Solved

Remote Access Solution Needed

Posted on 2006-06-15
49
306 Views
Last Modified: 2012-05-05
I have a customer with the following setup:
An office with a PC running XP Pro and a laptop also running XP Pro. They communicate with each other peer-to-peer via a Dlink wireless router. They are also connected to two printers.

What they have requested:
Employee A and employee B each have desktop computers at home and want to be able to access the main PC at the office from their home computers (the office laptop would remain turned off at the end of the day). But they also want the option of doing the reverse: accessing their home computers remotely from either the office PC or the office laptop.

And to complicate things even further, the setup must be able to support concurrent connections just in case both employees need to login at the same time. And furthermore, if employee A is working on the office PC, employee B must be able to remotely access it to retrieve files without disturbing employee A's work. They don't need full desktop control, just the ability to access, send & receive files. Both employees have DSL connections at home as well as at the office.

Is all of this possible without a full-fledged server? I know that XP Pro has built-in VPN capabilities and can act as both client and server, but it only supports a single connection. Dlink offers the DI-824VUP, which is a wireless VPN router that supports multiple tunnels. Would this make it workable? Or is the only solution to set up another PC as a file server?

Thanks in advance for your suggestions.

RC
0
Comment
Question by:rball
  • 18
  • 17
  • 14
49 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16909665
if you have the option to take a hardware route as suggested then deff take it, much much easier for you and will provide everything you are needing

one tip though, before setting it up, make sure each location uses a different address range
0
 

Author Comment

by:rball
ID: 16911631
Good point about the address range. Thanks Jay Jay70.

RC
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16916486
no problems, have you decided on a VPN option as yet>?
0
 

Author Comment

by:rball
ID: 16916633
Not yet. Waiting for some more input on my questions first.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16916684
as they tend to get pushed down the list and forgotten, it may be worth putting a pointer question in the VPN or Networking TA worth 20 points pointing to this one, that way you get some fresh ideas,

i will also ask my VPN guru Friend for his advice
0
 

Author Comment

by:rball
ID: 16916722
Where's the VPN list? I thought I remembered seeing it a few months ago, but I wasn't able to find it this time.

How do I make a 'poiinter' to my question? Is that considered double-posting? Thanks for your help as I really need some insight on this one.

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16916734
http://www.experts-exchange.com/Networking/Broadband/VPN/

just post a 20 point pointer including this link, i have asked rob to comment on this as well so give it a little while

its not double posting when its just a pointer
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 16916773
Hi rball, they kind of want it all don't they.  :-)
You are right you can quite easily have any single user making any of the described connections just using the built in Windows VPN server and client configurations. Would be happy to provide details on how to configure if you need them. However, you are limited by a few factors when you want to set up the multiple tunnels.
-as you mentioned the XP machine will only support 1 connection
-many routers will only support a single VPN pass-through connection
-you cannot have 2 out going connections from same site to same site using a VPN client, but in this case if there are 3 sites it is OK and should work fine

I agree with Jay_Jay70, your best solution, where you want to connect in both directions, would be to buy 3 VPN routers. Most companies have them, starting at about $100. One of the easiest to set up and doesn't require any additional licensing is the Linksys RV042. It has many other useful features, allows for a software client, and you can even get 3rd party firmware.
http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1123638171618&pagename=Linksys%2FCommon%2FVisitorWrapper

Using a hardware solution allows:
-better security in that it uses IPSec rather than PPTP
-better security in that no ports need to be opened/forwarded
-access to all resources on the remote network. VPN client have built in rules to block some network devices, making printing a problem sometimes
-better performance as you have hardware dedicated to encrypting, encrypting, and routing
-bi-directional connections
-controlled filtering if you wish
-in this case much easier to configure
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16916801
told ya he was good :)

Thankyou Rob
0
 

Author Comment

by:rball
ID: 16916807
Your post has some good information. So just to clarify the hardware details, you say this should give them what they want if I set up 3 VPN routers for them. I presume you mean a router at each end of the connection: 1 at the office, 1 at employee A's home and 1 at employee B's home. Is that correct?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16916815
i VPN router per location with a permanent link between sites is where i would be heading
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16916817
1* not "i" ..........still early in the morning
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16916886
>>"I presume you mean a router at each end of the connection"
Yes, as JayJay70 said.
Hardware works better and in this situation much better.
At these sites what do they have for modems? Just to head of some basic problems, all of which can be dealt with, it is easier if they have basic modems, not combined modem/router units. If they are combined confirm you can access and switch them to bridge mode and that they are VPN compatible (just pass-through). Almost all are,

Having said all of this, I haven't run into any situations where the user really needs to access home. Sometimes it is a case of changing the way services are set up or how files are stored or synchronized but most often if they can connect to the office you can do most anything.

