A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.comp.home-networking (UK home networking)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.comp.home-networking (UK home networking) (uk.comp.home-networking) Discussion of all aspects of computer networking in the home, regardless of the platforms, software, topologies and protocols used. Examples of topics include recommendations for hardware or suppliers (e.g. NICs and cabling), protocols, servers, and specific network software. Advertising is not allowed.

Setting up a VPN server network



 
 
Thread Tools Display Modes
  #1  
Old March 24th 06, 10:14 PM posted to uk.comp.home-networking
Martin Underwood
external usenet poster
 
Posts: 29
Default Setting up a VPN server network

I've been asked to advise on how to set up a VPN (virtual private network)
to allow someone to access his computer at work over the internet from his
laptop at home or elsewhere away from his office network. What he'd like to
do is access shared drives on the desktop PC at work, though if this is not
possible, remote desktop *might* be an acceptible substitute.

What is involved in doing this? I presume he needs a router which supports
VPN server endpoints and suitable software on the desktop PC at work and on
the laptop. The work PC is running XP Pro and the laptop is running either
XP Home or Pro (I forget which).

Does the ISP need to do anything to enable VPNs, or is it simply a router
and software issue? Does the Linksys WAG54G support VPN server (as opposed
to VPN client, as the remote laptop end of the VPN)?


  #2  
Old March 25th 06, 11:38 AM posted to uk.comp.home-networking
David Rance
external usenet poster
 
Posts: 42
Default Setting up a VPN server network

On Fri, 24 Mar 2006 Martin Underwood wrote:

I've been asked to advise on how to set up a VPN (virtual private network)
to allow someone to access his computer at work over the internet from his
laptop at home or elsewhere away from his office network. What he'd like to
do is access shared drives on the desktop PC at work, though if this is not
possible, remote desktop *might* be an acceptible substitute.


I wanted to set up a VPN to my network at home from France but it seemed
rather too complicated. Microsoft's VPN allows you to access the drives
only on the computer to which you are connecting.

Someone suggested I try Remote Desktop. It was simple to set up and
works a dream. I can even access drives on all the computers in the
network from remote. Just make sure you poke a hole through the firewall
at port 3389.

David

--
David Rance http://www.mesnil.demon.co.uk
Fido Address: 2:252/110 writing from Caversham, Reading, UK

  #3  
Old March 27th 06, 09:39 AM posted to uk.comp.home-networking
Jon
external usenet poster
 
Posts: 666
Default Setting up a VPN server network

declared for all the world to hear...
I've been asked to advise on how to set up a VPN (virtual private network)
to allow someone to access his computer at work over the internet from his
laptop at home or elsewhere away from his office network. What he'd like to
do is access shared drives on the desktop PC at work, though if this is not
possible, remote desktop *might* be an acceptible substitute.

What is involved in doing this? I presume he needs a router which supports
VPN server endpoints and suitable software on the desktop PC at work and on
the laptop. The work PC is running XP Pro and the laptop is running either
XP Home or Pro (I forget which).

Does the ISP need to do anything to enable VPNs, or is it simply a router
and software issue? Does the Linksys WAG54G support VPN server (as opposed
to VPN client, as the remote laptop end of the VPN)?


XP Pro can terminate an incoming VPN connection, if there's only one PC
in the office then there's no actual need for a router, although it
would make things easier.

XP Pro also has a built-in VPN "dialler" to make outgoing connections,
so again there's no need for a router with VPN endpoint support, just
VPN passthrough which most do.

He will also need access to and control over the network hardware in the
office, this will probably be the sticking point.
--
Regards
Jon
  #4  
Old March 27th 06, 09:47 AM posted to uk.comp.home-networking
Martin Underwood
external usenet poster
 
Posts: 29
Default Setting up a VPN server network

Jon wrote in
:

declared for all the world to hear...

XP Pro can terminate an incoming VPN connection, if there's only one
PC in the office then there's no actual need for a router, although it
would make things easier.

XP Pro also has a built-in VPN "dialler" to make outgoing connections,
so again there's no need for a router with VPN endpoint support, just
VPN passthrough which most do.

He will also need access to and control over the network hardware in
the office, this will probably be the sticking point.


