Delete remote assistance invitation?

[Blue Max]

Under Windows Vista we cannot find how to do the following:

1. Delete a remote assistance help invitation.
2. Set the expiration for an invitation during creation - never given the
option.
3. When viewing dialog for System Properties > Remote Tab > Advance Button,
all the Remote Assistance Settings dialog options are dimmed except the
option to create invitations for computers running Vista?

These options are pretty intuitive in Windows XP, but not in Vista. Thank
you for any help.

 

[Sooner Al [MVP]]

Under Windows Vista we cannot find how to do the following:

1. Delete a remote assistance help invitation.
2. Set the expiration for an invitation during creation - never given the
option.
3. When viewing dialog for System Properties > Remote Tab > Advance
Button, all the Remote Assistance Settings dialog options are dimmed
except the option to create invitations for computers running Vista?

These options are pretty intuitive in Windows XP, but not in Vista. Thank
you for any help.

As an administrator run gpedit.msc and check the "Computer Configuration ->
Administrative Templates -> System -> Remote Assistance -> Solicited Remote
Assistance" group policy. If its enabled you will see what you see in items
2 and 3. Make sure its "Not configured". You can then configure the
expiration time period in the Remote Tab > Advanced button. You can delete
individual invitation files from the folder you save them to. Search for
files with the .msrcincident extension. Go to "Start -> Search".

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

 

[Blue Max]

Thanks, Sooner A1. You are probably right on the money. I had edited group
policy to enable this option because it supposedly allowed us to lengthen
the expiration time frame. However, I also have noted, after the fact, that
the article providing this information was for Windows XP (which information
we successfully used to correct a Remote Assistance issue between XP and
Vista machines on the local network).

Since you are familiar with this subject, perhaps you can clarify a few
issues:

FIRST, can we select any available expiration time-frame on the drop downs
in Vista? In XP there was a group policy setting that limited the time
frame to something like 30 hours, or whatever, even though there were longer
options on the drop downs. As such, we had to edit group policy in XP in
order to utilize the longer expiration periods, up to 99 days. So is Vista
different or do we have to disable a limit here too?

SECOND, does the expiration setting in Vista affect all open invitations?
We have presumed this must be the case because there is no option to specify
the expiration period when creating individual invitations.

THIRD, I can get Vista Remote Assistance to work fine on our local network,
but cannot get it to work over the internet using an invitation file.
Remote Desktop connects fine between our computers over the network, so I
thought we had all the proper ports enable and routed through the firewalls,
but Remote Assistance still fails to connect. Is there a chance that Remote
Assistance is using a different port than the 3389 port used for Remote
Desktop? I also have noted that we do not have a Remote Assistance Offer
Help Users group on any of our Vista Ultimate machines; a user group often
referred to in Remote Assistance articles. Any ideas?

Thank you to the max from the Max.

******************************

 

[Sooner Al [MVP]]

Thanks, Sooner A1. You are probably right on the money. I had edited
group policy to enable this option because it supposedly allowed us to
lengthen the expiration time frame. However, I also have noted, after the
fact, that the article providing this information was for Windows XP
(which information we successfully used to correct a Remote Assistance
issue between XP and Vista machines on the local network).

Since you are familiar with this subject, perhaps you can clarify a few
issues:

FIRST, can we select any available expiration time-frame on the drop downs
in Vista? In XP there was a group policy setting that limited the time
frame to something like 30 hours, or whatever, even though there were
longer options on the drop downs. As such, we had to edit group policy in
XP in order to utilize the longer expiration periods, up to 99 days. So
is Vista different or do we have to disable a limit here too?

SECOND, does the expiration setting in Vista affect all open invitations?
We have presumed this must be the case because there is no option to
specify the expiration period when creating individual invitations.

