Want to setup a VPN

Hi Experts, a customer wants to be able to work remoteley from home to thier business and although I have a little knowledge about networking but this is a bit new to me and I need to know where to start.

I was thinking about using windows remote desktop to do this but I'm not sure where to start. I assume I would have to setup a VPN as well??

I am also concerned about the security of the system.

Regards Jason
LVL 1
MXDEWDAsked:
Who is Participating?
 
Rob WilliamsConnect With a Mentor Commented:
Remote Desktop is relatively secure on it's own, but using a VPN is much more secure and allows you to use the same local IP's as when on the LAN.

The VPN is quite straight forward to set up. The basic server and client configurations can be found at the following sites with good detail:
Server 2003 configuration if Server is present:
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
Windows XP can be the server if Server 2003 or 200 is not present:
http://www.onecomputerguy.com/networking/xp_vpn_server.htm
Windows XP client configuration:
http://www.lan-2-wan.com/vpns-XP-Client.htm
You will also have to configure the router to forward the VPN traffic to the server. This is done by enabling on your router VPN or PPTP pass-through, and also forwarding port 1723 traffic to the server's IP. For details as to how to configure the port forwarding, click on the link for your router (assuming it is present) on the following page:
http://www.portforward.com/english/applications/port_forwarding/PPTP/PPTPindex.htm
The only other thing to remember is the subnet you use at the remote office needs to be different than the server end. For example if you are using 192.168.1.x at the office , the remote should be something like 192.168.2.x

Once this is configured you can then use services similar to how you would on the local network. You will not be able to browse the network unless you have a WINS server installed. Also depending on your network configuration you may have problems connecting to devices by name, though this can usually be configured.. Using the IP address is less problematic such as \\192.168.1.111\SharenName.

Then to connect to remote desktop see the following instructions. However, because you have a VPN there is no need to configure the router for port forwarding of port 3389. Simply connect to the Office PC's LAN IP.
http://www.lan-2-wan.com/RD-XP.htm
0
 
MXDEWDAuthor Commented:
Will the Remote desktop work if both systems are on XP Home?
0
 
Rob WilliamsCommented:
No, afraid not. You can only connect to an XPpro or Server 2003/200 system with remote desktop. You can connect from any Windows or even MAC computer. If you add the client. The client to connect from is built in to XPpro and home.

However there are many other solutions, and they too are free. VNC is a very popular tool, but not as secure as Remote Desktop. Therefore it should be used with the VPN. Quite safe then. There are 3 or 4 different VNC versions.
Another one that can be used alone (without the VPN) and is very easy to set up is LogMeIn.
A brief description of each and links to the downloads and further information can be found at:
http://www.lan-2-wan.com/3rd.htm
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Cláudio RodriguesFounder and CEOCommented:
Keep in mind that VPNs are a double edge sword. More secure indeed BUT as the remote PC becomes a node of your corporate network, if you do not understand exactly what you are doing, the remote PCs have the potential of infecting corporate machines. Of course there are ways to check the PC 'health' before allowing it on the corporate network but as you can see things start to get very complicated for someone with basic skills or still learning (as you mentioned).
Remote Desktop in the other hand does not make the remote machine a node of the network and therefore in that respect it is a MUCH safer solution (not to mention faster in many cases, especially when trying to run apps hosted on the corporate network).
Rob is correct. XP Home is a no go. You need XP Pro or Server 2003. If you want to use a third party add-on you can check WinConnect XP Server. It turns any XP Home/Pro into a multi-user TS.

Claudio Rodrigues

Microsoft MVP
Windows Server - Terminal Services
0
 
MXDEWDAuthor Commented:
Hi there, thanks for the wealth of information already recieved.

I have just learned that the computer at the office is XP pro and the comp at home is XP Home! Does that help me?

Regards Jason
0
 
Rob WilliamsCommented:
Definitely, assuming you want to connect to the office. The outline in my first post will cover that scenario, either with the VPN or without.

tsmvp has a good point about VPN's. There primary purpose is to encrypt all traffic in a "virtual tunnel' between two sites. This allows more or less seamless file sharing and and access other shared services at a remote location but protected from the Internet. The one weakness is it is a wide open door to the home site. Though the VPN client has options to protect the tunnel from other users, such as Johny playing on-line video games, should the home computer be compromised, there is direct access to the corporate office. If this is a concern there are methods of quarantining access, but best bet would be to ignore the VPN and use direct Remote Desktop Access as per:
http://www.lan-2-wan.com/RD-XP.htm

From a performance point of view Remote Desktop (with or without the VPN) or possibly LogMeIn will give you the best results.


