setup wizard does not see network adaptors

[Dave]

I am trying to set up my Win2K Pro box to act as a VPN server behind a
D-Link DSL router/firewall. I'm quite sure the router is configured
correctly as I serve other apps through the firewall.

From the Microsoft help and the reading I've done in Google, it looks to be
pretty simple, Make New Connection in the Networking control panel, then
Incoming Connections, then pick which adaptors you want to accept incoming
connections. My problem is that the only device listed is LPT1. ??? Now as
I am on a 192.168.1.0 private network, perhaps Microsoft in their great
wisdom decided I am too stupid to figure out that I am in a non-routable
address range and therefore cannot add RAS to this adaptor... I guess they
have never heard of IP masquerading or NAT boxes.

Does anybody have any clues for me? I am predominantly a UNIX/Linux guy and
so am easily frustrated by the layers and layers of annoying distraction
which so dominate Microsoft software.

While I'm at it, is it possible to configure a network adaptor in Win2K to
use more than one IP on differing subnets? I.e. virtual subnetting the way
Solaris can?

thanx, Dave

 

[Bill Grant]

Just set up the incoming connection and allow VPN connections. This will
set up the WAN miniport for VPN connection. (You only need the interface
visible on the server machine if the remote connection is coming directly to
this machine from the Internet). Check the config by making a VPN connection
from another LAN client to the VPN "server's" LAN IP.

To connect from a remote location, forward tcp port 1723 from the router
to the VPN server machine. Then connect to the router's public IP or FQDN.
If you get an error 721, check that the router/firewall is not blocking GRE
(IP protocol 47). A PPTP connection will fail if GRE is blocked, because the
encrypted data crosses the Internet as the payload of a GRE packet.

 

[Dave]

Do I need to install PPTP as a transport protocol someplace, or is it
included as part of the TCP/IP package? I don't see it as an installable
choice anyplace in the Networking setup screens...

thx for your help

dave

 

[Dave]

Ok, that works. I can connect via VPN from one computer on the LAN to my
W2K VPN server using strictly private IP's.

So what I've done is forwarded ports 1723 and 47 on the router to my
internal VPN machine, 192.168.1.100. Haven't tried from the outside world,
but I cannot configure my VPN client on an internal box (say 192.168.1.25)
to connect via VPN to the external IP of the router... maybe because the
outbound VPN traffic is already using port 1723?

Any thoughts? As far as I can tell from Google posts, I cannot or do not
need to enable anything on the router. As I initially noted I have other
apps which work thorugh the firewall using port forwarding...

As an aside, it doesn't appear that any inbound traffic is making it to the
VPN server internally when I try this... i.e. there is no failure
notification in the Event Viewer. Guess I'll try from home tonight and see
what happens.

thanks for your help

dave

 

[Bill Grant]

That's right. You cannot test the connection to the router from inside
the LAN. You must come over the Internet to the router's public interface.

Port 47 (tcp or udp) has nothing to do with VPN. What you must allow is
GRE which is IP protocol 47.

 

[Dave]

Works just fine. I set my client machine's workgroup to match my private
workgroup, installed NetBEUI on VPN server and client and I can now browse.
Do you know if Win2K Pro has the ability to act as a WINS server? I know
NT4 could, but again I don't see it in any Win2K setup screens... perhaps
only Win2K server has the WINS service? I don't particulary want to run
NetBEUI if I don't have to. WINS *should* give my LAN machines the ability
to browse the VPN clients... otherwise I'm looking at distributed LMHOSTS
files and static IP mapping for VPN clients - 8-(. This would not be the
end of the world as I have more than enough address space.... I suppose I
could modify the remote login script to add mapping to LMHOSTS.

Your thoughts appreciated.

dave

 

[Bill Grant]

WINS only runs on server models, not Pro. But it could run on any
machine on the network, if you have a server on the LAN.

Browsing a LAN from a remote client is tricky, especially without WINS
and without a domain setup. With WINS and a domain it works, because the
remote client can use WINS to find the Domain Master Browser to get a browse
list.