Configuring an automatic or permanent VPN on XP

[Wells Caughey]

Hello everyone,

At my company the vast majority of our users are out in the field and
connect to the internet using a varity of network providers, none of which
we control or want to control. In order to allow the user's laptops to
connect to the corporate network, we have configured the user's laptops to
use the Windows XP VPN client. This has been an imperfect solution at best
because our users rarely need connect directly to the corporate network, and
everytime they do need to connect, the process is stressful and confusing to
them.

Ideally I would like to be able to setup the VPN client in a similar manner
as the demand-dial connections in Windows 2003 Server, but through some
research I have found that this is not supported on XP. Alternately I'd
like a driver that looked a standard ethernet adapter, but actually created
a VPN connection.

Does anyone know how to make these VPNs behave better?

Thanks,
Wells

 

[Sooner Al [MVP]]

Hello everyone,

At my company the vast majority of our users are out in the field and
connect to the internet using a varity of network providers, none of which
we control or want to control. In order to allow the user's laptops to
connect to the corporate network, we have configured the user's laptops to
use the Windows XP VPN client. This has been an imperfect solution at
best because our users rarely need connect directly to the corporate
network, and everytime they do need to connect, the process is stressful
and confusing to them.

Ideally I would like to be able to setup the VPN client in a similar
manner as the demand-dial connections in Windows 2003 Server, but through
some research I have found that this is not supported on XP. Alternately
I'd like a driver that looked a standard ethernet adapter, but actually
created a VPN connection.

Does anyone know how to make these VPNs behave better?

Thanks,
Wells

Not being a server guy the only thing I can suggest is possibly a script
that calls "rasdial" when a certain application is started. That may not be
what your looking for though...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Wells Caughey]

Thanks for the quick reply, Al.

It is not so much that any particular application needs to access the
corporate network, but rather that our people stay out in the field for
months or years at a time, and Windows XP needs to synchronize with the
domain to make sure that the user's account credentials are still valid.
Alternatively, some of the users may swap machines or reprovision spares
that don't already have a copy of the new user's profile. This means
another connection to active directory...

I know that these tasks can be done by chosing the "connect using a slow
connection" checkbox on the login screen, but this is confusing to our users
and I would prefer the entire VPN to be invisible to our users. To me this
means that the VPN either needs to permanent or demand-dialed, but I don't
know how to do either.

As an alternative, I have thought about making our domain controller
publicly visible on the internet and using the domain isolation aspect of
IPSEC to protect the domain controller from unauthorized machines... Does
this sound plausable?

Thanks,
Wells

 

[Sooner Al [MVP]]

Thanks for the quick reply, Al.

It is not so much that any particular application needs to access the
corporate network, but rather that our people stay out in the field for
months or years at a time, and Windows XP needs to synchronize with the
domain to make sure that the user's account credentials are still valid.
Alternatively, some of the users may swap machines or reprovision spares
that don't already have a copy of the new user's profile. This means
another connection to active directory...

I know that these tasks can be done by chosing the "connect using a slow
connection" checkbox on the login screen, but this is confusing to our
users and I would prefer the entire VPN to be invisible to our users. To
me this means that the VPN either needs to permanent or demand-dialed, but
I don't know how to do either.

As an alternative, I have thought about making our domain controller
publicly visible on the internet and using the domain isolation aspect of
IPSEC to protect the domain controller from unauthorized machines... Does
this sound plausable?

Thanks,
Wells

Wells,

Try posting to the microsoft.public.windows.server.networking news group for
help. I think you may get more authoritive responses there...

Good luck...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Wells Caughey]

Ok, I'll give the a try. Thanks for your help.

Wells

 

[erictaneda]

Hello everyone,

At my company the vast majority of our users are out in the field and
connect to the internet using a varity of network providers, none of which
we control or want to control. In order to allow the user's laptops to
connect to the corporate network, we have configured the user's laptops to
use the Windows XP VPN client. This has been an imperfect solution at best
because our users rarely need connect directly to the corporate network, and
everytime they do need to connect, the process is stressful and confusing to
them.

Ideally I would like to be able to setup the VPN client in a similar manner
as the demand-dial connections in Windows 2003 Server, but through some
research I have found that this is not supported on XP. Alternately I'd
like a driver that looked a standard ethernet adapter, but actually created
a VPN connection.

Does anyone know how to make these VPNs behave better?

Thanks,
Wells

This is a fairly old post, but check out VPN Dialer 2012 which runs as a service and keeps a VPN connection permanently connected, from bootup until shutdown, as long as the computer has power and Internet access.