A
A
AV22021-01-06 01:55:35
openvpn
AV2, 2021-01-06 01:55:35

How to organize remote access to the server via RDP in a micro-office?

Good morning.

Please tell me the options, how best to implement a remote user connection to the server?

Condition:
Server (programs for sales and accounting) , located at point A. Business users at point B (managers) and C (accountant) .

It is necessary to implement a connection to the server so that it is as safe as possible, but even in the case of a change in the position of the server, it was not necessary to resort to reconfiguration. We are happy to allow the administrator's system, but so far we cannot, in other matters, for some one-time work, we can also outsource. But you need to decide on the option, how best and what tools. I would not want to open data for the entire Internet.

Details: a small sales business, 3 managers at point B, 1 accountant at point C (remote), Mikrotik (at point A), IP at point A - dynamic.

There is an understanding that one task can be performed in different ways, with different complexity at the beginning and during further operation. But how to do it better so that later hemorrhoids do not turn out and do not sacrifice security? Does something in between exist or do you still have to compromise between convenience and safety? What are the options anyway?

Answer the question

In order to leave comments, you need to log in

8 answer(s)
R
rPman, 2021-01-06
@rPman

Yes VPN.
The VPN server can be located anywhere both on the server and on the clients (yes, perverted, but it’s also possible, I had an example when the 'server' tried to connect to all clients at the same time, on which, when the OS starts, the vpn server rises, combining them everyone to the bridge, because there was no adequate opportunity to configure even port forwarding - the features of its connection to the Internet) and in a separately created / purchased place.
Also, in addition to VPN, it is possible to forward ports through an ssh connection, from the point of view of settings, sometimes it is much easier (including no need to configure a firewall, for example), but it is considered bad practice and not so universal.

A
antonwx, 2021-01-06
@antonwx

There is a super lazy option: https://www.zerotier.com/

K
ky0, 2021-01-06
@ky0

RDP has been using encrypted transmission by default for a hundred years now. Just set up a normal certificate and passwords on the server.
VPN, of course, is more versatile - but since you don’t have money for a system administrator, I don’t recommend starting research, so that later you don’t have to urgently hire someone to fix it.

R
RStarun, 2021-01-06
@RStarun

A micro office does not require a sysadmin. We need an outsourcer - a person who will set up a one-time setup and, if necessary, who can be contacted to resolve technical issues. There are such people on the market, not all system administrators work at Gazprom from morning till night. It will take 3-4 hours to set up RDP on the server/router. Such one-time work any microoffice will pull.
You will probably need a pair of more or less identical routers to raise the tunnel. As a rule, in addition to rdp, there are also file cleaners, which are not always convenient to use through rdp.

V
Vladimir Korotenko, 2021-01-07
@firedragon

Read this topic
https://sysadmins.ru/topic495465.html
https://security.berkeley.edu/education-awareness/...
This is cisco specific and quite old
www.firewall.cx/cisco-technical-knowledgebase /cisc...
https://chasingmyccie.wordpress.com/2012/02/12/rem...

B
Boris_1c, 2021-01-07
@Boris_1c

Install radminvpn for free and quite conveniently

A
aleks-th, 2021-01-10
@aleks-th

So - the first introductory - microoffice.
Introductory second - there is no money, even for minimal system administrator services.
---
I will assume that the Windows server is stolen because there is no money.
---
Conclusion - RDP is contraindicated for you.
And not needed.
You haven't grown up to it yet.
There will be 200-300 users and the system administrator and software purchased will return to this issue.
---
Until then, don't use it. It will definitely bring you only harm at this stage and the risks of falling for illegal software
-
Use cloud services. There are a lot of them, they are not expensive and there are normal system administrators who will take on all the hemorrhagic

B
Bolter Po IB, 2021-01-10
@Bolterens

Configure SSTP on Mikrotik using standard Windows tools to connect to it, throw routes inside SSTP, configure the firewall on Mikrotik and connect via RDP to the server.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question