Virtual private networks, or VPNs, are network connections made over a public network (usually the Internet) using encryption and other technologies to keep your data traffic private. For easy connections from a Windows PC to a remote network, PPTP connections are easiest and don't require the installation of any software on the remote PC. For the ultimate in stability, security and reliability, use an IPSec net-to-net VPN connection. IPSec net-to-net connections are always 'up' and quite stable. Assumptions We are assuming you have a Windows XP machine as the remote PC. Windows 2000 is similar. Windows 98/ME may require less-secure encryption methods. Though making a PPTP VPN connection is similar when connecting to any PPTP VPN server, here we discuss only SME Server 7 and SnapGear firewalls terminating the VPN connections. If you have both a SnapGear firewall and an SME server, use the SME server to terminate the VPN connections. Testing You can NOT test a VPN connection if you are already connected to the target network. You m ust connect to the Internet from another location or via an alternate method such as a modem to test a VPN connection. You have been warned. Configure the VPN If You are Terminating the VPN Connections at a SnapGear Firewall Device - log into your SnapGear firewall using a web browser - enable PPTP server on your SnapGear - assign a small block of addresses from the internal network 1 / 5
- set the security policy ('MSCHAPv2 and Encryption' for XP/2K) - click continue - add a PPTP (remote) user - leave 'domain' empty - more info here If You are Terminating the VPN Connections at a SME Server - log into your SME Server-Manager as admin using a web browser - enable the VPN server function in the Remote Access panel - enable VPN Client Access in the Users panel for every user that will need VPN access - if your server is not in Server-Gateway mode, forward port 1723 from your firewall to the SME server Create a VPN Connection from the Remote Windows PC - Log into Windows with administrative privileges - Set the network workgroup name to match the destination workgroup/domain name - or you can forgo browsing and use search or other techniques listed below - Start, All Programs, Accessories, Communications, New Connection Wizard - Connect To Network at Workplace, VPN Connection - Name the connection something simple like 'Office_VPN' - Do Not Dial, since you have a cable modem/dsl connection - Domain name or IP address of your firewall - like fw.yourdomain.com or 198.182.xxx.xxx - Add a shortcut to your Desktop - Allow connection to be used by all users Make the VPN Connection - Log into the remote Windows machine as the regular user - Make sure you are connected to the Internet - Double-click the shortcut on your Desktop for the new VPN connection - Start, All Programs, Accessories, Communications, Network Connections - then double-click - Enter your VPN username and password - For SME Server-terminated connections, this is your normal network/e-mail username and password - For SnapGear-terminated connections, use the credentials created on the SnapGear firewall 2 / 5
- Connect - Right-click the icon to disconnect Use the VPN Connection - Open My Network Places - Open View Workgroup Computers - Double-click the server you want to access - etc. You should now be able to connect and browse via Network Neighborhood (My Network Places). If not, you'll need to verify the VPN server is fully configured before troubleshooting the remote connection. Even if browsing (name resolution) fails, you can still access network resources as follows. View Network Resources Without Using Name Resolution Open a command prompt and enter: net view \ and hit enter. You will see something like: C:Documents and Settingsgcooper>net view \192.168.1.2 Shared resources at \192.168.1.2 Mitel Networks SME Server Share name Type Used as Comment 3 / 5
-------------------------------------------------------------- company Disk F: Company Shared Files cpw Print LPT1 Minolta Color PageWorks dot Print LPT2 Panasonic KXP2023 gcooper Disk H: Home directory oki Print LPT3 Okidata ML520 Primary Disk Primary site The command completed successfully Map a Network Drive Without Name Resolution Open a command prompt and type (choosing any unused drive letter): net use f: \192.168.1.2company Which will result something like: C:Documents and Settingsgcooper>net use f: \192.168.1.2company The command completed successfully. Use a Network Printer Without Name Resolution Open a command prompt and type (choosing any unused LPT port): net use lpt3: \192.168.1.2oki 4 / 5
Which will result something like: C:Documents and Settingsgcooper>net use lpt3: \192.168.1.2oki The command completed successfully. 5 / 5