No, it was just freelance break/fix. I’ve since moved to providing basic managed services, but haven’t been called upon to configure a vpn in ages.
From OPs responses. This way, way, beyond what is what he/she should go for!
It’s a Windows 11 Pro laptop, connecting to a Verizon FIOS router. Server version is 2016, I believe.
Many routers now include wireguard. Which router is being used?
If the router doesn’t support it, a UDP port-forward is required.
500/4500 UDP for ipsec vpn.
Then look for a router that supports OpenVPN or if possible install OpenVPN server on prem.
It’s the most simple solution in my opinion.
But you really need to get to grips about the difference in port forwarding/ NATting and VPN.
I think you might be mixing things up. And possibly have a disaster waiting to happen…
If it’s for a single user and a single server, install https://tailscale.com/ on the laptop and server. It’s easy, secure, and you’re in the free tier.
The biggest advantage of this is you don’t need to touch the FIOS router at all, because tailscale can do NAT hole-punching. It’ll probably work in places that don’t usually allow VPNs either, so it’s probably going to be a pretty robust option without any extra work from you.
I’m not sure what exactly you want to do, but assuming it’s RDP:
This is correct, but IPSEC is mostly considered obsolete less popular these days and we have a lot better options now.
IPSEC is far from obsolete, especially when it comes to hardware and corporate VPN’s. There’s a move to SSL-VPN for client access, and wireguard is of course fantastic. But saying IPSEC is considered obsolete is way off point. Its still the underpinning of most SDWAN solutions, and has the widest use and adoption in corporate environments.
IPSec is still in use, but mostly in site to site VPN setups or when encrypting transit traffic.
For clients directly, I would suggest wireguard as other also have.
Bad choice of words on my part. Not so much obsolete as less popular for new configurations.