Saturday, May 1, 2010

Configure Windows XP Professional to be a VPN server

SkyHi @ Saturday, May 01, 2010

For the Small Office/Home Office (SOHO), Windows XP Professional VPN features are a real boon.

Traveling users with laptops or handheld computers will inevitably want files on the home network; you just can't bring everything with you. This is where the beauty of the Windows XP Professional computer connected to an always-on connection, such as DSL or cable modem, shines. That always-on link can be used to accept incoming VPN connections and allow your mobile users to access shared folders and files on your private network.

In this article, I’ll explain how to configure a Windows XP Professional computer to accept incoming VPN connections and discuss some tips on improving the remote access experience for the VPN client computer user.

Windows XP’s all-in-one VPN solution

Windows XP Professional is designed as the one-stop solution for the SOHO, taking all the usability features available to Windows Me users and adding the powerful networking features available in Windows 2000. The combination lets you create the ideal remote access solution for the SOHO.

The Windows XP Professional remote access server capabilities are very similar to those available in Windows 2000 Professional. A Windows XP computer can accept a single incoming connection on each interface that can accept a connection. For example, a Windows XP machine can accept incoming connections on each of the following interfaces:

  • Dial-up modem serial interface

  • Infrared interface

  • Parallel port interface

  • VPN interface

  • While it’s unlikely, a Windows XP Professional machine with the above configuration could conceivably accept up to four simultaneous RAS connections. However, the typical configuration consists of a single RAS client connection, either through a dial-up modem interface or a VPN interface.

    Create an incoming connection with the New Connection Wizard

    Like Windows 2000 Professional, Windows XP Professional includes a New Connection Wizard. I’ll show you how to use the New Connection Wizard to create the new VPN server interface. In this example, I’ll assume the Windows XP Professional machine is not a member of a Windows NT 4.0 or Windows 2000 domain. The machine has two network interface cards; one is directly connected to the Internet, and the other is connected to the internal LAN. In addition, the external interface of the machine is configured for Internet Connection Sharing (ICS). While ICS changes the IP address of the LAN interface of the ICS computer to through 16, it's easy to change the IP address to one that fits the existing network environment. The IP address of the LAN interface of the ICS computer was changed to through 24 to fix the preexisting network configuration.

    How to create the VPN server interface, step-by-step

    1. Click Start | Control Panel.

    2. In the Control Panel, open the Network Connections applet.

    3. In the Network Connections window (see Figure A), open the New Connection Wizard.

    Figure A

    The Network Connections window

    4. On the Welcome To The New Connection Wizard page, click Next.

    5. On the Network Connection Type page (see Figure B), select the Set Up An Advanced Connection option.

    Figure B

    On the Advanced Connection Options page (see Figure C), select the Accept Incoming Connections option and click Next.

    Figure C

    Configuring XP to accept incoming connections

    7. On the Devices For Incoming Connections page (see Figure D), you can select optional devices on which you want to accept incoming connections.

    Figure D

    Note that you are not presented with any of the network interfaces on the computer.

    8. On the Incoming Virtual Private Network (VPN) Connection page (see Figure E), select the Allow Virtual Private Connections option and click Next.

    Figure E

    9. On the User Permissions page (see Figure F), select the users that are allowed to make incoming VPN connections. Click Next.

    Figure F

    Any user that isn’t selected won’t be able to initiate an incoming connection.

    10. On the Networking Software page (see Figure G), click on the Internet Protocol (TCP/IP) entry and click the Properties button.

    Figure G

    Configuring TCP/IP properties

    11. In the Incoming TCP/IP Properties dialog box (see Figure H), place a check mark in the Allow Callers To Access My Local Area Network check box. This will allow VPN callers to connect to other computers on the LAN. If this check box isn’t selected, VPN callers will only be able to connect to resources on the Windows XP VPN server itself. Click OK to return to the Networking Software page and then click Next.

    Figure H

    Granting LAN access to callers

    12. On the Completing The New Connection Wizard page, click Finish to create the connection.

    After the Incoming Connection is complete, right-click on the connection in the
    Network Connections window and select the Properties command (see Figure

    Figure I

    Accessing the properties of the VPN server link