VPN: Virtual Pain in the…
For a while now, I’ve been working on projects with a distributed team in-house. When we first moved in house for a client, it was the first in-house project our company had taken (at least since I had been there) with a team this large and this spread out. A majority of the team resided in the main office, but we had one person in Atlanta, and the other in Phoenix.
We decided to set up a VPN server, and because it was my choice and because, at the time, it was for that project only, we chose to use Microsoft’s RAS Server. Thus far, it’s worked pretty well, but as anyone who uses a VPN will tell you, it can be a PITA sometimes.
Default Gateway Slows Internet Connection
The first issue I didn’t like was how every request out to the internet first passed through the office gateway. This meant when I was downloading from MSDN I was getting pathetic download rates. We figured out a small way around this. My screenshots are from Windows 7, but Vista is similar. If you have XP, well, I hope you can figure it out.
First, click on the Network tray icon. If you’re connected wirelessly, it looks like bars on your cellphone.
A popup will appear with all your network connections – including your VPN. Just right click your VPN connection and choose Properties. Click the Networking tab, and then select IPv4 in the list. Click the Properties button to open the properties for IPv4.
Connectivity Lost to VLANS
route add <destination ip> mask <subnet mask> <the ip the vpn server assigned you>
This works best if you have a static IP.
Passing Active Directory Credentials Automatically
Okay, so now that my connection outside my internal network is fast, and I’m not passing requests through the office gateway, another issue I have, as a developer, is connections through Sql Server Management Studio to database servers inside the network. As the person who started the network policies for my company, we have chosen to use Active Directory and Groups for everything. Each project that is done internally has a few groups for different roles of people involved on the project. I like the idea of using groups rather than granting individual access, because then if someone leaves the company or changes projects it is a simple matter to change or remove their access.
The problem with this solution was that those of us outside the network using the VPN were constantly being polled for credentials, and SSMS doesn’t work unless you know the sa password. Well, I was shown the light by another consultant who recently came off a client site. So, here’s how to automatically send your network credentials to any servers you connect to.
So, open your start menu, and in Control Panel select User Accounts. On Windows 7, in the upper left corner there is a link to Manage Credentials. In Vista, it’s called Manage Your Network Passwords. The window that opens up allows you to set up connections to machines and it will store your network credentials to send to that machine over your local credentials. The benefit here is that when you connect using Management Studio, if you have ever tried to connect through windows, it auto selects your local account and won’t let you change it. When you add a network credential, it will still show your local account, but it will actually pass in the saved credentials.
One of the cool things you should notice is that you can back up the vault and then restore it to another machine. So, click Add a Windows Credential.
The form is pretty self explanatory. The Internet or Network Address should actually be your server name. I strongly recommend not using IP addresses. For the User name, use the DOMAIN\username of your network account. Click Okay and the next time you connect to that machine, your network credentials will be passed as if you were on the network.
Hopefully my tips here will help anyone having the same bothersome issues we went through. If you have any other tips, please feel free to share them in the comments.