Hi to all!
I'd like to help me make a decision. I want to establish VPN configuration on a company with about 60 employees. The firewall we have is the CCR1016-12S-1S+ and is already on place for about 3 weeks. I have made a configuration for SSTP VPN connection already, but to be honest on other customers I used to provide WireGuard as a VPN solution.
Regarding the configuration, I believe that is a bit easier to deploy WireGuard compared with SSTP, but I can't say which of the two is more secure. That is the first point where I'd like to have your opinions.
Secondly, I have the following concern. The users (road-warriors) will be connected with their laptops, but they are working on non-administrative profiles. Which means that the WireGuard VPN client cannot be controlled by them. The administrator configures and connects it for the first time and then every time the users are connected to the internet (and not in the company), the laptop establishes automatically a VPN connection, without letting the users even to notice it. If you know, the WireGuard VPN client is not even shown in the tray on a simple-user's profile. So there is no concern for the user to establish a VPN connection before he starts his remote work. On the other hand he is not controlling the VPN connection and he can't troubleshoot anything, if he needs.
But with SSTP connection, there isn't any special VPN client and we use only Windows features and functions. The users are responsible for their VPN connection and they need to decide if they want to connect or not, depending of what kind of work they will do and if that requires access to the company's servers.
I am also worrying which one of the two is more stable. I tried both of them and I noticed that in some cases with a laptop and a wireless connection the SSTP VPN is sometimes disconnected (and not re-established by itself). I noticed that only when didn't have access to the company's server anymore. But there were opened and not-saved files, which made me worry that a simple user could just lose hours of work or even have corrupted files. This is not happening with the WireGuard, or at least it is re-established by itself if the internet (or the wireless) connection is back. What do you think about that? Which one is more stable?
And finally, I am not sure what is better. Letting the users being responsible for their VPN connection and be able to control it (SSTP via Windows functions), or make it completely automated and not-controlled by them (WireGuard VPN client, hidden from the taskbar tray because they are simple-users). Which one is more trouble-free? What's your opinion about that?
Thank you all very much in advance for your help!
With kind regards,
Last edited by apitsos
on Sun Nov 27, 2022 6:25 pm, edited 1 time in total.