I work for a small company where I ended up being the Sysadmin guy ( / IT Administrator).
We unfortunately use Windows Server 2019 and share our files using Windows shares (SMB). Locally it works fine but remote users connect via Windows VPN. Every week I get 2 or 3 of these errors.
Best I can figure out it’s due to the IPSs of our users. The remote users are in different locations due to traveling and some IPSs have this error while others do not. I cannot seem to find a fault on our server’s end. I had the same error when I worked at home, but I called my IPS and they opened for the GRE protocol and it just worked.
So:
Anyone know a fix on our end for this error message?
Should we ditch Windows VPN and go with WireGuard or OpenVPN
If you’d like a more radical suggestion: Drop VPN altogether in favor of Remote Desktop.
RDP with a gateway server allows you to authenticate at the gateway while keeping the file server inside your firewalls. You don’t move files back and forth across the VPN connection since all the files remain in-house.
If you don’t have sufficient desktops (virtual or hardware) for each user, you can set up a terminal server and use RDP to connect to that.
It’s a simple effective system that eliminates the need for VPN completely.
If the idea of running a VPN leaves you cold, you could try an alternative like https://enclave.io/ or https://tailscale.com. Both products aim to make VPNs “just work” and get out of your way. They also move you closer to the idea of Zero Trust Network Access. Full disclosure: I work for Enclave
Drop the windows GRE/PPTP VPN for L2TP with PSK or PKI certs, GRE is not encrypted, like I could sit and read your email and files being sent if I sniffed your client’s home network. Iphones do not support GRE PPTP any longer on hotspot or as clients.
That’s a good thought. We have just the router the IPS provided to use. I might have to look into it, I doubt it can do anything fancy it’s basically consumer grade.
