VPN Setup

How would one go about setting up VPN access in a home/small business environment (peer to peer)? I would like to use it to connect securely to my home/small business network when I am away - at work (full time job), traveling, etc. Once setup, what steps are needed to use it from another location?

Or am I going down the wrong path and should be using something entirely different?

Purpose of VPN usage: To check home/small business email to keep in central location, to check status of running programs, to transfer files, etc.

Thanks,
Jody Wood

You need two bits -- a VPN server and a VPN client.

Any Windows 2000 or XP machine will do as the client. Setup on Windows XP once you have a VPN server goes something like:

• Control Panel | Network Connections | New Connection Wizard
• Connect to the network at my workplace
• Virtual Private Network connection
• Set a name for the icon
• Do not dial the initial connection
• Set the IP address to the VPN server's public IP address
• Do not use my smart card

Note that NAT and firewalls aren't always kind to VPNs. You may not get it working from work, and in hotels etc you might need to sign up for the real IP address option.


For the VPN server itself, you have a couple of options.

If your router supports acting as a PPTP VPN server (few do), that will act as the server itself. Just configure a username and password, then try to log into it (you should be able to at least connect from inside the network, but you might need to use the router's private IP address).

Otherwise, if your router supports PPTP passthrough, you can run a VPN server on a machine inside your network. You'll either need Windows XP Pro or a version of Windows Server to do this (or a Linux/FreeBSD/etc box). XP Pro can only support one client at once; the others can support more than one.

Setup of the server for XP Pro:

• Create a local user account for VPN use (you can just use an existing one if you want, but it must have a password, and the password had better be strong)
• Control Panel | Network Connections | New Connection Wizard
• Set up an advanced connection
• Accept incoming connections
• Leave all the offered ports (serial, parallel etc) unchecked
• Allow virtual private connections
• Select the user you created
• Go into the TCP/IP properties and assign a private IP range (not the one you're using on your network) with at least two addresses (eg 192.168.20.1 - 192.168.20.2)

With Windows Server, it's done within the Routing and Remote Access Service (RRAS), but I've never set it up in there.

In either case, all you need to do on the router is forward TCP port 1723 to the VPN server. The router also needs to forward IP protocol 47, but the passthrough function will do that automatically.

Once you have your VPN client connected to the VPN server, you're on a network with the VPN server. You can connect to it using something like Remote Desktop and have fun. :)

Tuttle, you typed that from scratch right? :)

No, I copied most of it from a newsgroup post I made a couple of months ago. That post I typed from scratch. :)