Another option would be to set up a VPN router at the office, let them connect with a VPN client, and for connecting to home on occasion, use the free LogMeIn service which doesn't even require port forwarding.
http://www.logmein.com
0
 

Author Comment

by:rball
ID: 16916909
Everyone has DSL connections at all 3 locations and hardware is as follows:

Office:
Incoming DSL Line >>>>DSL Modem >>>>Dlink Wireless Router >>>>Office PC (wired) >>>> Office Laptop (wireless)

Employee A:
Incoming DSL Line >>>>DSL Modem >>>>Dlink Wireless Router >>>>Home PC (wired) >>>> Home Laptop (wireless)


Employee B:
Incoming DSL Line >>>>DSL Modem >>>>Dlink Wireless Router >>>>Home PC (wired) >>>> Home Laptop (wireless)

If I substitute the regular Dlink wireless routers at all 3 locations for the Dlink DI-824VUP wireless VPN router, that should take care of any VPN and passthrough issues. What do you all thinK?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16916927
I haven't used the D-Link VPN units but i like all D-link gear i have used. I have looked at the VPN configuration on them and it looks straight forward, much more so than units such as the Netgear. Configuration sounds good to me. As mentioned before are the DSL modems just basic modems? If so sounds good to go.
Only other thought, a very few ISP's intentionally block VPN's. You might want to double check with them, before buying a bunch of equipment.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16916946
i have a mate who works entirely from home using only a base model Dlink VPN box that he swears by -  next router i get will be a Dlink VPN job as i have only heard good things
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16916988
Keep in mind that router is limited to 40 tunnels  :-)

I was looking at the site and I cannot see if they offer a remote VPN software client. You don't need one for your configuration but you know once they can connect to the office, they are going to want a client so they can connect from the road. I would looking to that.
Linksys has by far the easiest software client there is for the RV042, but it is also the one that everyone has the most problems with. Netgear's works well , but it is much more difficult to set up. You can use the Windows client and create an L2TP VPN with IPSec, but it is not a fun task. see what D-Link has to offer.
0
 

Author Comment

by:rball
ID: 16916996
Yes, the modems are just straight forward, single-purpose units. Good point about the ISP. I'll check with them. Unfortunately, there are 3 different ISP's. The office gets DSL from the major Telco, employee A gets DSL via another ISP that uses the Telco's backbone and resells the DSL, and I just remembered that employee B is on cable, not DSL. That one might turn out to be a problem.

Yeah, I really like the Dlink stuff. I've heard criticism in the past about their stuff not being of high quality, but I have found that to be nonsense. I've always found it to be rock solid and almost always connects right out of the box. Configuration is always straight forward too. And their wireless repeaters will work with other brands of access points and routers.
0
 

Author Comment

by:rball
ID: 16917008
Here is a dumb question since I am not familiar with VPN. If employee A is working on the office computer, can employee B VPN into the same computer while the other person is using it? Or will their work be interrupted?
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 250 total points
ID: 16917023
VPN just creates a tunnel making it so you are 'virtually" in one network, if one person is using the machine, another cannot take over it....same as if you were sitting next to each other.....you could still unc to it and grab the files
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16917063
Nice thing about site-to-site is they have access to the entire network, so if there is a TCP/IP printer or a share on another computer they have access to that as well.
0
 

Author Comment

by:rball
ID: 16917085
Cool. Thanks.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16917094
Very welcome.
Have fun !
--Rob
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16917102
enjoy :)
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 77

Expert Comment

by:Rob Williams
ID: 16917109
One more thing. When you create a site-to-site VPN you are effectively joining 2 networks. Keep in mind 13 year old Johny at home playing games and honing his hacking skills is now effectively sitting in the middle of your office. If this is a possibility, when setting up your VPN you can specify a single IP or a range of IP's is allowed to connect to the main office rather than an entire site. It's not too hard to deal with just remember it is a different security hole that most are accustomed to.
0
 

Author Comment

by:rball
ID: 16917130
Good point. And as Jay_Jay70 said in the beginning of this discussion, I should make sure each network is using a different address range.

