Re: Is it possible to establish a VPN for road warriors using XP home and a machine running win2000 pro

"Jeff VA" <jcvanallen@xxxxxxxxx> wrote in message news:1187912681.800150.292340@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Aug 23, 8:42 am, Jeff VA <jcvanal...@xxxxxxxxx> wrote:
On Aug 23, 8:06 am, "Sooner Al [MVP]" <Soone...@xxxxxxxxxxxxxxxxxxxxx>
wrote:



> "Jeff VA" <jcvanal...@xxxxxxxxx> wrote in message

>news:1187830779.883097.101390@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

> > Hi,

> > I work for a small company that has a number of field technicians and
> > a small central office. The field technicians use laptops running
> > windows xp home edition. Most of the techicians connect to the
> > internet via wireless connections (D-Link DI-524's being the most
> > popular at the moment) The computer in the office is a Dell > > Precision
> > 650 running Windows 2000 Professional.

> > Is it possible to establish a VPN using this equipment / operating
> > systems?

> > I've attempted to connect using the "Incoming Connections" in 2000 > > and
> > the "Connect to a network at my workplace" option in the New
> > Connection Wizard (XP Home). (If so I've just got something
> > misconfigured) When I try to connect, the process stalls for several
> > minutes at the "Verifying user name and password" dialog, then
> > eventually reports "Error:721 the remote computer did not respond..."

> > I understand that XP Home isn't designed to authenticate against a
> > domain, but would that cause this error?

> > If that option isn't workable, can Open VPN be used to establish the
> > connection? I don't understand the difference well between the two
> > technologies, but if OpenVPN uses ca certificates for authentication,
> > would that circumvent the issue of trying to get XP Home to log in to
> > the "server".

> > Thanks in advance,

> Remember you need TCP Port 1723 open on any firewall between the server > PC
> and the client. Also the firewall must pass GRE Protocol 47 traffic. > You can
> test that using the tests detailed in the PPTP Ping and VPN Traffic > sections
> on this page...

>http://www.microsoft.com/technet/community/columns/cableguy/cg0105.mspx

> You could use OpenVPN as an alternative. I had it running on a XP Pro > box
> (server) and an XP Pro (client).

> What do the field techs need to access through the VPN? Ie. shared > files or
> actual desktops, etc? Secure Shell (SSH) may also be an alternative...

> --

> Al Jarvi (MS-MVP Windows Networking)

> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program -http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...

Al,
Thanks for the reply, I'll work through the testing as outlined on the
page you sent. As it happens, we're "Cable Guys", we build/maintain
fiber/coax cable systems. The techs need to be able to access a
couple of Access databases, and shared excel workbooks. Emailing
multiple copies of the same workbooks back and forth has led to
confusion and missed billing. I'm trying to eliminate the confusion.

I'll follow up once I've worked through the "testing network paths"
instructions.
Thanks for now

Thanks again for the guidance, I've made good progress to date, but
some work left to do....

The following was completed with an XP home laptop and the Win 2000
Pro server operating within the same LAN...

After reading through the Cable Guy article on testing network paths,
I downloaded the Windows XP Service Pack 2 Support Tools from

http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en

Since the tools won't install on Windows 2000 Pro, I installed them on
the XP home machine and then copied the pptpsrv executable over to the
server.

On the server I navigated to
Control Panel => Administrative Tools => Services and disabled the
"Routing and Remote Access Service

I then started the pptpsrv tool on the server, and ran the pptpclnt
tool on the laptop. The tools showed that I had good communication on
port 1723, but the server didn't receive any GRE traffic.

After realizing that protocol 47 is NOT the same as Port 47, I
navigated to the VPN section of the D-Link support page and found out
how to configure the router to pass this protocol...

"In Virtual Server make 1 entry for your PPTP/GRE connection. Use TCP
port 1723 and forward to your MS VPN (PPTP/GRE) server. This has to be
TCP (not UDP or Both). After applying settings, check Firewall section
for a TCP 1723 entry and a PPTP_GRE entry. Now connect to your WAN IP
address using your MS VPN client from the WAN (this will not work from
LAN using the WAN IP to loopback to LAN). "

With this done, I ran the pptpsrv and pptpclnt tools again, and both
the communication on port 1723 and the GRE tests were successful..

On the laptop, I created a new connection, and can now log into the
vpn from home.

I still have to figure out how to map the server shares as network
drives, but that's another post.
Thanks again,


If your not running a WINS server on your office network then an alternative is to use a lmhosts file on the VPN clients. Then you can address shares using the UNC in the form \\ComputerName\ShareName. Here is an example lmhosts file and the MS guidance...

http://theillustratednetwork.mvps.org/Vista/PPTP/Examplelmhosts.txt

http://support.microsoft.com/kb/314884/en-us

Good luck...

--

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

.

Relevant Pages

  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • Re: VPN with SBS 2003 (not R2) and DSL.
    ... Reading property value for VPN returned OK ... Reading VPN Server Name returned OK ... identical network cards. ... it seems doubtful that SBS will work properly with two NICs ...
    (microsoft.public.windows.server.sbs)
  • RE: Printing from Win9x clients stops
    ... > and make sure this software does not interfere with SBS Server. ... > clients, please disable it and try again. ... Create a local printer and redirect the port to the network server. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Connection Problems
    ... Note that we are able to successfully VPN into the office. ... to browse the network, RDP to the server or even ping the server. ... > This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN clients unable to connect to other resources.
    ... on the SBS 2003 server just not sure where to go for help on it. ... Next time I'm at my home PC, I'll VPN in and see what IP info I'm getting ... client PC on your LAN, you should be able to do so from a remote VPN client, ... get the network path was not found. ...
    (microsoft.public.windows.server.sbs)