THIRD, I can get Vista Remote Assistance to work fine on our local
network, but cannot get it to work over the internet using an invitation
file. Remote Desktop connects fine between our computers over the network,
so I thought we had all the proper ports enable and routed through the
firewalls, but Remote Assistance still fails to connect. Is there a
chance that Remote Assistance is using a different port than the 3389 port
used for Remote Desktop? I also have noted that we do not have a Remote
Assistance Offer Help Users group on any of our Vista Ultimate machines; a
user group often referred to in Remote Assistance articles. Any ideas?

Thank you to the max from the Max.

I don't see the option to lengthen the expiration time when I create an
invitation file on my Vista machines so I guess that means that option has
been removed for whatever reason. The means the expiration time you set in
the configuration window or via a group policy or via registry setting will
apply to all invitations. Its no longer on an invitation by invitation
basis...

Remote Assistance (RA) still uses TCP Port 3389. You might need to change
the public IP address in the invitation file. See the RCTICKET field in the
file. These articles, written for XP, should still pertain.

http://support.microsoft.com/kb/300692/en-us
http://support.microsoft.com/kb/301529/en-us

I have not used RA that much except for testing over my local LAN or through
a test VPN tunnel. FWIW, I have started using TeamViewer to support one of
my sister-in-law's remotely. That works pretty well for me, even on a 56K
dial link which she uses, and something you might look into. Note its free
for personal use only.

http://www.teamviewer.com/index.aspx

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

 

[Blue Max]

Hello Sooner,

I don't see the option to lengthen the expiration time when I create an
invitation file on my Vista machines so I guess that means that option has
been removed for whatever reason. The means the expiration time you set in
the configuration window or via a group policy or via registry setting
will apply to all invitations. Its no longer on an invitation by
invitation basis...

What a pity! It seems that in many ways XP was better thought-out than
Vista. It seemed so logical that the user might want to issue an invitation
to certain individuals that would have a quick expiration (one-time help
from a specific tech) and to other individuals with a long-term expiration
(such as a good computer-saavy friend). This issue also raises other
expiration questions like, does lowering the expiration time delete prior
invitations we expected to keep long-term? or do short-term invitations
receive an extension when the expiration period is raised? and so on.

Remote Assistance (RA) still uses TCP Port 3389. You might need to change
the public IP address in the invitation file. See the RCTICKET field in
the file. These articles, written for XP, should still pertain.

http://support.microsoft.com/kb/300692/en-us
http://support.microsoft.com/kb/301529/en-us

I have not used RA that much except for testing over my local LAN or
through a test VPN tunnel. FWIW, I have started using TeamViewer to
support one of my sister-in-law's remotely. That works pretty well for me,
even on a 56K dial link which she uses, and something you might look into.
Note its free for personal use only.
http://www.teamviewer.com/index.aspx

Thank you for the recommendations regarding these issues also.

 

[Sooner Al [MVP]]

Hello Sooner,


What a pity! It seems that in many ways XP was better thought-out than
Vista. It seemed so logical that the user might want to issue an
invitation to certain individuals that would have a quick expiration
(one-time help from a specific tech) and to other individuals with a
long-term expiration (such as a good computer-saavy friend). This issue
also raises other expiration questions like, does lowering the expiration
time delete prior invitations we expected to keep long-term? or do
short-term invitations receive an extension when the expiration period is
raised? and so on.

You would have to test that. I never have nor have I even thought of those
issues quite frankly...

One thing you might look into is using the Remote Assistance (RA) "offer"
functionality. I do know that works between Vista Ultimate-to-Vista Ultimate
machines in a workgroup environment, ie. like my small two Vista home
network, and should work natively in a domain environment. I had to enable
both the "Solicited" and "Offer" group policies to get this to work. I could
directly address the RA offer by IP (or NetBIOS name) over my local LAN or
through a PPTP VPN tunnel. The latter is nice if the expert had to VPN into
a remote site to provide support.

