I’m still a bit green when it comes to network admin so thanks for helping out the rookie.
Our office currently uses standard ipsec VPN type licensing along with the global vpn client. The crappy thing is afaik SonicWALL hasn’t released a stable version for windows 10 that can sustain multiple VPN connections.
I’m wondering what you all have to say a out switching to ssl VPN with mobile connct or netextender.
Thanks!
I use/have used all of the above. I’ve run into some cases where’s Global/IKE works better for some things and vise versa. The big deal breaker is licensing. Global comes with I think 10 whereas SSL-VPN comes with 1 or 2 depending on model and time of purchase and additional licenses are just under $10 per license per month.
I have clients with 10+ SSL-VPN users and they have no issues so long as the hardware and connection are good enough. I’ve had some with multiple Global connections but always tend to point remote users to SSL instead for that little extra security. One nice thing about global though is that connections can stay on when logging out/switching user and SSL does not and requires user to connect each time.
If using SSL-VPN, Mobile Connect should be used on Windows 10 and Net Extender on pre-Win 10. I deal with both daily and can confirm that both have their own occasional issues but I seem to have less issues with MobileConnect.
Global VPN is a fine solution and is about the same as a site to site tunnel in that it’s just an IKE VPN so i would go that route if you don’t want to pay for more licenses…
Try NetExtender. When that doesn’t work, use Mobile Connect. When Mobile Connect doesn’t work, use NetExtender. When NetExtender doesn’t work, see step 1. All you can do really.
Netextender is stable though. Got about 50 users on at any given time and it’s been Rock solid.
Thanks! That clears things up for me. What version of the gvpn client do you use for windows 10? Have you found one that supports multiple simultaneous connections?
We’ve had the exact opposite experience with Windows 10 - NetExtender is generally reliable and Mobile Connect is spotty at best. I really wish they would pick one and make it work reliably.
I’d rather bang my head on the wall
Yeah Netextender is definitely stable. Mobile Connect is iffy, but it works. iirc you could setup vpn to use openvpn
FWIW - My office uses GVPN, currently on 4.10.2.0428 and most of us are with Win10 1903 ~ 1909. There are a minimum of 5 (nightshift) and upwards of 50 users using it 24/7/365, I wouldn’t say zero issues, but 99% of the time in split tunnel, no problems.
The other 1% of the time its either a restart of the client on the PC, or worst case restart of windows, and given what we do (pc/mac/remote support) its always better to restart daily or every other day, than attempt to run non-stop 3 or more days in a row.
My personal situation, I frequently run a VMWare VM from my pc using bridged network mode (so the VM gets its own ip from my home router) and run NetExtender to several clients throughout an average week without any issue, though usually the VM is in use 1 ~ 8 hours at a time, usually because I’ve forgotten to shut the VM’s vpn connection down.
I should also point out, on my main PC I’m running with GVPN, and have on occasion started FortiNet’s Forticlient to connect to a different clients’ network simultaneously, and in that situation had no problems, of course the work IP’s and the client’s IP’s across Forticlient were not in conflict or overlapping.
Sounds like you have your answer then
Good info. Thanks for sharing. I’ll have to test that version or at least check my notes to see what happened last time.
The key issue I find is it doesn’t support two different Network connections at the same time. For example I want to remote log in to two terminal servers in different networks. Maybe 4.10.2 does.
I’ll post my findings tomorrow.
Fyi, I could not get 4.10.2.0428 to run on windows 10 1909. I got a driver error when attempting to connect.
Try disabling the driver signature enforcement? So long as you’re not installing junk from just anywhere it shouldn’t be much of an issue, and blocks you from some older hardware that would not get updated driver support.
https://winaero.com/blog/disable-driver-signature-enforcement-permanently-in-windows-10/