He currently has two PCs: a desktop that stays in the office and a laptop
that he sometimes uses inthe office and sometimes uses on the road (he's
thinking of getting a Vodafone card) or at home. So he needs a router in
order for both PCs to access the internet and also to act as a hub for a
network-connected printer.

He only needs to access the shared files on that desktop PC.

Given that he needs a router rather than just a simple ADSL modem, what
feature should I be looking for in the router's spec? Is it called "VPN
server"?

Is the configuration of XP Pro's VPN documented anywhere - is there a good
introductory guide anywhere on the web?

Would a PC that was being accessed by VPN need to be given a static IP as if
it was a server, or can it be given one by DHCP from the router? Will I be
setting up a static route in the router so traffic on a specific port is
routed to a specific IP?

I've warned him that any time he wants to use the PC from outside the
office, it will need to be switched on.


  #5  
Old March 27th 06, 01:52 PM posted to uk.comp.home-networking
Jon
external usenet poster
 
Posts: 666
Default Setting up a VPN server network

declared for all the world to hear...
Given that he needs a router rather than just a simple ADSL modem, what
feature should I be looking for in the router's spec? Is it called "VPN
server"?


Yes. I use a Draytek Vigor 2600VG which can act as a VPN server and can
also initiate outgoing (lan-lan) connections. It's very configurable and
rock solid. Costs a bit more than a bog standard router but well worth
it. It also has a built-in USB port and print server but I've not yet
tried to make this work so I don't know how good it is.

Is the configuration of XP Pro's VPN documented anywhere - is there a good
introductory guide anywhere on the web?


http://www.microsoft.com/windowsxp/u...pert/vpns.mspx

Would a PC that was being accessed by VPN need to be given a static IP as if
it was a server, or can it be given one by DHCP from the router?


You could do either, as long as the router is capable of "fixing", I.e.
assigning the same IP to each PC whenever it connects (most routers can
do this or do this automatically). That would be the tidiest solution I
think. No harm in switching off DHCP on the router and assigning a
static IP though.

Will I be
setting up a static route in the router so traffic on a specific port is
routed to a specific IP?


If you use the router as your incoming VPN server then there's nothing
else to configure AFAIK. If you were to use the actual PC to terminate
the incoming VPN connection then you would need to forward ports to that
PC (not sure which ports though, the service would be called PTPP which
I think stands for point to point protocol).

If using XPSP2 the windows firewall will automatically be configured to
allow the incoming connections, but if you have anything else in the way
(other firewall, router) then you'll need to tweak those to allow the
traffic through.
--
Regards
Jon
  #6  
Old March 27th 06, 03:31 PM posted to uk.comp.home-networking
Martin Underwood
external usenet poster
 
Posts: 218
Default Setting up a VPN server network

Jon wrote in message
:

declared for all the world to hear...
Given that he needs a router rather than just a simple ADSL modem,
what feature should I be looking for in the router's spec? Is it
called "VPN server"?


Yes. I use a Draytek Vigor 2600VG which can act as a VPN server and
can also initiate outgoing (lan-lan) connections. It's very
configurable and rock solid. Costs a bit more than a bog standard
router but well worth it. It also has a built-in USB port and print
server but I've not yet tried to make this work so I don't know how
good it is.

Is the configuration of XP Pro's VPN documented anywhere - is there
a good introductory guide anywhere on the web?


http://www.microsoft.com/windowsxp/u...pert/vpns.mspx

Would a PC that was being accessed by VPN need to be given a static
IP as if it was a server, or can it be given one by DHCP from the
router?


You could do either, as long as the router is capable of "fixing",
I.e. assigning the same IP to each PC whenever it connects (most
routers can do this or do this automatically). That would be the
tidiest solution I think. No harm in switching off DHCP on the router
and assigning a static IP though.

Will I be
setting up a static route in the router so traffic on a specific
port is routed to a specific IP?


If you use the router as your incoming VPN server then there's nothing
else to configure AFAIK. If you were to use the actual PC to terminate
the incoming VPN connection then you would need to forward ports to
that PC (not sure which ports though, the service would be called
PTPP which I think stands for point to point protocol).