These articles, written for XP, are still pertinent for the most part...

http://support.microsoft.com/kb/308013/

http://support.microsoft.com/default.aspx?scid=kb;en-us;301527
http://support.microsoft.com/kb/306496/

I presume this would work with Vista Business or Enterprise editions if used
in a workgroup environment also but I have no way of testing this.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

 

[Blue Max]

Thanks Sooner. How did you find and enable "both the 'Solicited' and
'Offer' group policies" to get this to work? My problem is that the
policies are not displayed by default and help articles infer they are only
available while an offer is outstanding. Not to mention that most articles
refer to XP and don't take into consideration the changed names or altered
functionality in Vista. So how does one add permissions to a group they
cannot find? I'll take a look at the articles you recommended.

I like the concept of 'offering' help, but cannot seem to enable this
feature over the internet. You mentioned going "through a PPTP VPN tunnel,"
but we don't have a lot of experience in setting up a VPN. Furthermore, our
IP addresses are dynamically assigned, so we are using a No-IP domain name
to address our computers. Microsoft makes it sound like Remote Assistance
is a cinch, but it is far from any such thing! We do use Remote Desktop
over the internet just fine with the same two computers, and we can use
Remote Assistance just fine through Windows Live Messenger, but cannot get
RA to work directly over the internet, which may be due to the group
policies you mentioned. If you have any ideas we would be happy to
entertain them.

Thanks

**************

 

[Blue Max]

Just a follow-up to my last reply. I have read the articles you recommended
and they are the same ones we used in resolving an XP problem. However,
enabling the RA Offer settings in Vista did some funny things, like locked
our expiration options so they could not be changed. In fact, I think it
may have even been you that directed us to 'disable' or 'not configure'
these items in order to restore the expiration options. Anyway, you got it
to work between your Vista computers and we hope to do the same. We still
think it may relate back to having the proper groups available with
permissions for the proper users.

**************

 

[Sooner Al [MVP]]

Just a follow-up to my last reply. I have read the articles you
recommended and they are the same ones we used in resolving an XP problem.
However, enabling the RA Offer settings in Vista did some funny things,
like locked our expiration options so they could not be changed. In fact,
I think it may have even been you that directed us to 'disable' or 'not
configure' these items in order to restore the expiration options.
Anyway, you got it to work between your Vista computers and we hope to do
the same. We still think it may relate back to having the proper groups
available with permissions for the proper users.

**************

Are you in a domain environment or a workgroup environment? I presume your
an administrator or a user with admin privileges.

Your right in that setting those group policies negates the user from
setting the time limit. Its an either or situation.

By the way, I have never tried to offer over the public internet other than
through a VPN tunnel, ie. I VPN into a network then offer the novice user
(on that network) help via RA.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

 

[Blue Max]

Hello Sooner,

The small office end of the internet link is a simple peer-to-peer workgroup
with a Linksys hub (switch) linked to a Qwest DSL router/modem. The home
end is a Linksys Wired/Wireless router where the main computer is wired
(Ethernet) to the router and about 5 or 6 laptops and an old desktop are
using the wireless connection. Both internet service providers assign
dynamic IP addresses, so we use No-IP in order to have a static domain name
for one computer on each end of the internet connection. In both cases the
routers pass calls to port 3389 through to the two computers running Windows
Vista Ultimate and the computer firewalls are configured to allow calls to
that port also. This configuration works great with Remote Desktop over the
internet, except for file transfers that are dirt slow. Still trying to
figure out what the problem is with the slow file transfers? We can
download a 100MB plus file in several minutes off the internet, yet it
almost requires a plunger to force a 1MB file through the Remote Desktop
connection!

On the other hand, we'd love to learn how to set up a secured VPN Tunnel
over the internet between these two locations. However, we have not had the
time to explore this fully explore this possibility. We have a lot to learn
about VPNs, domains, and trusted domains versus workgroups and simple
internet access. As you can tell, we are a little discouraged with the
Remote Assistance connectivity issue, especially since we already had Remote
Desktop up and running and thought that setting up RA would be a small
incremental task. Ironically, Microsoft makes Remote Assistance sound so
easy . . . just issue an offer over the internet and the other party simply
accepts!

