VPN through Win XP

I am trying to connect 2 computers that are running Win XP using VPN.  I have set one as a server and the other as client.  But when i connect to the server, I can not browse the internet.  The computers connect just fine, but the client can not browse the internet.

what is wrong?
sschangeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TannerManCommented:
Do you have Internet Connection Sharing turned on for the machine wired to the web?
0
mikeleebrlaCommented:
this is a VERY common problem and the solution is pretty simple... the problem is that by default the MS VPN client (assuming you are using a MS VPN) has "use default gateway on remote network" checked. What this means is that your VPN client is trying to get out to the internet on the remote network's gateway, not the gateway of the client.  To correct this do the following:

go to the properties of the VPN connection (in network connections)
go to the networking tab
hightlight tcp/ip
select properties
press advanced
uncheck "use default gateway on remote network"

now the client will continue to use its own gateway (rather than the remote's) even when the VPN connection is active.
0
sschangeAuthor Commented:
mikeleebrla,
i have done what you have suggested but it still does not let me browse the net.


TannerMan,
How do you turn on the Internet Connection Sharing?
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

TannerManCommented:
Well, I sort of misunderstood your question. I thouht your actual desire was to surf via the machine your VPN'ing INTO.
After reading mikeleebrla's response I re-read your question and now am on board.

First off, turn that default gateway option back on. It should NOT be off.
The main reason I say this is..........

machine A is on a private network and he creates a vpn connection to his buddy's pc at home using good ole pptp which is NOT secure. If that box is not checked, AND a hacker hijacks your vpn tunnel.......he comes into machine A and goes right to the private network. NOT GOOD.

anyway......

Since your actually wanting to surf out of the machine itself, try this for me. I don't THINK it will work, but it just might
On the remote machine open up IE got to tools>internet options and click on the Connections tab.
In the first field you'll see your VPN dial up connection. Highlight it and click the SETTINGS button just to the right.
Click the check box for use a Proxy.
In first field put the IP address of your machine's network card. Not the vpn IP, but the one connecting to your internet source.
If your on a corporate network with a proxy server then put that proxy server's IP in the field.
Put port 80 if this is your home internet connection in the next field.
If on corporate network, use port for your proxy (usually 8080).
Place a check in the box for bypass proxy for local addresses.
close IE and connect to your vpn session and try the web.

IF, you still want to turn on ICS on the host VPN, you can do so under the network interface card's settings.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mikeleebrlaCommented:
all that box does is select which default gateway to use,, either the local machine's or the remote machine's,,, if a hacker is smart enough to hack in he/she will surely be smart enough to look at the ip config of the box and figure out what the remote computer's ip scheme is so no security is gained or lost here.
0
TannerManCommented:
Sorry mikeleebrla, but you need to read the article that this snipet came from.....

"This is a very significant setting, because it can make the difference between having a secure VPN client connection or allowing your VPN clients to become hacker gateways."

Here you go
http://www.windowsecurity.com/articles/Configuring_ISA_Server_For_Inbound_VPN_Calls.html

This is not a question of being smart enough....why allow them in to begin with? There is a very dangerous difference in the two.
0
sschangeAuthor Commented:
sorry about the delay,  i was busy doing other things.  Just to make things more clear, I am not realy worried about the security at all.  All i want is to be able to browse the internet throgh the server using The VPN connection.  The onlt thing that the server is connected to is the internet, and there are not LAN connected to it.  For example : i want my friend (Client computer) to connect to my computer (VPN server) and then brose the internet throgh me (my internet connection and the new ip i assign to it if needed).

I have not had a chnage to try what you guys have suggested yet, but i will and let you know the result.  In case some thing else comes to your mind please let me know.

thanks,
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.