Every VPN Problem Is A Frustrating VPN Problem

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

VPN solutions seem to require wizard-like (as in Oz) powers, with smoke and
flame and lightning bolts in the fingertips of whoever succeeds in getting it
to work. First, you have at least two computers or computer-like entities
that have to be configured independently so that they will work together.
Naturally, when the two devices are manufactured by different companies, the
nomenclatures of the user interfaces will be different. The inherent
confusion in the nomenclature is thus compounded. Should anything go wrong,
the devices only hint at the problem and give no solution leaving that to the
wizard. VPN technology requires negotiation of protocols and variations on
protocols, key exchange, message encryption that may or may not include
certain message headers, encryption keys that change periodically and on and
on and on. Any of these "features" can cause the process to fail. Then
there are problems introduced by firewalls, NAT routers, and who knows all
what else.

If a wizard were smart, what would he (or she) do in the following
circumstance. The problem is simple. A computer running Windows 2003 Server
is at the home office on a LAN. A travelling salesman wants to connect to
the LAN via VPN from various and sundry points. Presumably the best solution
is to put a second NIC in the Windows 2003 Server on a second Internet IP
address and configure a client network interface on the salesman's laptap.
Do we L2TP or PPTP? Which is easier and why? Any suggestions on books,
whitepapers or pamphlets along the line of "VPN for Dummies?"

Any and all practical help is welcome.
 
Here's where I'd start--if you go to:

http://www.microsoft.com/vpn

it'll take you here:

http://www.microsoft.com/windowsserver2003/technologies/networking/vpn/default.mspx

I don't have a lot of experience with either 2k3, or VPN other than PPTP,
but I can tell you where I'd start.

As I understand it, 2k3 has the Windows firewall built in, and turned on, so
you need to open some ports. A VPN (either l2tp or pptp) uses multiple
protocols and ports-- for PPTP, those are: Protocol 47 (GRE), and TCP port
1723.

So--any device providing NAT translation or firewall services between the
2k3 server and the Internet needs to be configured to pass both those
inbound to the 2k3 server.

In the case of the firewall, I believe that the protocol 47/GRE stuff is
automagic, and all you have to do is open port 1723, TCP.

As with other networking issues, testing in stages makes things easier--if
you have two machines at home, enable PPTP VPN inbound on the 2k3 server
(sorry--can't tell you just how to do that) It should automatically accept
connections on all network interfaces--you do not need another nic. Then
create a VPN connection on another machine that can see the 2k3 on the
network--In xp, network connections, add a new connection, advanced, connect
to my office..... just give the name of the 2k3 machine or its IP
address--and see how that works. The user involved in logging in will need
to have Active Directory permissions set to allow remote access, I believe.

Successful authentication is proof you've got this working.

Then try from outside the home network.

If you've never done this kind of remote work into the home network before,
the next question is: How do I specify the address of the machine I want to
connect to?

The simple answer is that you need the IP address of the home network.
So--tell us how that network connects to the Internet.

Probably the vast majority of such connections today use dynamic
addressing--each time you connect, via dialup, adsl, or even cable modem,
you get a different, unpredictable, IP address.

For this, you need a dynamic dns provider-

http://www.dyndns.com/about/home_solutions.html

has free service for home users, or you can try a commercial service--I've
used

http://www.tzo.com for many years--at the time I started, I wasn't sure
that the free providers were sufficiently reliable for me--I'm not sure that
is as much of an issue now.
This service is not expensive--$40 for 2 years, I think.

I'm going on too long, and I think I've missed some important details--we
need to know more about how your 2k3 server connects to the internet. Here
are some links with illustrated help--check them out and see if they help
fill out your understanding:

http://www.onecomputerguy.com/networking/xp_vpn_server.htm

http://www.onecomputerguy.com/networking/xp_vpn.htm

PPTP is easier than l2tp, which is why I've described it. However, l2tp is
more secure--so maybe the l2tp folks will step in and give some more detail
about that?

This is really off topic for this group--you'd get better help in a
newsgroup related to server networking--here's a link to what is probably a
better group for the question:

http://www.microsoft.com/technet/co...ting&mid=ee42b405-9813-48d3-accf-ae1808082966

This link was taken from the lower right corner of the first link I
cited--www.microsoft.com/vpn

They can probably do a much better job than I have, particularly with the
details at the 2k3 end--I've got a 2k3 upgrade ready to go, but haven't done
the work yet, so I can't speak to the details yet.



--
 
Back
Top