Do you think a VPN would help? If so, are you aware of any good 'How-to'
articles on setting up a VPN tunnel between the two computers as configured
above? I do like the appeal of an encrypted private connection, but am
wondering whether it will slow down or speed up communication and files
transfers between the two computers?

I apologize for the unending cascade of questions, but getting advice from
someone who has successfully perfomed a task is often worth a dozen
knowledgebase or how-to articles.

Thanks again,

Richard

**********************

 

[Sooner Al [MVP]]

Hello Sooner,

The small office end of the internet link is a simple peer-to-peer
workgroup with a Linksys hub (switch) linked to a Qwest DSL router/modem.
The home end is a Linksys Wired/Wireless router where the main computer is
wired (Ethernet) to the router and about 5 or 6 laptops and an old desktop
are using the wireless connection. Both internet service providers assign
dynamic IP addresses, so we use No-IP in order to have a static domain
name for one computer on each end of the internet connection. In both
cases the routers pass calls to port 3389 through to the two computers
running Windows Vista Ultimate and the computer firewalls are configured
to allow calls to that port also. This configuration works great with
Remote Desktop over the internet, except for file transfers that are dirt
slow. Still trying to figure out what the problem is with the slow file
transfers? We can download a 100MB plus file in several minutes off the
internet, yet it almost requires a plunger to force a 1MB file through the
Remote Desktop connection!

On the other hand, we'd love to learn how to set up a secured VPN Tunnel
over the internet between these two locations. However, we have not had
the time to explore this fully explore this possibility. We have a lot to
learn about VPNs, domains, and trusted domains versus workgroups and
simple internet access. As you can tell, we are a little discouraged with
the Remote Assistance connectivity issue, especially since we already had
Remote Desktop up and running and thought that setting up RA would be a
small incremental task. Ironically, Microsoft makes Remote Assistance
sound so easy . . . just issue an offer over the internet and the other
party simply accepts!

Do you think a VPN would help? If so, are you aware of any good 'How-to'
articles on setting up a VPN tunnel between the two computers as
configured above? I do like the appeal of an encrypted private
connection, but am wondering whether it will slow down or speed up
communication and files transfers between the two computers?

I apologize for the unending cascade of questions, but getting advice from
someone who has successfully perfomed a task is often worth a dozen
knowledgebase or how-to articles.

Thanks again,

Richard

If you want to do VPN between two small networks like that you have a few
options.

* Setup a PPTP VPN server running on a Vista or XP box at the office end.
You home clients could then access the office network just like they were on
it. Here is how to do that with Vista or XP...

http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
http://www.onecomputerguy.com/networking/xp_vpn_server.htm
http://www.onecomputerguy.com/networking/xp_vpn.htm

The problem with a PPTP VPN is some routers don't support GRE Protocol 47
traffic. That issue is very problematic on consumer grade routers.

* Purchase VPN end-point type routers at each location. Those are made by
Linksys, Cisco, ZyXEL, Netgear, etc depending on how much you want to spend
and what type of VPN you want, ie. L2TP/IPSec, SSL, etc.

* Use a supported router and install third-party firmware like DD-WRT that
includes built-in VPN server functionality.

* Use third-party VPN software like SSL-Explorer or OpenVPN.

* Setup a Secure Shell (SSH) server at the office end. Clients can then
access shared files on the server and desktops with Remote Desktop through
the SSH tunnel. I use SSH to access my home LAN for both secure remote file
access and Remote Desktop access.

http://theillustratednetwork.mvps.org/Ssh/SSH-HomeUser.html

http://theillustratednetwork.mvps.org/Ssh/SecureShell.html

You could also use a program like WebDrive ($$$$) as your SSH SFTP client.
WebDrive allows you to map shared drives through the SSH tunnel, which can
be a nice feature for your remote clients.

http://www.webdrive.com/products/webdrive/index.html

As a side note I was getting ready to start experimenting with RA through a
SSH tunnel. I plan on doing that tomorrow if I get time.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

 

[Blue Max]

Thanks, Sooner Al! These links provide some really great articles, but it
will take me a little while to digest everything. I am starting to
formulate a picture in my mind, but help me understand if I am on the right
path.

FIRST, creating a VPN tunnel will make it appear as if the home client is
just another computer on the office network, complete with file sharing,
shared printer resources, etc?

SECOND, Remote Desktop and Remote Assistance should work in this
configuration just as if one office computer were accessing another office
computer on the local offiice workgroup network?

THIRD, can both the home and office computers be configured as VPN servers
at same time for client access regardless of whether you are at home or at
the office?

FOURTH, the first Vista VPN article was extremely helpful, but I have a
question on the "Incoming IP Properties" dialog configuration. In this step
are we simply assigning a 'Static' IP address to the client computer as a
virtual entity logged into the network? I'm not real clear on what this
assignment is accomplishing or how we should specify the IP range.

FIFTH, are you inferring that simply setting up the VPN tunnel does not
encrypt the connection? We need to setup Secure Shell (SSH) separately in
order to be protected? Isn't the VPN tunnel automatically encrypted. In
similar fashion, why do you recommend third-party firmware and VPN software,
doesn't Windows Vista provide this functionality?

Thanks again, these were some wonderful resources to get us started!

Richard

************************

 

[Jeffrey Randow]

First - Yes
Second - Yes
Third - I'm not sure I understand the question...
Fifth - VPN tunnels are encrypted.
When you are on the VPN and it is a "private" network, you are open to
any attacks/vulnerabilities that may be on the office LAN (and vice
versa - the office is open from attacks from your computer). That is
why many companies restrict VPNs.

---
Jeffrey Randow
(e-mail address removed)
Windows Networking MVP 2001-2006
http://www.networkblog.net

 

[Sooner Al [MVP]]

First - Yes
Second - Yes
Third - I'm not sure I understand the question...
Fifth - VPN tunnels are encrypted.
When you are on the VPN and it is a "private" network, you are open to
any attacks/vulnerabilities that may be on the office LAN (and vice
versa - the office is open from attacks from your computer). That is
why many companies restrict VPNs.

---
Jeffrey Randow
(e-mail address removed)
Windows Networking MVP 2001-2006
http://www.networkblog.net

To add to Jeffrey's comments...

The office and home networks need to be on different subnets, ie. office
192.168.1.X and home 192.168.2.X for example. The assigned IP range on the
PPTP VPN server at the office would be in the 192.168.1.X range but outside
the range of any existing static IP or DHCP assigned IP addresses. So for
example my home PPTP VPN server is on my home subnet of 192.168.2.X. I have
static IP addresses assigned to two desktop PC, ie. 192.168.2.11 and .12
respectively. I have a router based DHCP server running on my home LAN that
assigns mobile clients IP addresses from 192.168.2.101 through .110. I
subsequently configured my PPTP VPN server range from 192.168.1.31 and .32.
The .31 IP is assigned to the server when a client connects and the client
gets the .32 address. Now you can make that range as large as you want but
keep in mind a Windows Vista or XP PPTP VPN server can only accept one
incoming VPN connection at a time natively so that limits you.

As noted by Jeffrey a VPN (PPTP, L2TP/IPSec/SSL or SSH) is natively
encrypted. I offered you a number of solutions as options some based in
hardware (the best solution IMHO) and others based in software on each end.

I happen to use a SSH tunnel normally because I can use strong
authentication (ie. a private/public key pair protected by a strong
password) versus a password only (ie. for a PPTP VPN for example), a hosts
key file on my client that precludes, to a bit, the likely hood of a
Man-In-The-Middle attack and SSH is real easy to setup (again IMHO) for home
users like myself.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

 

[Blue Max]

Thank you, Jeffrey. Thanks to you gentlemen, we're just beginning to see a
little of the light.

