Installing a VPN server on XP

Interest of a VPN

Setting up a virtual private network allows you to connect remote computers in a secure fashion via an unreliable (Internet) connection, as if they were on the same LAN.

This procedure is used by many companies in order to allow their users to connect to the company network away from their workplace. It is easy to imagine a large number of possible applications:

  • Remote, secure access to the (company) LAN for telecommuters
  • Secured file sharing
  • LAN gaming with remote machines
  • ...

Setting up a VPN on Windows XP

Windows XP allows you to internally manage small virtual private networks, suitable for small or home offices("SOHO," for Small Office/Home Office). Thus, to set up a VPN, you just need to install a remote-access server (VPN server) at the LAN level, accessible from the Internet, and to set each client to allow it to connect.

VPN server installation on Windows XP

In our example, we will assume that the machine intended to act as a VPN server on the LAN has two interfaces; one to the LAN (e.g., a network card) and one to the Internet (e.g., a DSL or cable connection). It is through this interface connected to the Internet that VPN clients will connect to the LAN. Network connections in the Control panel. In the window you have opened, double-click on New connection wizard:

New connection wizard

Then click Next:

New connection wizard

From the three options offered in the window, select "Configure an advanced connection":

Configure an advanced connection

In the next screen, select "Accept incoming connections":

Accept incoming connections

The next screen shows various peripherals to select for a direct connection. There may not be any peripherals shown. Unless you have a particular need, you do not have to select anything:

Peripherals selection

In the next window, select "Authorize virtual private connections":

Autorize virtual private connections

A list of users of the system will appear; just select or add the users authorized to connect to the VPN server:

Users selection

Then select the list of protocols authorized via the VPN:

New connection

By clicking on the Properties button associated with the TCP/IP protocol, you can set the IP addresses that the server assigns to the client for the entire duration of the session. If the LAN on which the server is located has no specific addressing, let the server automatically determine an IP address. However, if the network has a specific addressing plan, you can set the address range to assign:

TCP/IP properties

The VPN server has now been configured; you can click on the Finish button:


Installation of the VPN client on Windows XP

In order to allow a client to connect to your VPN server, it is necessary to set all of the connection parameters (server address, protocols to use, etc.). The new connection wizard available at the Network connections icon of the control panel allows for this configuration:

New connection wizard

Then click Next:

New connection wizard

From the three options offered in the window, select "Connection to enterprise network":

Connection to enterprise network

In the next screen, select "Virtual private network connection":

Virtual private network connection

Then enter a name describing the virtual private network to which you wish to connect:

Name of the virtual private network connection

The next screen allows you to indicate whether a connection should be established in advance of connecting to the VPN. Most fo the time (if you are on a permanent connection, DSL or cable), it will not be necessary to establish the connection because the computer is already connected to the Internet; otherwise, select the connection to establish in the list:

Initial connection

In order to access the remote-access server (VPN server or host), it is indispensable to specify its address (IP address or host name). If it does not have a fixed IP address, it will be necessary to equip it with a dynamic naming device (DynDNS) capable of assigning it a domain name and specifying this name in the field below:

Host name

Once the VPN connection has been set, a connection window will open asking for a user name (login) and a password:

Virtual private network connection prompt

Before connecting, it is necessary to make some adjustments by clicking on the Properties button at the bottom of the window. A window with a certain number of tabs will allow for fine tuning the connection. In the Network management tab, select the PPTP protocol in the pulldown list, select Internet protocol (TCP/IP) and click on Properties:

Networking tab - PPTP protocol

The window that will appear allows you to set the IP address that the client machine will have during the connection to the remote-access server. This allows your addressing to be consistent with the remote addressing. Thus, the VPN server is able to act as a DHPC server, i.e., to automatically supply a valid address to the VPN client. To do this, just select the option "Get address automatically":

Addressing properties - DHCP

If the client uses DHCP, and the server assigns an internal IP address, the client will be connected to the enterprise network and will have access to the servers of that network, but it will no longer have access to the Internet via the interface used, because the IP address is not routable. In order to allow the client to be connected to the VPN while maintaining Internet access through the connection, the VPN server must be configured to share its Internet connection! Thus, the Advanced button allows you to arrange for the client to use the VPN server bridge if it shares its connection:

Addressing properties - DHCP

In order to set up the VPN link, it is necessary for the intermediate firewalls, in particular the built-in XP firewall, to be configured so as to allow the connection. It is necessary to deactivate the Windows XP built-in firewall as follows:
  1. In the control panel, click on Network connections,
  2. Right-click on the connection you use,
  3. Select the Advanced settings tab,
  4. Make sure the option Internet connection firewall is deactivated.

More information

For more information on virtual private networks, feel free to consult the page dedicated to the subject. If you have any questions, you can use the CCM forum.

Article by Jean-François PILLOU

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « Installing a VPN server on XP », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (