Networking

Get connected to a Windows Server 2003 VPN in this step-by-step

Connect to a Windows Server 2003-based PPTP virtual private network (VPN) with this step-by-step user installation and configuration guide.

Once you get a Windows Server 2003 PPTP-based VPN up and running, you'll probably want to connect clients to the new service. For this article, I'm connecting to a Windows Server 2003 server that has the Remote Access role enabled, and that accepts incoming PPTP connections. Further, I've made sure that the user account I'm using to connect has been granted remote dial-in privileges. Steps to configure all of this, and more, are found in this article's companion piece. Finally, I'm using a Windows XP Professional SP2 machine for the connection, although these steps will work with pre-SP2 systems.

Network Connections is where it's at

Get started by visiting Start | Control Panel | Network Connections. Now, you need to create a new network connection. To do this, either go to File | New Connection, or click the Create a new connection option in the left hand pane, as shown below in Figure A.

Figure A

Whichever method you choose, the result is the same—the new connection wizard starts

On the first screen of the wizard, which contains just information about the wizard's purpose, click Next.

The first useful screen of the wizard asks you to determine exactly what kind of network connection you'd like to create. For this article, you're connecting to a VPN, so choose the "Connect to the network at my workplace" option. It doesn't really matter where your VPN resides. Click Next when you're ready.

Figure B

Choose your network connection type

There are two ways that you can connect to your workplace—(1) dial-up; or (2) VPN. For this step, select the Virtual Private Network connection option and click the Next button.

Figure C

Choose the Virtual Private Network connection option for this step

The next step of the wizard asks you to name the new connection. You can use just about anything you want here since this just helps to keep track of what's what on your client machine. A name is useful if you have more than one VPN connection to manage.

Figure D

Name your connection to help keep track of it

The next step of the wizard asks you to decide which users should be able to use this new connection. Do you want it available for just the use of the currently logged in user, or should it be available for any user? Keep in mind that, even if a connection is available to a logged in user that you don't want connected to the VPN, user must still provide valid credentials to actually attach to the VPN services. For this example, I've enabled the VPN connection for my use only.

Figure E

Who should be able to start this connection?

Finally, you're finished creating the initial connection, as evidenced by a screen that looks like the one shown in Figure F. Click Finish.

Figure F

Your new connection is created

Configure the connection

The Network Connection Wizard just creates the initial connection with common parameters. Now that it's created, you need to make modifications based on your environment. In particular, I've often run into trouble with Network Connection Wizard-created VPN connections' default gateway setting—more on that in a bit.

As soon as you're done with the Network Connection Wizard, the new connection pops up so that you can connect to the remote VPN server. The example, shown below in Figure G, contains the username and password, which I provided.

Figure G

Don't hit that Connect button quite yet…

Before you hit the Connect button, take a little time to adjust the client settings. To do so, click the Properties button. I will go through most of the screens, and provide explanation where I recommend that you change the default settings.

General tab

There isn't much to change here, except if you need to change the name or IP address of the server to which you will connect. You can also configure this connection to dial a different connection before attempting to connect to the VPN. This is useful for clients that need to establish a dial-up connection before connecting to the VPN as it reduces the number of steps the remote user must take to attach to your server. Also located on this tab is a checkbox that enables the network adapter icon to appear in the system tray whenever this connection is active.

Short version: You don't need to make changes here if you provided all of the necessary information during the wizard.

Options tab

The Options tab provides choices for how to handle the initial connection and any subsequent redial attempts. The word "dial" on this screen is a little misleading since the options aren't strictly for modem-only users.

On this screen, you can dictate whether the system should provide you with information about the connection status and how user names, passwords and domain names should be handled. Further, you can tell Windows what to do if the connection is dropped—should it be automatically redialed or not, for example?

Figure I

The Options tab provides different ways of handling authentication and redialing

Short version: You don't need to make changes here if you provided all of the necessary information during the wizard.

Security tab

As you can imagine, this is where you specify security settings for the connection. If you set up your VPN server as per the instructions in the previous article, you shouldn't need to change these settings. If you want to increase security, though, select the "Advanced (custom settings)" option and make sure those match your server setup. I won't be going into these options in this article, however. This article series' scope is simply to get a PPTP server up and running and accepting connections from clients.

One option I never recommend that you enable is the "Automatically use my Windows logon name and password (and domain if any)" option since it can result in a big, gaping security hole. Basically, if you forget to log out, or whatever, anyone that walks up to the client computer could connect to your organization's network and do what they will. It's not that much work to type a user name and password.

Figure J

The security tab has many different options for securing your connection

Short version: You don't need to make changes here if you provided all of the necessary information during the wizard.

Networking tab

This tab provides a means for you to configure the various network options for this connection. The first option asks you about the type of VPN to which you're connecting. The default is Automatic meaning that Windows will determine whether the remote VPN is PPTP or L2TP. If you want, you can set this specifically to PPTP.

At the bottom of this window, you can change network settings, including IP addressing information. One setting, in particular, deserves attention: the choice of whether the VPN connection will use the default gateway of the remote network as its own default gateway. Most of the time, users will be connecting from home, from a hotel, or from a cybercafé of some kind—and they will probably be using a high-speed Internet connection.

By default, Windows configures new connections with the option enabled that uses the default gateway on the remote network. This can often cause problems with confused traffic, and you might find that a connected client is only able to use resources on the remote network when this is enabled. This setting may be required if you need to access resources on different subnets at your company. For example, if your VPN client gets an IP address on the 192.168.32.0 network, and you need to access resources from 172.16.1.0, you will either need to use the remote network's default gateway, or locally configure a number of static routes, which can be a pain. In these cases, use the remote network's default gateway and disconnect if you have trouble accessing Internet resources.

If you're on a smaller network, or only need to access resources on the local subnet, disable this gateway feature. To do so, select "Internet Protocol (TCP/IP)" from the item list at the bottom of the window and click Properties. On the resulting TCP/IP configuration page, click Advanced. On the Advanced settings window, uncheck the box "Use default gateway on remote network".

Figure K

If you want to change the gateway setting, select TCP/IP and click Properties

Figure L

…Next, click the Advanced button…

Figure M

…Finally, deselect this checkbox

Short version: If you need to access resources on multiple networks at your company, use the remote gateway. If not, don't use the remote gateway.

Advanced tab

The Advanced tab does not have any options that would be useful for a typical connection. You can configure the Windows firewall and Internet Connection Sharing from this tab, though.

Figure N

The Advanced tab is used a lot for VPN connections

Connect!

Now that you're connection is configured, you can click the Connect button on the main window. After you do so, you can select the connection in Network Connections and view its properties. You will get screen similar to the ones shown below in Figures O and P.

Figure O

The client has been connected to the server for a couple of minutes

Figure P

And here are the details for the connection

It works

This download provided a quick overview for getting a Windows Server 2003-based PPTP VPN up and running quickly and easily. It's not the most secure VPN in the world, but it works, and is simple, which is sometimes all that's needed.

0 comments