As to my THIRD question, I am assuming that the remote client (home) can
initiate a connection with the host or VPN server (office). However, if I
want to use the office computer as the remote client and the home computer
as the server, don't I have to reverse the rolls so that the connection can
be initiated from the office to home?

Thanks,

Richard

**************************

 

[Jeffrey Randow]

Plus the fact that a SSH tunnel is able to tunnel virtually any
traffic and is cross-platform...

SSL Tunnels also work very well, but this is still an emerging
technology MS-wise...

 

[Blue Max]

Thank you, the VPN picture is becoming much clearer. However, we still have
few areas of confusion regarding the IP Address assignments as follows:

The office and home networks need to be on different subnets, ie. office
192.168.1.X and home 192.168.2.X for example.

In this example it appears that different numbers in the third segment of
the IP address represent two distinct subnets. However, in our case, both
our router's native IP addresses, which seem to determine our subnets, both
have the number "1" in the third segment. Does that mean that both our home
network and office network are on the same subnet? Which apparently would
be a problem according to what you indicate above regarding separate
subnets.

The assigned IP range on the PPTP VPN server at the office would be in
the 192.168.1.X range but outside the range of any existing static IP or
DHCP assigned IP addresses.

So the IP address range we are assigning, at the office, to the VPN server
and client, in the setup dialog, must lie within the realm of the office
subnet, correct? In other words, the first 3 segments will be the same as
the office IP addresses?

So for example my home PPTP VPN server is on my home subnet of 192.168.2.X.
I have static IP addresses assigned to two desktop PC, ie. 192.168.2.11 and
.12 respectively. I have a router based DHCP server running on my home LAN
that assigns mobile clients IP addresses from 192.168.2.101 through .110.

You lost me a little here. You are now talking about a PPTP VPN server at
home versus the office? Are we to assume that you are instructing us on how
to set up both locations as servers?

I subsequently configured my PPTP VPN server range from 192.168.1.31 and
.32.

Are we back at the office here? This server range here is within the realm
of the office subnet, not the home, correct?

The .31 IP is assigned to the server when a client connects and the client
gets the .32 address. Now you can make that range as large as you want but
keep in mind a Windows Vista or XP PPTP VPN server can only accept one
incoming VPN connection at a time natively so that limits you.

Are these addresses assigned to some kind of virtual server and client?
Obviously, the office computer (server?) already has an assigned IP address,
as does the home computer (client?), correct? So are we to assume that
these second IP addresses, .31 and .32 in the example range above, are being
assigned by the office computer (server?) to a virtual (VPN) server (itself)
and a virtual VPN client (the home computer)?

As noted by Jeffrey a VPN (PPTP, L2TP/IPSec/SSL or SSH) is natively
encrypted. I offered you a number of solutions as options some based in
hardware (the best solution IMHO) and others based in software on each
end.

Are these different VPN protocols available as native options within Windows
Vista VPN or are they purchased as separate third-party options?

I happen to use a SSH tunnel normally because I can use strong
authentication (ie. a private/public key pair protected by a strong
password) versus a password only (ie. for a PPTP VPN for example), a hosts
key file on my client that precludes, to a bit, the likely hood of a
Man-In-The-Middle attack and SSH is real easy to setup (again IMHO) for
home users like myself.

Finally, thank you for the clarification here and for all the other
assistance. Excuse my novice status, but these explanations have been
extremely helpful in understanding how to setup a VPN connection.

Thanks,

Richard

 

[Sooner Al [MVP]]

Thank you, the VPN picture is becoming much clearer. However, we still
have few areas of confusion regarding the IP Address assignments as
follows:


In this example it appears that different numbers in the third segment of
the IP address represent two distinct subnets. However, in our case, both
our router's native IP addresses, which seem to determine our subnets,
both have the number "1" in the third segment. Does that mean that both
our home network and office network are on the same subnet? Which
apparently would be a problem according to what you indicate above
regarding separate subnets.

