Solved

VPN through Win XP

Posted on 2004-10-27
196 Views
Last Modified: 2013-11-16
I am trying to connect 2 computers that are running Win XP using VPN.  I have set one as a server and the other as client.  But when i connect to the server, I can not browse the internet.  The computers connect just fine, but the client can not browse the internet.

what is wrong?
0
Question by:sschange
    7 Comments
     
    LVL 9

    Expert Comment

    by:TannerMan
    Do you have Internet Connection Sharing turned on for the machine wired to the web?
    0
     
    LVL 25

    Expert Comment

    by:mikeleebrla
    this is a VERY common problem and the solution is pretty simple... the problem is that by default the MS VPN client (assuming you are using a MS VPN) has "use default gateway on remote network" checked. What this means is that your VPN client is trying to get out to the internet on the remote network's gateway, not the gateway of the client.  To correct this do the following:

    go to the properties of the VPN connection (in network connections)
    go to the networking tab
    hightlight tcp/ip
    select properties
    press advanced
    uncheck "use default gateway on remote network"

    now the client will continue to use its own gateway (rather than the remote's) even when the VPN connection is active.
    0
     

    Author Comment

    by:sschange
    mikeleebrla,
    i have done what you have suggested but it still does not let me browse the net.


    TannerMan,
    How do you turn on the Internet Connection Sharing?
    0
     
    LVL 9

    Accepted Solution

    by:
    Well, I sort of misunderstood your question. I thouht your actual desire was to surf via the machine your VPN'ing INTO.
    After reading mikeleebrla's response I re-read your question and now am on board.

    First off, turn that default gateway option back on. It should NOT be off.
    The main reason I say this is..........

    machine A is on a private network and he creates a vpn connection to his buddy's pc at home using good ole pptp which is NOT secure. If that box is not checked, AND a hacker hijacks your vpn tunnel.......he comes into machine A and goes right to the private network. NOT GOOD.

    anyway......

    Since your actually wanting to surf out of the machine itself, try this for me. I don't THINK it will work, but it just might
    On the remote machine open up IE got to tools>internet options and click on the Connections tab.
    In the first field you'll see your VPN dial up connection. Highlight it and click the SETTINGS button just to the right.
    Click the check box for use a Proxy.
    In first field put the IP address of your machine's network card. Not the vpn IP, but the one connecting to your internet source.
    If your on a corporate network with a proxy server then put that proxy server's IP in the field.
    Put port 80 if this is your home internet connection in the next field.
    If on corporate network, use port for your proxy (usually 8080).
    Place a check in the box for bypass proxy for local addresses.
    close IE and connect to your vpn session and try the web.

    IF, you still want to turn on ICS on the host VPN, you can do so under the network interface card's settings.
    0
     
    LVL 25

    Expert Comment

    by:mikeleebrla
    all that box does is select which default gateway to use,, either the local machine's or the remote machine's,,, if a hacker is smart enough to hack in he/she will surely be smart enough to look at the ip config of the box and figure out what the remote computer's ip scheme is so no security is gained or lost here.
    0
     
    LVL 9

    Expert Comment

    by:TannerMan
    Sorry mikeleebrla, but you need to read the article that this snipet came from.....

    "This is a very significant setting, because it can make the difference between having a secure VPN client connection or allowing your VPN clients to become hacker gateways."

    Here you go
    http://www.windowsecurity.com/articles/Configuring_ISA_Server_For_Inbound_VPN_Calls.html

    This is not a question of being smart enough....why allow them in to begin with? There is a very dangerous difference in the two.
    0
     

    Author Comment

    by:sschange
    sorry about the delay,  i was busy doing other things.  Just to make things more clear, I am not realy worried about the security at all.  All i want is to be able to browse the internet throgh the server using The VPN connection.  The onlt thing that the server is connected to is the internet, and there are not LAN connected to it.  For example : i want my friend (Client computer) to connect to my computer (VPN server) and then brose the internet throgh me (my internet connection and the new ip i assign to it if needed).

    I have not had a chnage to try what you guys have suggested yet, but i will and let you know the result.  In case some thing else comes to your mind please let me know.

    thanks,
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    What is IRC? IRC (Internet Relay Chat) is a form of communication between multiple users. It is available freely to anyone with inernet access. IRC is a great way to communicate with others e.g. There is an IRC channel for Ubuntu Linux, which is fo…
    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now