If using XPSP2 the windows firewall will automatically be configured
to allow the incoming connections, but if you have anything else in
the way (other firewall, router) then you'll need to tweak those to
allow the traffic through.


This looks easier than I thought. I think I'd probably define the router,
rather than the PC at work, as the VPN endpoint.

Let me check that I've understood the process correctly:

1. I need a router that is capable of VPN server such as the Draytek Vigor
2600VG (obselete model) or 2800VG (current model).

2. Am I right in thinking that the ISP needs to assign a static IP to the
router's public WAN connection, rather than the more normal dynamic IP? Do
most ISPs offer this option - the customer's is Wanadoo.

3. At the router, I presumably set up a username and password for the VPN
endpoint.

4. At the client PC (eg the laptop out in the field), I define the VPN
client connection as described in
http://www.microsoft.com/windowsxp/u...pert/vpns.mspx, giving
the router's public IP (Step 2) and the VPN username/password (Step 3).

5. Once connected, does the PC effectively become part of the LAN at work,
including being assigned a suitable IP on the work LAN, with access to
shared resources on the LAN (PCs, printers) exactly the same as if it was in
the office and connected by Ethernet or wireless?

6. Would there be a problem if the client PC is on a LAN (eg at home) which
has IPs in the same subnet range as the private LAN at work? For example, if
the home LAN uses IPs in the 192.168.0.x range, with its router as
192.168.0.1, and the work LAN also uses 192.168.0.x as its private LAN range
(obviously the WAN IP will be whatever the ISP allocates - it's the private
LAN address I'm talking about).

I think both work and laptop PCs use just the Microsoft SP2 firewall, but
for any other software firewall such as Norton or for the fireall in a
router at home, is it the PPTP port that needs to be opened up to
bi-directional traffic?


  #7  
Old March 29th 06, 12:10 AM posted to uk.comp.home-networking
StewartB
external usenet poster
 
Posts: 1
Default Setting up a VPN server network


1. I need a router that is capable of VPN server such as the Draytek Vigor
2600VG (obselete model) or 2800VG (current model).


http://www.3com.com/prod/en_UK_EMEA/...&sku=3CR860-95
I use a 3com one but with a cable modem, this model would need a
seperate ADSL modem for wanado but they might make a combined one.


2. Am I right in thinking that the ISP needs to assign a static IP to the
router's public WAN connection, rather than the more normal dynamic IP? Do
most ISPs offer this option - the customer's is Wanadoo.

Not always. Some rounters support dynamic DNS services (my 3com one
does) . With these you sign up for a free account and enter the details
into the router and it automatically assigns your current ip address to
a hostname such as myhomerouter.dyndns.org and this would be the
address you would use for the VPN connection. have a look ay
ww.dyndns.org for details although there are others.

3. At the router, I presumably set up a username and password for the VPN
endpoint.

You can normally set up more than one account as well....

5. Once connected, does the PC effectively become part of the LAN at work,
including being assigned a suitable IP on the work LAN, with access to
shared resources on the LAN (PCs, printers) exactly the same as if it was in
the office and connected by Ethernet or wireless?

Yes

  #8  
Old March 29th 06, 07:32 AM posted to uk.comp.home-networking
Jon
external usenet poster
 
Posts: 666
Default Setting up a VPN server network

[email protected] declared for all the world to hear...
1. I need a router that is capable of VPN server such as the Draytek Vigor
2600VG (obselete model) or 2800VG (current model).


Yes.

2. Am I right in thinking that the ISP needs to assign a static IP to the
router's public WAN connection, rather than the more normal dynamic IP? Do
most ISPs offer this option - the customer's is Wanadoo.


Static IP is very helpful although not absolutely essential (google for
"dynamic DNS" if you can't get static IP. WIth a router solution you're
likely to leave that on 24/7 anyway. I don't know if wanadoo give static
IPs.

3. At the router, I presumably set up a username and password for the VPN
endpoint.


Yes. The draytek has many profiles possible so you can configure more
than one. You can also choose weather the router uses DHCP to dish out
IPs to incoming VPNs or you can use manual assignment. You can also
specify the IP range for incoming VPN clients.