I am actually using a Dlink DI-824VUP VPN router here at home, but I have never enabled the VPN. Always meant to give it a try, but never got around to it. Maybe what I'll do is pick up another one tomorrow and connect it to my work PC at my office. That way I could set up sort of a test bed and see how all of this works before trying to implement it on my customer's premises. That way I could better assure them that this solution will work before having them invest the money in the hardware.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16917143
Good idea, and that way you can offer secure remote support too.
Different subnets is a must, yes. If there is a chance of software/remote clients, change the office to be something non-standard so that they don't run into conflicts with local networks when traveling.
0
 

Author Comment

by:rball
ID: 16917145
It's 8:00 pm here in Canada and I still have a computer to assemble tonight. But if I have time, I'll start to set up the VPN here on my home PC and if I have any questions, I'll post here, if that is o.k. All suggestions gladly received.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16917160
oh Dear...two canadians and an Aussie on the same post.......the troubles that could arise.... :P
0
 

Author Comment

by:rball
ID: 16917161
So what kind of configuration would you suggest for each of the locations (subnets, etc. for office, home A and home B).
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16917163
In the prairies ?  I'm in Nova Scotia.
You shouldn't have a problem with VPN with Canadian ISP's. Anything goes in Canada <G> No, I find the ones blocking VPN's are in countries that don't have as developed infrastructures as we do, and try to restrict bandwidth, or for the same reason in very high density areas.
I won't be around long tonight but can check back tomorrow, but Jay_Jay70/James is just finishing breakfast....not quite, but imagine he is on lunch break .  <G> He'll be here.
0
 

Author Comment

by:rball
ID: 16917166
I used to have two Australian business partners. That made it two Australians and a Canadian. I was always outnumbered back then, so this isn't so bad :P
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16917169
finishing breakfast! i had noodles at 8am this morning! not a great breakfast, 3 cups of coffee and im bouncing....
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16917178
Whoops got out of sequence here.
As for subnets anything but 192.168.0.0, 192.168.1.0, 192.168.2.0, 192.168.100.0, 192.168.111.0, 10.0.0.0  Many SOHO routers only allow 192.168.x.0 so I tend to choose something like the last 2 digits of their street address as the 3rd octet. That way I remember what it is and it is not common. So 123 Main street would be 192.168.23.0

You can useany of these subnets:
192.168.0.0 - 192.168.255.0
10.0.0.0 - 10.255.255.0
172.16.0.0 - 172.31.255.0
0
 

Author Comment

by:rball
ID: 16917189
I'm in British Columbia, in the mountains rather than the prairies.

Noodles @ 8 am? Sounds like a bachelor's breakfast.

I'm inclined to split the points with you guys since you've been so helpful in getting me pointed in the right direction.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16917196
over worked & under paid Bachelors breaky :) here they call it charactor building   hmmph!
0
 

Author Comment

by:rball
ID: 16917202
Thanks Rob
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16917203
3 hours in BC thought that was 4.
11:25 pm AST here
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16917212
Very welcome rball.
Don't tell James you are in the mountains, he'll be wanting to stay with you to go snow boarding.

I'm ou'ta here. Cheers all.
--Rob
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16917219
hey hey! Snowboard Accomodation..... i was supposed to be there at the end of this year but cancelled, but now there is other options.......hmmm :-) Don't try and get rid of me Rob, you know i am staying with you for 6 months!

Thanks mate and good luck
0
 

Author Comment

by:rball
ID: 16917224
I'm in Eastern B.C. about 30km inside a new time zone. Everyone else in B.C. is 4 hours different from NS, me 3 hrs.
0
 

Author Comment

by:rball
ID: 16917234
Lots of good snowboarding here in Golden, B.C., home of the new Kicking Horse Mountain Resort. Champagne powder they say. But I haven't been on skiis for a long time now. It would probably kill me to do even a couple of runs now.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16917385
very nice, i am heading to new zealand in two weeks for some action, should be good, if you get hald tanked 21 year old at your doorstep in the next couple of months, be nice to me!
0
 

Author Comment

by:rball
ID: 16917407
No problem!
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16917424
excellent! there we go Rob, 3 months at each place :-P
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16917433
What happened to the 3 months in Winnipeg  as well ?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16917437
yeah that ones out the window! No snow and there isnt really any point to that place!! careful or ill make it 6 again
0
 

Author Comment

by:rball
ID: 16925502
Hey Guys - I did manage to get a second Dlink DI-824VUP VPN router, but I didn't find time to set it up at my office. I have a wireless network to set up tomorrow (RV park with lots of trees and motor homes scattered all over 5 acres - will likely be a nightmare to get decent coverage) so probably won't get a chance to get back to the VPN test before Sunday. I'll keep you posted.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16926428
No rush , but when you do get to it, let us know how it goes.
Good luck in the "park".
--Rob
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now