Never setup a VPN, want too, Please need help!

[nomad68]

Here's the situation. I want to setup a VPN here at work for 2 maybe 3 users to remotely access our network from their homes so they can do work at night from home. I already have a server ready with Windows 2000 server to act as the VPN Server and it's been configured for remote access. We use a Linksys BEFSR11 router with a DSL line for the Internet. I want to use our Active Directory for login purposes, in which I've already given each user permission to dial-in.
I've scanned the web looking for a step by step guide to setting up a VPN server but everything I find is very vauge on what all the steps are. Because what I've done doesn't work.
The part it seems I'm stuck with is what to use for an IP Address for the VPN server do I use a static IP Address given to me from our Provider or one available within our scope of addresses, also if the router I have now will work with a VPN.

Here's some info of how our network is setup.

Domain Controller IP Address x.x.11.7
File Server IP Address x.x.11.8
SQL Server IP Address x.x.11.5
Router IP Address x.x.11.1
I want to use x.x.11.6 for the VPN Server. Can I?
Our scope runs from x.x.11.1 to x.x.11.254
We also have been given from the ISP 5 static IP addresses.
x.x.123.6 which is the WAN IP
x.x.8.141
x.x.8.142
x.x.8.143
x.x.8.144 Do I need to use one of these for the VPN Server?
In the IP settings area in RRAS setup do I have to set a static IP address pool and if so from the addresses above what do I use the static IP addresses or from the scope or can I use DHCP?

Also one how to article I read said you need 2 network cards one configured with a true IP address and the default gateway and the other card should have an IP address assigned to the local network and it should not contain a default gateway?
I've configured the router per Linksys's website for PPTP Pass Through and IPSEC Pass Through to enable and have added these port ranges.

Application Name Trigger Port Range Incoming Port Range
1: VPN 47 - 47 1723 - 1723
2: VPN 50 - 50 500 - 500

in the linksys port triggering configuration screen as linksys knowledge base told me to.

I'm not sure what else I need to do to get the VPN to work, I'm hoping someone out there can give me the insight I need on what IP address I need to use or what I've left out of the process to get this up and running.

Any help is much appreciated.

Thanks

 

[ChicagoTechNet]

These may help. quoted from

http://www.chicagotech.net

How to authenticate a remote client to the DC

1. Setup site to site VPN.
2. Use log on using Dial-Up connection

How to setup VPN on w2k server with one NIC

Symptoms: When attempting to create VPN on w2k server with one NIC, you may receive "You have chosen the last available connection as the Internet connection. A VPN server required that one connection be used as the private network connection" if you select the NIC.

1. You should highlight No internet connection instead of the NIC or LAN connection.
2. You may try "Manually configured server option".


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com

 

[nomad68]

I already read that article, and that doesn't help with my problem. But thanks for your help.

 

[lvand2003]

Hi all,

is there any vpn freeware out there? please help. I work for the non-profit organization in salt lake city. And we don't have the money to link our other offices.
Any hints will be greatly appricated.

thanks

loc

ldoan@qwest.net

 

[JimPletcher]

lvand2003

Depending on your connections to the internet, you may already have what you need if
1.) you have the right kind of routers on ADSL or Cable connections.
or
2.) you have a file server (not just a Windows PC).

If either of these two conditions are met, all you may need is a little technical support.
If neither condition is met, you're probably in trouble.

 

[lvand2003]

Thanks Jim for the quick respond. I'm new to vpn.
I'll put together a pc scrap from several old pc's. This memorial weekend. it's a pentium III it's about 600 MHZ I think. But it's should be ok with 512 Meg of RAM. I'll write several letters to the local government agencies this weekend asking for the MS win2000 server software or maybe win2003 if possible. H.U.D. (Housing Urban Development) will slim their budget again next year for sure. It will affect some of our low income housing. Budget is tight everywhere.
Anyway, we rented 2 Actiontec R1524SU ADSL modems from Qwest. Both offices are now on 256k ADSL access. We want to be able to share files, printing, remotely control and support off-site pc's via vpn. We must cut the tech. time and fuel to drive to off-site location. My situation is kind of desperate.

THANKS IN ADVANCE FOR ANY HELP FROM ANYONE

 

[lvand2003]

Hi all

anyone out there using Actiontec R1524SU and know how to setup vpn connection with one Actiontec R1524SU at each end via DSL access.

thank you

 

[JimPletcher]

Don't expect too much from a vpn connection. They are verrrry sloooooow compared to local connections.

A Windows 2000 server running on 600Mhz Pentium3 w/512Mb won't be any screamer either - but it'll work.

If the server software is a problem, you might be able to set up a Linux server - or have someone help if you don't know anymore about Linux than I do.

Actually, with the right kind of routers, you don't need a server. I don't know anything about Actiontec, but you need a lot of control over the router to set up a vpn.

Since vpn-capable routers are FAR less costly than Windows server software, that might be something to try for.

 

[JimPletcher]

lvand2003,

Should have pointed out that a windows (or other) vpn client can only originate a connection to an end-point (router or server).

With a server at your location, the remote office will have to originate a session to use vpn.

When routers serve as end-points, a session can be started from either end.

 

[ciaobaby]

Nomad,

You really have most everything setup, all you really need is to point your router to xx.xx.11.6 (Should be your AD server with RRAS installed)

To shed some light on this type of VPN..

When a VPN client connects from the outside they "Dial-in" to the router's WAN IP - from there the router has to make a two-way connection: the ouside world and your internal server (not network). The VPN server will act as another router and connect your remote client to the rest of the network.

So ..

(Local LAN)<-->(VPN Server)<-->(Router w/ open VPN ports)<-- internet -->(VPN Client)

Most of the confusion gets created from having multiple subnets, when everything is said and done the two endpoints need be able to see eachother as if they were on the same subnet. ie 192.168.1.x

In your case it's not too complex... all you are doing is setting up a basic VPN with a router in between.

On the client end just create a VPN Dilp-Up connection and tell it to connect to your router's WAP IP .. (not sure what it is? from your posting)


Setup the router so it has open VPN ports to the VPN server, this will allow outside connections to VPN Server. I see that has been done somewhat... the same ports that have pass through also need to point to your VPN server. So instead you may want to setup TCP/UDP to point the VPN server.

This assuming that you have a Windows VPN Server all setup, of course! If not look into Remote Access and Routing.

If you have one setup, you can test it by connecting a local machine using the VPN Dial-Up.

Hope this helps!


If it ain't broke, it must be off.
-me