21.3 Virtual Private Networking


If you're a frequent traveler who regularly connects to a distant home or office by dialing direct, you must be the toast of your long-distance phone company.

Fortunately, there's a more economical solution. Virtual private networking (VPN) is a fancy way of saying, "Your remote computer can become part of your host network, using the Internet as a connection instead of a long distance phone connection." Yes, this does sound exactly like the direct-dialing feature described above ”except this time, you don't pay any long-distance bills, your host PC doesn't necessarily have to have its own phone line, and (if the computers on both ends have fast connections) you're not limited to the sluglike speeds of dial-up modems.

WORKAROUND WORKSHOP
Getting a Fixed IP Address

Several of the remote-connection methods described in this chapter require that your home-base PC have a fixed IP address. An IP address is a unique number that identifies a particular computer on the Internet. (It's made up of four numbers separated by periods.) A fixed IP address is one that's been permanently assigned to your computer.

Furthermore, these remote-connection technologies require that you have a registered IP address (one that, behind the scenes, has been filed with a group called the Internet Assigned Numbers Authority).

A few PCs with high-speed Internet connections (cable modem, DSL) have this kind of permanent, unchanging address. But in most cases, your ISP assigns your computer a new address each time you connect, thus giving you a dynamic IP address. That's always what you have, for example, when you connect using a dial-up modem.

Even if your cable modem or DSL connection has a fixed IP address (because you're connected continuously), you don't necessarily have a registered IP address. (Want to find out? Connect to the Internet, and then choose Start All Programs Accessories Command Prompt. In the Command Prompt window, you'll see all kinds of network configuration information about your computer, including its IP address [or addresses, if you're connected to a network]. Your IP address is not registered if it falls within any of these ranges: 10.0.0.0 through 10.255.255.255, 172.16.0.0 through 172.31.255.255, or 192.168.0.0. through 192.168.255.255. Or just ask your Internet service provider or network administrator.)

If it turns out that you don't have a fixed, registered IP address, you might assume that you can't use the remote-connection technologies described in this chapter. After all, your Internet address changes every time you connect, making it impossible to provide a single, permanent address. Fortunately, there are workarounds.

One solution is to contact your ISP and ask if it offers a fixed, registered IP address service. Some ISPs can be persuaded to assign you the same registered address every time you connect (for an additional fee, of course).

Another solution is to sign up for a dynamic DNS service that gives your PC a name, not a number. Whenever you're online, these free services automatically update the IP address associated with the name you've chosen (such as http://pcnut.dyndns.org), so that you (and your colleagues) can memorize a single address for your machine.

To sign up for one of these services, just go to its Web site ”http://www.dyndns.org , http://www.dhs.org , http://www.dtdns.com , http://www.hn.org, or http://www.no-ip.com, among others.

If you bought a router for your home or small-office network ”a small box that shares your cable modem or DSL connection with several computers on the network ”there may be a third solution. Some routers let you map the unregistered address of a computer on your local network to a registered address inside the router, making that computer visible to the Internet. To find out if your router can pull off this stunt , you'll have to dig out the manual for the router, or contact its manufacturer.

In any case, once you obtain a fixed, registered IP address for your host system, don't forget to bring it with you. You'll need it when setting up the remote computer.


With a VPN connection, both the host and the remote computers connect to the Internet by making local calls to your Internet service provider (ISP). If you travel with a laptop, that's a good argument for signing up with a national or international ISP that has local access numbers wherever you plan to be. On the other hand, if you don't move your computers around much, you can just use your regular ISP as you always do, whether you connect using a dial-up, a cable modem, DSL, or whatever.

If you're connecting to your corporate network, no problem: your company probably has its own Internet service. If you are the sole proprietor of both machines, however, all of this may mean that you'll actually have to have two different ISP accounts, so that both machines can be online at once.

Not only can VPN save the frequent traveler quite a bit of money, but it's also extremely secure. When you connect using VPN, the information traveling between the two connected computers is encoded (encrypted) using a technology called tunneling . Your connection is like a reinforced steel pipe wending its way through the Internet to connect the two computers.

To create a VPN connection, your host computer must have two important components :

  • It must be on the Internet at the moment you try to connect. Usually, that means it needs a full-time Internet connection, like cable modem or DSL. But in a pinch ”if it has only a dial-up modem, for example ”you could phone a family member or co-worker just before you need to connect, with the direction to go online with your home PC.

  • It needs its own, fixed IP address. (See the box on the previous page for a workaround.)

The remote computer, on the other hand, doesn't have any such requirements.

21.3.1 Setting Up the Host Machine

To set up the host PC for the VPN connection, do exactly as you would for direct-dial connections (Section 21.2) ”but in step 6, choose "Allow virtual private connections." When the wizard finishes its work, the host machine is ready for action. Instead of setting up the modem to answer incoming calls, Windows XP now listens for incoming VPN connection requests from the Internet.

21.3.2 Making the Connection

Now move to the laptop, or whatever machine you'll be using when you're away from the main office. These steps, too, should seem familiar ”they start out just like those that began on Section 21.2.2, except that in step 3, you should choose "Virtual Private Network connection." Then proceed like this:

  1. On the Public Network screen before you, leave "Automatically dial this initial connection" selected. Use the drop-down list to select the connection you use to access the Internet.

    Now Windows XP can automatically dial up your ISP when you launch the VPN connection.

  2. Click Next . On the VPN Server Selection screen, type the host name or registered IP address of the VPN host ”that is, the computer you'll be dialing into.

    If you've signed up for one of the dynamic DNS services described in Getting a Fixed IP Address, you know what the host computer's name is. Otherwise, specify its registered IP address.

  3. Click Next, turn on "Add a shortcut to this connection to my desktop," and then click Finish.

    The result is a new icon on your desktop (and in the Network Connections window). When you double-click it, you see a dial-up box like the one shown in Figure 21-2. As with direct-dial connections, you can use dialing rules (Section 10.6.1) to simplify your life as you move from area code to area code in the course of your life.

At this point, you've once again joined your home network. Exactly as with the direct-dial connections described earlier, you should feel free to transfer files, make printouts, and so on. Avoid actually running programs on the distant PC, at least if one computer or the other is connected to the Internet using a dial-up modem; the situation improves if both are using high-speed connections.

When you want to hang up, right-click the connection icon in your notification area and choose Disconnect.

NOTE

All of this sounds simple enough ”and it is, if you have only one PC at home, or several that rely on Internet Connection Sharing (Chapter 18).

Unfortunately, setting up virtual private networking (and, for that matter, Remote Desktop, described next) on larger networks, or on networks that don't use Internet Connection Sharing, can be extremely complex. If you've installed a router to share an Internet connection with your network (Section 18.3), for example, some hairy technical bushwhacking is involved in setting it up to accommodate remote-access requests from the road. A consultant, or call to the router company, may be in your future.



Windows XP Pro. The Missing Manual
Windows XP Pro: The Missing Manual
ISBN: 0596008988
EAN: 2147483647
Year: 2003
Pages: 230

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net