Setting Up a VPN

In order to establish a VPN connection, you must install a VPN server program on the host computer, and VPN client software on the remote computer. The server can be either a program running on a host computer or a separate switch, router, or gateway. The Virtual Private Network Consortium (VPNC) has established a set of interoperability standards for VPN hardware; if a device is on their list at http://www.vpnc.org/testing, you can expect it to work with a Windows XP client. The same list includes links to information about specific VPN networking products. Microsoft Windows server products, including Windows NT Server, Windows 2000 Server, and Windows Server 2003 all include VPN host software.

In most cases, you want to set up a new VPN link to an existing host, so we'll leave the process of creating a new server to the network managers and other experts; if you must build your own server, you will want to read one of the books mentioned in the introduction to this chapter.

It doesn't matter to the users of VPN clients whether the host is a stand-alone device or software on a network server, or which operating system the host computer is using. The VPN method does make a difference because both ends of a VPN tunnel must use the same protocol. However, Windows can automatically detect the connection type, so you should be able to make a successful VPN connection to any server.

To configure your computer as a VPN client, follow these steps:

1. From the Control Panel or the Start menu, choose Network Connections.

2. In the Network Connections window, choose the New Connection Wizard.

3. From the Welcome window in the New Connection Wizard, click Next to open the Network Connection Type window shown in Figure 47.5.

   
   Figure 47.5: Choose the Connect to my workplace option to set up a VPN client.

4. Choose the Connect to the network at my workplace option and click Next. The Network Connection window shown in Figure 47.6 appears.

   
   Figure 47.6: The Network Connection screen includes a VPN option.

5. Choose the Virtual Private Network connection option and click Next. The Connection Name asks you to assign a name to the VPN connection profile.

6. Type the name of the destination or some other identifier and click Next. The Public Network screen shown in Figure 47.7 appears.

   
   Figure 47.7: Choose the type of connection for your VPN end point.

7. If you're connecting to the Internet through a LAN or a broadband service such as DSL or cable, choose the Do not dial option. If you have to connect to the Internet through a dial-up service, choose the Automatically dial option. Click Next. The VPN Server Selection screen shown in Figure 47.8 appears.

   
   Figure 47.8: Type the name or address of the VPN host.

8. Obtain the name or numeric address of the VPN host from your network manager. Type either the name (such as http://www.VPNhost.com) or the numeric IP address of the host and click Next.

9. The final screen of the wizard confirms the name of the connection profile and offers to add a shortcut on your desktop. Click Finish to save the profile and close the wizard. The Connect window shown in Figure 47.9 appears.

   
   Figure 47.9: The Connect window sets up a VPN link.

10. Type the account name and password assigned by your network manager in the Connect window, and click the Connect button at the bottom of the window to test your connection.

If the VPN connection works, you see a login or confirmation screen from the host; you now have a live connection through your VPN to the distant host or network that accepts any command that you could enter from a local computer on the same network.

Most VPN connections pass through one or more firewalls and routers, which interrupt the data flow unless you tell the firewalls to accept the VPN data. To set your firewall or router to pass a PPTP signal, you must open each firewall and router's configuration tool and change the Port Forwarding settings.

You must enable these ports and protocols:

• Client Ports 1024–65535/TCP

• Server Port 723/TCP

• Protocols PPTP

• IP Protocol 47 (GRE)

The location of these settings is different for each device, so you have to consult the manuals for your own equipment to learn exactly what you must do to change them. Of course, some manuals are better than others, so if the manual doesn't tell you what you need to know, call your network manager and the tech support center for each firewall and router.

If the connection does not work, confirm that your account name and password are correct. If they are, it's possible that your computer did not automatically recognize the connection type. To set your VPN client to a either PPTP or L2TP, follow these steps:

1. Open your VPN connection profile. The Connect window opens.

2. Click the Properties button and choose the Networking tab in the Properties window. The dialog box shown in Figure 47.10 appears.

   
   Figure 47.10: Choose the type of connection in the Properties window.

3. Open the drop-down Type of VPN menu near the top of the dialog box, and choose the connection method used by your VPN. Click OK to save your settings.

4. Try to open your VPN connection. If it still doesn't work, consult your network manager.

For more about troubleshooting a VPN connection, see Microsoft Knowledge Base Article No. 314076, "How to configure a connection to a virtual private network (VPN) in Windows XP" at http://www.support.microsoft.com/kb/314076.