Installing a VPN server in Windows XP

Advantages of a VPN

The set-up of a virtual private network enables the secure connection of remote computers through an unreliable connection (Internet), as if they were on the same local area network.

This process is used by a variety of companies to let their users connect to the company network when not at the workplace. A large number of possible uses can be easily imagined:

  • Remote and secure access to the local (company) network for mobile employees
  • Sharing of secure files
  • Local network gaming with remote machines
  • ...

Setting up a VPN in Windows XP

Windows XP makes it possible to natively manage small virtual private networks; this feature is particularly suitable for small business or family networks (called SOHO, for Small Office/Home Office). To set up a virtual private network, you simply need to install a remote access server (VPN server) on your local area network that can be accessed from the Internet and configure each client to enable it to connect.

Installing a VPN server in Windows XP

In our example we will assume that the machine to be used as VPN server on the local area network has two interfaces - one to the local area network (a network card for example) and one to the Internet (an ADSL connection or a cable connection for example). It will be via its Internet-connected interface that VPN clients will connect to the local area network.

To make it possible for this machine to manage virtual private networks, simply open Network Connections in the Control panel. In the now open window, double-click New connection wizard:

new connection wizard

Then click Next:

new connection wizard

Out of the three choices offered in the window, select "Set up an advanced connection":

set up an advanced connection

On the next screen select "Accept incoming connections":

Accept incoming connections

The next screen presents devices you can select for a direct connection. It is possible that no devices will be proposed. Unless you have a special need, you won't need to select one:

choice of devices

From the next window select "Allow virtual private connections":

allow virtual private connections

A list of the system's users appears; simply select or add users authorized to connect to the VPN server:

choose users

Then select the list of protocols authorized via the VPN:

new connection

Click the Properties button associated with the TCP/IP protocol to define the IP addresses the server assigns to the client for the entire session. If the local area network the server is on does not have specific addressing you can let the server automatically determine an IP address. However, if the network has a specific addressing plan, you can define the range of addresses to be assigned:

TCP/IP properties

Configuration of the VPN server is now complete; you can click the Finish button:


Installing a VPN client in Windows XP

To let a client connect to your VPN server, you need to define all the connection settings (server address, protocols to be used, etc.) The new connection wizard available from the Network connections icon in the control panel enables this configuration:

new connection wizard

Then click Next:

new connection wizard

Out of the three choices offered in the window, select "Connect to the network at my workplace":

connection to workplace network

On the next screen select "Virtual private network connection":

virtual private network connection

Then enter a name that best describes the name of the virtual private network you want to connect to:

name of the virtual private network connection

The next screen lets you determine whether a connection needs to be established before connecting to the virtual private network. Most of the time (if you are on a permanent connection or ADSL or cable access), it will not be necessary to establish the connection since the computer is already connected to the Internet; if this is not the case select the connection to be established from the list:

initial connection

To access the remote access server (VPN server or host), you must specify its address (IP address or host name). If it does not have an IP address, you will need to equip it with a dynamic naming system (DynDNS) capable of assigning it a domain name and specify this name in the following field:

host name

Once you have finished defining the VPN connection, a connection window opens asking you for a login and password:

Virtual private network connection prompt

Before connecting, you need to define some settings by clicking the Properties button at the bottom of the window. A window featuring a certain number of tabs then lets you more narrowly configure the connection. In the Network management tab, select the PPTP protocol from the scrollable list; select the (TCP/IP) Internet protocol and click Properties:

Network management tab - PPTP protocol

The window that appears lets you define the IP address the client machine will have when connecting to the remote access server. This lets you have addressing that is consistent with the remote addressing. As such, the VPN server is capable of acting as a DHCP server, that is, of automatically providing the VPN client with a valid address. To do so, simply select the "Obtain an address automatically" option:

addressing properties - DHCP

In the event that the client uses the DHCP, if the server assigns an internal IP address, the client will be connected to the workplace network and will benefit from its services but will no longer have Internet access via the interface used since the IP address is not routable. In order to let the client be connected to the VPN and still have Internet access via this connection, the VPN server must be configured such that it shares its connection! The Advanced button lets the client use the VPN server's gateway in the event that the latter shares it connection:

addressing properties - DHCP

To be able to set up the VPN connection, intermediary firewalls, and particularly XP's native firewall, need to be configured to let the connection be established. You therefore need to disable Windows XP's native firewall by doing the following:
  1. In the control panel click Network connections,
  2. Right-click the connection you use,
  3. Select the Advanced settings tab,
  4. Make sure the Internet connection firewall option is disabled.

More information

For more information about virtual private networks, visit the page dedicated to the topic. If you have questions, you can use the CCM forum.

Article written by Jean-François PILLOU

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « Installing a VPN server in Windows XP », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (

Subscribe To Our Newsletter!

The Best of CCM in Your Inbox

Subscribe To Our Newsletter!