Has any follower of this forum ever lab'ed a VPN? You know ... tried configuring the various authentication and authorization protocols between virtual machines?

I am going to take the 70-685 soon, and I reflected on what areas I felt weakest at. VPNs, Direct Access and Certificate Management were high on that list. Then I wondered whether I could even lab this stuff between the virtual servers and virtual client I have created as part of my VirtualBox lab environment.

I don't know the answer to this, but could you potentially run a cheap machine on Amazon AWS for a small number of hours and try to emulate some kind of site-to-site scenario?

While I've used a VPM client on many occasions I know next to nothing when it comes to implementing a VPN.

How to implement? ... that's the point of the question, really. I'd like to try out various authentication and encryption schemes. I would expect problems, which would require me to examine event logs and learn more about how VPN works behind the scenes.

I was thinking about its implementation (over a beer!) last night. I began to think it is do-able inside a OpenBox internal network. Take away the components-in-the-middle, and you just have one protocol stack communicating with another protocol stack. I'm inclined to believe VPN can be implemented within my single-machine lab. Jeez ... it is hard to shake off old concepts when using a virtual machine environment!

I remember reading somewhere that zero was a mathematical concept that stumped ancient civilizations. Zero is an intuitive thing to even children these days. Maybe this is analogous to my awkwardness to internalizing virtual machine environments.

Anyway, cut to the chase. I'll give it a try when I have some free time. (And man, is that list of things growing!)

For those that are interested, one can indeed VPN within an internal VirtualBox network between two guest VM machines (one Server 2008 and one Windows 7 guest). A good exercise to do, actually. For you lab'ers, I recommend you try it. I may go back to trying out some of the different protocol combinations later.

How did you implement it?

Did you use a third-party application or VPN capability within Windows?

A quick Google indicates that the latter would probably be the case. So did you isolate two VMs from each other, then connect over the web?

Simple beyond belief. Embarassingly so.

I communicated from a Windows 7 Ultimate to a Server 2008, both OS's running as virtual machines under VirtualBox. Didn't need a WAN; everything was done across the same subnet defined in VirtualBox as an internal network.

My little test was to test using the simple PPTP protocol, which worked. Then I only partially configured for SSTP, knowing it should fail -- which it did.

Think about it. Even when communicating through a WAN, what's really happening is the PC's application level of the TCP/IP stack communicating to the Server's application level of the TCP/IP stack. Get it?

Of course, I could insert a WAN into the arrangement to make it more realistic. But for my needs, a WAN is not necessary. That could change perhaps if I wanted to configure for DirectConnect -- it might be better to have a different subnet on the backend of a DirectConnect Server. I don't know ... maybe not?!

All I can say is how I did it, and how i tested it. If I've done something stupid, or overlooked something obvious, I'm sure I'll hear about it someday.