How to Setup a Virtual Private Network
A virtual private network, or VPN, is designed to give you a secure connection to an internal computer network from a remote location over the Internet. A VPN involves setting up a router, possibly configuring pass-through ports and also configuring a client. You can set up a VPN without third-party software on your server; the software suite included with Windows XP, Vista and Windows Server Editions will be sufficient.There are two elements to setting up a VPN: configuring a server and configuring a client. You will need to choose whether you use the simpler method, which is setting up a VPN router as a server, or the more complex method, which is using your regular router as a pass-through to a computer set up as your VPN server. A VPN router is a router that either has VPN support built in or has VPN service preinstalled for you by a computer technician.
Things You'll Need
- VPN router or home router
- Windows XP Pro, Vista or Server Editions
- Internet connection
Setting up a VPN Router
Log into your router and find the VPN tab. It may be a stand-alone tab, or it may be listed under the "Services" tab; some routers may also list it as a "PPTP" tab.
Specify the protocol you wish to use. In this example, we will use point-to-point tunneling protocol, or PPTP. The idea is, as the name implies, that a virtual tunnel is created from point to point that keeps the outside world from seeing in, thus keeping your virtual private network secure.
Specify the users allowed by username and password. Refer to your router's manual for syntax, as the command language does vary between manufacturers. The most common format is *username*password*.
Set the available IP addresses in your internal network for users.
Skip to configuring your client after saving all your VPN router settings.
Setting up and Configuring a Windows Server
Click on "Start," then "Settings and Network Connections."
Choose "Create New Connection," then click "Next."
Choose the last option, "Setup Advanced Connection," in the Network Connection Type box.
Select "Accept Incoming Connections" in the Advanced Connection box. You will then click "Next" through two more boxes.
Check "Allow Virtual Private Connections" and click "Next."
Select an existing user or create a new user, so Windows will have a username and password to use for the VPN.
Click "Next" and "Finish" after selecting all the users you wish to give access to.
Right-click the "Incoming Connections" icon in the Network Connections Folder and then select "Properties."
Select the "Networking" tab and choose "TCP/IP protocol." Click on "Properties" and then click "Specify IP Address." This is where you choose addresses where users will connect to the VPN. To do this properly, you need to know where your router applies Dynamic Host Control Protocol (DHCP) settings, which is the sequential numbers your router assigns internally to new users. Most start at the bottom and go up to about 100. Let's use the example of a standard home router that would give you a range of 192.168.1.1 to 192.168.1.99 for your DHCP. In this example, under "Specify IP Address", you might choose 192.168.1.100 to 192.168.1.110. This gives you 10 IP addresses available for new users. You can assign more or less depending on how many users you want to access the VPN at any given time.In this same window, you have the option to allow the computer to assign its own IP address. Selecting this option is not necessary, because you've just assigned IP addresses for your users.
Log in to the router, assuming your router is also your hardware firewall. Look for a tab listed as "Advanced Options" or "Port Forwarding" or "Gaming." Once you've found it, you must forward Port 1723 and Port 500 (both TCP and UDP) to the computer that has your VPN server on it. These should be forwarded to the IP address of the VPN server computer you just configured. If you're not sure what that IP address is, go to the computer, click "Start," then "Run." Type "CMD" in the black window, then type "IPCONFIG \all." This command gives you the IP address of the server computer.
Click "Save" in router configuration and restart the router. The server should now allow connections without changing the firewall. If you're using a software firewall and an external firewall, you may want to consider disabling the software firewall, unless you are on a less secure public internal network. If you need to use a software firewall, check your user instructions for allowing exceptions, and allow exceptions on the ports listed above.
Setting up the Client
Right-click "Network Connections" on your desktop.
Choose "Create A New Connection."
Choose "Connect to the Network at My Workplace" from the options shown. Click "Next."
Choose "VPN," then click "Next."
Name your VPN connection if you choose to. This will not affect how the VPN works; the name is strictly for your own reference. Click "Next."
Choose "Do Not Dial the Initial Connection" and click "Next."
Enter the external IP address of the VPN server. Your company's IT department can provide this. If you have set up the server, then open up a web browser, type in your favorite search engine and search with the words "What Is My IP?" The results will list a number of sites showing your external IP address. Enter this number as the external IP address of the VPN server.
Select "My Use Only" or "Everybody on This Computer," depending on your preference, then click "Next."
Add a shortcut for this connection to your desktop. Click "Finish."