4. At the client PC (eg the laptop out in the field), I define the VPN
client connection as described in
http://www.microsoft.com/windowsxp/u...pert/vpns.mspx, giving
the router's public IP (Step 2) and the VPN username/password (Step 3).


Yep.

5. Once connected, does the PC effectively become part of the LAN at work,
including being assigned a suitable IP on the work LAN, with access to
shared resources on the LAN (PCs, printers) exactly the same as if it was in
the office and connected by Ethernet or wireless?


Yep. That's been my experience so far anyway.

6. Would there be a problem if the client PC is on a LAN (eg at home) which
has IPs in the same subnet range as the private LAN at work? For example, if
the home LAN uses IPs in the 192.168.0.x range, with its router as
192.168.0.1, and the work LAN also uses 192.168.0.x as its private LAN range
(obviously the WAN IP will be whatever the ISP allocates - it's the private
LAN address I'm talking about).


No, the router will take care of that in any case.

I think both work and laptop PCs use just the Microsoft SP2 firewall, but
for any other software firewall such as Norton or for the fireall in a
router at home, is it the PPTP port that needs to be opened up to
bi-directional traffic?


Only incoming. replied-to traffic is usually allowed through.
--
Regards
Jon
  #9  
Old March 29th 06, 08:57 PM posted to uk.comp.home-networking
Clint Sharp
external usenet poster
 
Posts: 550
Default Setting up a VPN server network

In message , Jon
writes
declared for all the world to hear...
Given that he needs a router rather than just a simple ADSL modem, what
feature should I be looking for in the router's spec? Is it called "VPN
server"?


Yes. I use a Draytek Vigor 2600VG which can act as a VPN server and can
also initiate outgoing (lan-lan) connections.

Not really true, you just need a router that can pass VPN packets (not
all can) and is capable of forwarding a port to the PC/Server that's
acting as the VPN server.

Your major problem is going to be security if the user is going to be
connecting from variable IP addresses. You're effectively going to have
to expose the VPN server to the internet as you can't predict what
address is going to legitimately access it so make sure the passwords
and user name combo is strong if you don't use a certificate based VPN.
--
Clint Sharp
  #10  
Old March 29th 06, 10:43 PM posted to uk.comp.home-networking
Martin Underwood
external usenet poster
 
Posts: 218
Default Setting up a VPN server network

Clint Sharp wrote in message
:

In message , Jon
writes
declared for all the world to hear...
Given that he needs a router rather than just a simple ADSL modem,
what feature should I be looking for in the router's spec? Is it
called "VPN server"?


Yes. I use a Draytek Vigor 2600VG which can act as a VPN server and
can also initiate outgoing (lan-lan) connections.


Not really true, you just need a router that can pass VPN packets (not
all can) and is capable of forwarding a port to the PC/Server that's
acting as the VPN server.

Your major problem is going to be security if the user is going to be
connecting from variable IP addresses. You're effectively going to
have to expose the VPN server to the internet as you can't predict
what address is going to legitimately access it so make sure the
passwords and user name combo is strong if you don't use a
certificate based VPN.


I presume what you're saying here applies to the case where a PC on the
company LAN acts as the endpoint of the VPN, rather than using the router as
the VPN endpoint. I realise that the latter case requires a router that
supports VPN Server, such as the Draytek.

And, yes, given the power of a VPN, I'd make the VPN username/password very
strong - in the same way that I make WPA wireless encryption keys strong.


 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up VPN server Chris Watts uk.comp.home-networking (UK home networking) 9 December 16th 05 09:10 PM
Setting up an XP server. Keyboard and mouse removal Lee_D uk.comp.home-networking (UK home networking) 11 June 29th 05 08:22 PM
Setting up a network JJJJ uk.comp.home-networking (UK home networking) 3 May 10th 05 05:01 PM
Setting up a server to share files over the net Anthony James uk.comp.home-networking (UK home networking) 12 February 21st 04 01:25 PM
Help: Setting up FTP Server for dynamic IP address craig powers uk.comp.home-networking (UK home networking) 2 January 19th 04 07:28 PM


All times are GMT +1. The time now is 02:03 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.