Working remotely, easy and safe

VPN, or Virtual Private Networking, is intended to enable working remotely in a safe way. When you have created a VPN connection, you are connected to the office network and you can immediately access all your data. It has been possible for years to make such a VPN connection with your 1A-server. First only with PPTP, then OpenVPN was added, and recently we have added IPsec. Because the PPTP protocol belongs to a different era and has a lower security level, we have been promoting usage of OpenVPN or IPsec instead of PPTP for a while now.

Phasing out PPTP VPN

After many years of loyal service, the time has come to phase out PPTP VPN. This type of VPN has existed since the first version of the 1A-server and has the big advantage of it being extremely easy to set up. Unfortunately, the security level has not changed in recent years and this protocol is now outdated. Because of the security aspect for VPN connections, the time has now come to stop offering PPTP VPN on the 1A-server.

A smooth migration process

If you still use the old PPTP VPN method, we have notified your 1A-partner. They will then contact you to use a more secure VPN method. When that has been done, the PPTP VPN will be disabled and can no longer be activated. At a later moment the functionality will be completely removed from your 1A-server. By tackling migration in this way, we avoid unpleasant surprises for the customers of our 1A-partners and offer a smooth transition to more modern and secure VPN connections.

The available alternatives

We support two other methods to set up a VPN connection: OpenVPN and IPsec. Both have advantages and disadvantages and they can be enabled simultaneously if so desired. The safety of both protocols is comparable and at a much higher level than was possible with PPTP.

OpenVPN requires an additional free client program, while IPsec is supported out-of-the-box on most modern devices (like Windows 10). However, downloading and installing the OpenVPN program is very easy to do.

A disadvantage of IPsec is that it is relatively easy to block by providers. Think for example of a connection in a hotel or a public Wifi. On such connections, using IPsec is often not allowed.

In addition, it is often stated that IPsec is difficult to (properly) set up. We have already set up the 1A-server with the correct settings for you and for the user we have made manuals for Windows 10, MacOS, Android and IOS. Older versions of Windows are more difficult to set up for IPsec. For those versions we recommend using OpenVPN, for which manuals are available as well. You can find them at https://manuals.1afa.com/en under the heading Teleworking.

Always use a valid SSL certificate

For IPsec, a valid SSL certificate is always required on the 1A-server. Which is no problem, because we offer them for free with Let’s Encrypt. This is a standard SSL certificate. When it is desirable to include the company information in the certificate, Extended Validation is required. We can also offer this type of certificates for a small fee. Contact your 1A-partner for advice on using safe connections and using the proper certificates.