* Yes, that means both your office and home networks will be the same
subnet, ie. 192.168.1.X for example. You would need to change one to
something else.

So the IP address range we are assigning, at the office, to the VPN server
and client, in the setup dialog, must lie within the realm of the office
subnet, correct? In other words, the first 3 segments will be the same as
the office IP addresses?

* Yes, that is correct.

You lost me a little here. You are now talking about a PPTP VPN server at
home versus the office? Are we to assume that you are instructing us on
how to set up both locations as servers?

* I only have/had a PPTP VPN server setup at home and connect with a laptop
client.

Are we back at the office here? This server range here is within the
realm of the office subnet, not the home, correct?

* That is a typo on my part. That should read 192.168.2.31 and .32. Sorry
about that.

Are these addresses assigned to some kind of virtual server and client?
Obviously, the office computer (server?) already has an assigned IP
address, as does the home computer (client?), correct? So are we to
assume that these second IP addresses, .31 and .32 in the example range
above, are being assigned by the office computer (server?) to a virtual
(VPN) server (itself) and a virtual VPN client (the home computer)?

* That's correct.

Are these different VPN protocols available as native options within
Windows Vista VPN or are they purchased as separate third-party options?

* If you have a Vista/XP box you use as a server then natively you only have
a PPTP VPN server available. A Vista/XP windows client will have PPTP and
L2TP/IPsec available natively. SSL and SSH are available on the internet for
free or $$$$. You might look at OpenVPN or SSL-Explorer for SSL options.

Finally, thank you for the clarification here and for all the other
assistance. Excuse my novice status, but these explanations have been
extremely helpful in understanding how to setup a VPN connection.

Thanks,

Richard

Your welcome.

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Blue Max]

Magnificent!

Thank you Al, I finally think I understand the basics. I want to express
my appreciation for sticking with me down to the last little question. From
experience, I know that a seeming trivial mis-interpretation can turn the
process from a pleasant experience into a nightmare. My only concern now is
whether my routers will support the VPN, but can certainly confirm that with
very little effort. I also wonder about our No-IP Dynamic Domain name, but
trust that the home client computer can contact the office server using the
server's static No-IP domain name versus a static WAN IP address (which we
do not have since it is dynamically assigned). I was also interested in
your use of a laptop as a client. Is it setup as a wired or wireless
client?

Thank you again, your assistance has been extremely helpful and we
appreciate the volunteer time you continually invest to answer the same
questions over and over again.

Sincerely,

Richard

******************************

 

[Sooner Al [MVP]]

Magnificent!

Thank you Al, I finally think I understand the basics. I want to express
my appreciation for sticking with me down to the last little question.
From experience, I know that a seeming trivial mis-interpretation can turn
the process from a pleasant experience into a nightmare. My only concern
now is whether my routers will support the VPN, but can certainly confirm
that with very little effort. I also wonder about our No-IP Dynamic
Domain name, but trust that the home client computer can contact the
office server using the server's static No-IP domain name versus a static
WAN IP address (which we do not have since it is dynamically assigned). I
was also interested in your use of a laptop as a client. Is it setup as a
wired or wireless client?

Thank you again, your assistance has been extremely helpful and we
appreciate the volunteer time you continually invest to answer the same
questions over and over again.

Sincerely,

Richard

The No-IP domain name is fine. I used one in the past and currently use a
DynDNS name. They both work equally well and I only switched because my
current router supports DynDNS as a built-in function.

One additional comment is I would still look at purchasing VPN end-point
type routers for each location particularly if you want a permanent VPN
tunnel between the two. Others can speak to that but look at ZyXEL, Linksys,
etc or Cisco if you want to spend more $$$$.

Good luck...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...