Advantages of a VPN
The set-up of a virtual private network enables the secure connection of remote computers through an unreliable connection (Internet), as if they were on the same local area network.
This process is used by a variety of companies to let their users connect to the company network when not at the workplace. A large number of possible uses can be easily imagined:
- Remote and secure access to the local (company) network for mobile employees
- Sharing of secure files
- Local network gaming with remote machines
Setting up a VPN in Windows XP
Windows XP makes it possible to natively manage small virtual private networks; this feature is particularly suitable for small business or family networks (called SOHO, for Small Office/Home Office). To set up a virtual private network, you simply need to install a remote access server (VPN server) on your local area network that can be accessed from the Internet and configure each client to enable it to connect.
Installing a VPN server in Windows XP
In our example we will assume that the machine to be used as VPN server on the local area network has two interfaces - one to the local area network (a network card for example) and one to the Internet (an ADSL connection or a cable connection for example). It will be via its Internet-connected interface that VPN clients will connect to the local area network.
To make it possible for this machine to manage virtual private networks, simply open Network Connections in the Control panel. In the now open window, double-click New connection wizard:
Then click Next:
Out of the three choices offered in the window, select "Set up an advanced connection":
On the next screen select "Accept incoming connections":
The next screen presents devices you can select for a direct connection. It is possible that no devices will be proposed. Unless you have a special need, you won't need to select one:
From the next window select "Allow virtual private connections":
A list of the system's users appears; simply select or add users authorized to connect to the VPN server:
Then select the list of protocols authorized via the VPN:
Click the Properties button associated with the TCP/IP protocol to define the IP addresses the server assigns to the client for the entire session. If the local area network the server is on does not have specific addressing you can let the server automatically determine an IP address. However, if the network has a specific addressing plan, you can define the range of addresses to be assigned:
Configuration of the VPN server is now complete; you can click the Finish button:
Installing a VPN client in Windows XP
To let a client connect to your VPN server, you need to define all the connection settings (server address, protocols to be used, etc.) The new connection wizard available from the Network connections icon in the control panel enables this configuration:
Then click Next:
Out of the three choices offered in the window, select "Connect to the network at my workplace":
On the next screen select "Virtual private network connection":
Then enter a name that best describes the name of the virtual private network you want to connect to:
The next screen lets you determine whether a connection needs to be established before connecting to the virtual private network. Most of the time (if you are on a permanent connection or ADSL or cable access), it will not be necessary to establish the connection since the computer is already connected to the Internet; if this is not the case select the connection to be established from the list:
To access the remote access server (VPN server or host), you must specify its address (IP address or host name). If it does not have an IP address, you will need to equip it with a dynamic naming system (DynDNS) capable of assigning it a domain name and specify this name in the following field:
Once you have finished defining the VPN connection, a connection window opens asking you for a login and password:
Before connecting, you need to define some settings by clicking the Properties button at the bottom of the window. A window featuring a certain number of tabs then lets you more narrowly configure the connection. In the Network management tab, select the PPTP protocol from the scrollable list; select the (TCP/IP) Internet protocol and click Properties:
The window that appears lets you define the IP address the client machine will have when connecting to the remote access server. This lets you have addressing that is consistent with the remote addressing. As such, the VPN server is capable of acting as a DHCP server, that is, of automatically providing the VPN client with a valid address. To do so, simply select the "Obtain an address automatically" option:
In the event that the client uses the DHCP, if the server assigns an internal IP address, the client will be connected to the workplace network and will benefit from its services but will no longer have Internet access via the interface used since the IP address is not routable. In order to let the client be connected to the VPN and still have Internet access via this connection, the VPN server must be configured such that it shares its connection! The Advanced button lets the client use the VPN server's gateway in the event that the latter shares it connection:
To be able to set up the VPN connection, intermediary firewalls, and particularly XP's native firewall, need to be configured to let the connection be established. You therefore need to disable Windows XP's native firewall by doing the following:
- In the control panel click Network connections,
- Right-click the connection you use,
- Select the Advanced settings tab,
- Make sure the Internet connection firewall option is disabled.
For more information about virtual private networks, visit the page dedicated to the topic. If you have questions, you can use the CCM forum.
Article written by Jean-François PILLOU