised if there is a Microsoft VPN solution which is that easy, but I don't know about it.
I have also used the IPSec-based Cisco/Altiga VPN concentrator, which has been quite stable but is harder to setup and harder for the users to get going.
Have you considered using an SSL VPN?
Depending on what you have already Microsoft ISA server is very easy to configure and use for the server side of it. You can then use the built-in VPN "client" in Windows to connect.
This solution also allows you to use L2TP, PPTP or IPSec security for a wide range of connecton options depneding on how much or little security you plan on having. Plus no additional client software to install and maintain on the end users computer.
But of course this option would of course mean your already on the Microsoft platform and dont mind the additional licensing.