Please note that ExpatTech no longer operates regular office hours, meeting is by appointment only. Please call +36306031104 for details.

ExpatTech Techblog

Nagy Richárd 2008.10.28. 18:38

Setting up a VPN

In the office, we have a LAN behind a router. On the LAN there is a fileserver which hosts personal and project files which are to be shared and/or backed up. This fileserver runs Windows XP. We have employees who live in other cities and work from there, and we also wanted to be able to access shared files from home, so we decided to set up a VPN (Virtual Private Network). This basically means that from the Internet we can connect to our LAN and use its resources through a private and secure channel.

I became the lucky person to be selected for this special quest. I expected it to be easy, but this was not the case.

First, I had to set up a VPN Server in Windows XP on the fileserver. This was easy. I have set up a special user account for VPN with a very strong password and made him a member of the Users group.

Then I had to set up a VPN client on a computer which was not part of our LAN, for which I grabbed a laptop and went to the nearby pub that had WLAN. Steps are described here.

Tried to connect, error. Well, let's set up the router to forward the ports needed to the fileserver. I set it to allow VPN Passthrough for IPSec, PPTP and L2TP. I forwarded ports 50, 51, 500 and 1723 to the fileserver's IP. I also had to set up the firewall programs (on the client, a Windows Firewall, first I turned it off for the VPN connection to check if it is the problem).

Connection established. Cool. Next problem was that on the LAN we use DHCP, but if I wanted the forwarding to work, I had to set up a fixed IP for the fileserver. I have chosen one, set up subnet mask, gateway and DNS.

Connection can be established now, and not just temporarily. Next problem was that I could ping other computers on the LAN from the client, but could not access their shares through neither \\fileserver\shares nor \\{fileserver's IP}\shares. I started to get a bit angry.

I have read that if the client computer is on a network with IPs like 192.168.10.x and I try to connect to a VPN which also has IPs like 192.168.10.x those will conflict. This was not the case.

After a lot of research I found this article. It is from the Microsoft Knowledge Base and it describes a small registry change. I applied it.

Finally, when I tried to access \\fileserver\shares, it was found! I could not open it though, I had to set up the permissions for the user I created for VPN purposes on the fileserver. After that, it worked just fine. Brilliant.