Networks How to setup a VPN Server & Client - WinXP [NOT 56k Friendly]

[N4N01D]

How to setup a VPN Server

Ok, so you want to setup a VPN Server, 1st you have to think what OS, Internet Connection (and method, i.e. router or modem on a pc) and a few other things.
First off this tutorial is for Windows XP only.

The Steps

1)On the computer which you want to be the Server (the one people will dial into) go to the Control Panel as shown below.



2)Go to the Network Connection in the Control Panel, as shown below.



3)Now on the left hand side in the Common Task Box, there is a section “Network Tasks”. Click on this option.



4)This will start the wizard to make the VPN connection (server side) Click Next. As shown below.



5)On the next Page Select the “Set up an advanced connection” and click Next.



6)On this page Select “Accept incoming connections” and click Next.



7)On this page click Next. Don’t worry if it says “Direct Parallel” this wont be used.



8)Select the option “Allow virtual private connections” and click Next once again.



9)Now you are going to need to create an account which will be used for connecting to the server. This is done by clicking the Add button and following step 10.



11)This is the setup for adding the user that will be used to access the VPN.



12)This screen will give the options for the Allocation of IP addresses from the people that are connecting. To do this click on the “Internet Protocol” and click “Properties”.



13)On my network I know that IP addresses over 200 are free, so I have selected the range 192.168.1.201-192.168.1.220. If you are running a DHCP server you can let it specify the addresses. If in doubt specify manually as it can be changed later and click OK and click Next on the Window shown .



14)Now click Finish to Finish the Wizard.



15)If you go back to the “Network Connections” page you can see that there is an icon for “Accept Incoming Connections”.



And that’s the Server Connection all done

Firewall and Router Notes.

The previous bit was the easy bit. First if you are using a Modem and are going to be connecting directly to the computer the modem is on Skip forward a bit. If you are using a Router however this is a different matter, you can do 2 things.

1)Forward the specific ports to the desired Server (Look at the Firewall Section for ports etc.).
2)Set the DMZ(Demilitarized Zone) to the Desired Server. (This means that every connection will be forwarded directly to that PC, which brings me onto the firewall)

Firewall

I use Sygate firewall and here is a tutorial for allowing the correct ports to be allowed and not blocked by the firewall. I’m sure this tutorial could be modified to the certain firewall you are using, if any.

1)Start Sygate and go to the “Advance Rules and Configuration”.
2)Click Add
3)In the General Tab Name the Rule and select “Allow this traffic”
4)Select the Applications Tab
5)Check NTOSKRNL.EXE and TCP/IP Services Application
6)Click OK

7)Click Add
8)In the General Tab Name the Rule and select “Allow this traffic”
9)Select the Ports & Protocols Tab
10)Select TCP in the drop down box
11)Leave the remote box bland, and fill the local box with “135,500,1701,1723” Opening these ports can be dangerous, only open them if you can't get a connection made!
12)Click OK

13)Click Add
14)In the General Tab Name the Rule and select “Allow this traffic”
15)Select the Ports & Protocols Tab
16)Select UDP in the drop down box
17)Leave the remote box bland, and fill the local box with “135,500,1701,1723”
18)Click OK

19)Click Add
20)In the General Tab Name the Rule and select “Allow this traffic”
21)Select the Host Tab
22)Select IP Address and type in your VPN Server address.
23)Click OK

[N4N01D]

How to setup a VPN Client

1)Go to the control panel as shown below.



2) Double click on “Network Connections” as shown below.



3) Now on the left hand side in the Common Task Box, there is a section “Network Tasks”. Click on this option.



4) This will start the wizard to make the VPN connection (server side) Click Next. As shown below.



5) Select “Connect to the network at my workplace” and click Next



6)Select “Virtual Private Network Connection” and click Next.



7) Type in a company name for the connection and cluck next.



8)If you need to dial a connection to get internet access please select Automatically dial this initial connection OR just leave it on “Do not dial the initial connection.” And click Next.



9)Now enter the IP address or Hostname of the VPN Server and click Next.



10) Now click Finish.



11) The Connect box will appear where you can enter the details for the username and password which were set for the VPN server. From there click Properties.



12) Click the networking Tab and select the properties of the Internet Protocol TCP/IP.



13) Click Advanced.



14) Untick “Use Default gateway on remote network.” And click OK all the way back to the dialup box. – IF YOU DON’T DO THIS IT MAY CRASH YOUR NETWORK CONNECTION.



15) Now you can dial the connection. Once this has connected you should be linked to the other network, you may not be able to type \\server for example however if you go to Start – Search and select “Computers or People” then “a computer on the network” and type the server name in there you should be able to find it ok.

[jezmck]

nice clear guide. (should be a sticky imo)

will it let me and a friend play lan games though?

we were trying OpenVPN to set up a connection (which works) but were then unable to connect in-game.

any suggestions much appreciated.

[mushky]

Sweet as. Nice one mate, really useful info there.

[kitt]

brilliant guide mate

[N4N01D]

Quote:

Originally Posted by jazzle

nice clear guide. (should be a sticky imo)

will it let me and a friend play lan games though?

we were trying OpenVPN to set up a connection (which works) but were then unable to connect in-game.

any suggestions much appreciated.

you know that you will only get speeds the same as your upload (256kbit in most broadband cases), it should work as basically you are becomming part of the network, do you have any firewalls running or anything, if so you could try turning them off?

Thanks for the feedback, keep it comming

[hk]

Yep sticky it

[Carbon]

Quote:

Originally Posted by hk

Yep sticky it

Agreed sticky!

[Sc0rian]

Yep agree..

Vpn isnt easy for an average person. Sticky would be use I GUESS

[mushky]

great post man, thanks

[Brew]

Very nice guide Cant really be any clearer than that.

I thought I would point out that the process in Windows 2000 Pro is nearly identical, and just as 1337 Good for those of us who want to get our pr0...files from a computer at home

[midou11]

wow that is gonna be very helpfull for people.

[Nath]

Great guide, will be using this when I get back home.

[Drivel]

im a lil hazy about this do u need any other hardware ?? cuz i know how to do it with a VPN roghter but not with out does iot stiill work??

[N4N01D]

nope no hardware required (not including a modem for getting the internet connection) - just 2 x Win XP or 2000 systems, ports will need to be forwarded / unblocked tho if your using a router / firewall

HTH

[Sunny-D]

wouldnt the server need 2 nic's? one for the modem, one for the router?

[N4N01D]

you could use 1 or 2 nics, when i did it for a server i put 2 nics in and dedicated 1 card to VPN and then the other card to internal network access. Then i used sygate firewall and setup rules for each card, but its not essential to have 2 cards, it really depends on your topology tbh

[Phrozenpenguin]

Thanks for the tutorial, much appreciated :-)

Just a couple of notes i have found:

You can test this on a LAN to check you have authentication correct by changing the IP to the local address of the server.

You have to be careful on the outgoing interent connection as well; some routers don't let PPTP connections through :/

[phonon45]

First off, thanks for posting this. The setup was quick and painless.

Could you explain why you are forwarding all of those ports? If this is a PPTP connection, then it will work to only forward port 1723. I have set up a VPN server in Server 2003 and it works fine with only port 1723 forwarded through the firewall. What am I missing about XP?

[N4N01D]

I was having a few problems with getting sygate to work with this... so i raised a help requests as i have a legal copy and they replied with the above ports that needed to be forwarded, and right enough when i did this it worked. Having 135 could cause some security issues, but if you can run it with 135 closed then go for it, im just saying i needed 135 open for it to work

HTH