0
 
MXDEWDAuthor Commented:
Hi all, sorry it has taken a while to get back and accept answer. I have had a problem getting access to this computer and will resolve in a couple of weeks after the xmas break.

Regards Jason
0
 
Rob WilliamsCommented:
Let us know how you make out Jason.
Have a great holiday season !
--Rob
0
 
MXDEWDAuthor Commented:
Hi All... have just got back on deck and looking into this problem again.

Hope you had a good and safe xmas!

I have used Robs post and gon though the setup, and the RDC comes back with a no connection error...

This is what I have done so far.

*Setup an acount with dyn dns
*Configured the router (LINKSYS model: WAG200G), setup ddns service to the client - this tests OK, setup the port forwarding, I have used port 4500 - I changed this on the machine that is being connected to as well in the registry - changed from the default 3389.
* Ensured the service is running on the Host machine.

Any Ideas?

Regards Jason


0
 
Rob WilliamsCommented:
Did you set up the VPN?
As you set up port forwarding for 4500 (3389) I assume not
When you connect are you adding the port number such as my.domain.net:4500

Also I wonder if you will have problems with port 4500. It is defined for use with L2TP VPN's. You may not be able to use it for other services. Try 3500.

Have you verified on your LAN that this works with that port number? You would also have to use 192.168.123.123:4500 there, if it is properly configured.

The Windows firewall will also have to be reconfigured to allow your new port as it would default to 3389, and also you need to set it to allow connections from outside of your local network:
http://www.lan-2-wan.com/RD-FW.htm
This would apply to any other software firewall as well.
0
 
MXDEWDAuthor Commented:
Hi Rob, no VPN setup (thats the next thing I want to learn how to do).

Yes, I have tried my.domain.net:4500

I will try poret 3500

no I havent tried the on the LAN (Im off site using remote PCHelpware - the irony!)

Im using Zone Alarm IS on the host, I have turned it off during connection attempts. Windows Firewall has been disabled.

Let you kow how I go.

Regards Jason
0
 
Rob WilliamsCommented:
I would
-switch to 3500
-test from LAN
-from LAN go to http://www.canyouseeme.org and test that port 3500 is open
-then test from off site. Try using the current public IP first

Let us know how you make out.
0
 
MXDEWDAuthor Commented:
Hey Rob...

When using can youseeme on 3500 I get...

Error: I could not see your service on 222.154.16.195 on port (3500)
Reason: Connection refused

Regards Jason
0
 
MXDEWDAuthor Commented:
I get an extrenal ping back tho
0
 
Rob WilliamsCommented:
I assume you are connecting to CanYouSeeMe from the remote desktop host (not the client site).
I would say then your router's port forwarding is not configured correctly, or you have 2 "routers" a router and a modem that is a combined router and modem". If you have the latter it needs to be put in bridge mode or have port 3500 forwarded to the other router, and the other router forwarded to the PC.
0
 
MXDEWDAuthor Commented:
The rdc works fine on the LAN
0
 
Rob WilliamsCommented:
That would confirm it's a forwarding issue.
0
 
MXDEWDAuthor Commented:
Hi Rob, sorry I havent been back in to update. I havent been able to get to my customers site for a while, I hope to tomorrow or monday so I will let you know how I get on. I will be targeting the portfowarding setup in the router.

Regards Jason
0
 
Rob WilliamsCommented:
Thanks for the update Jason. Let us know how you make out.
--Rob
0
 
MXDEWDAuthor Commented:
Thanks for your Patience Rob, in the end all you said was good. The  last problem I was having is one of the fools on site had deleted the user profile I was trying to connect on! (The Manager!)

Regards Jason
0
 
Rob WilliamsCommented:
Thanks MXDEWD. Our jobs would be much easier without users wouldn't it <G>
-Cheers !
--Rob
0
 
MXDEWDAuthor Commented:
ha ha, tru that...  but then I probably wouldnt have a job... cheers to foolish antics of the users!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.