I need to create a vpn between two pcs in remote sites using dsl. One pc is xp pro the other is windows 2000 pro. The pc with xp pro sits behind a linksys router. the other is connected directly to broadband. Can anyone point me in the right direction. Quite new to vpn's, but need to learn how to set this up as soon as possible
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
vpn between two pcs over dsl
- Thread starter lagg
- Start date
cyberspace
Technical User
Does the Linksys router support VPN traffic?
What is the purpose of the VPN? Do both machines require access to eachother, or is it say the remote machine needs access to your machine? If both require access to eachother, you will need hardware that is capable of supporting VPN traffic at each site. You can then use a software client to connect. Alternatively, if its just so the remote machine can connect to you (or vice versa), you can have VPN hardware on one end and then the remote site can connect with a software client.
If both need access to eachother, I think the way to do it will be you connect to the other site via the VPN tunnel, and the other site connects to you via a different VPN tunnel, IE:
Tunnel 1: Your software client > VPN Tunnel 1 over internet > Remote machine VPN hardware > Remote machine/network
Tunnel 2: Remote Machine software client > VPN Tunnel 2 over internet > Your VPN hardware > Your machine/network.
At least, I think this is how it works - my experience of VPN's has only been when getting remote workers to connect to the site at which I manage - We have capable VPN hardware here, and the remote workers connect to it using an IPSec VPN Client (NCP), which I set up.
If you can give us some more specific information of exactly what you want to achieve then I can give you a more specific answer.
Hope this is useful.
'When all else fails.......read the manual'
What is the purpose of the VPN? Do both machines require access to eachother, or is it say the remote machine needs access to your machine? If both require access to eachother, you will need hardware that is capable of supporting VPN traffic at each site. You can then use a software client to connect. Alternatively, if its just so the remote machine can connect to you (or vice versa), you can have VPN hardware on one end and then the remote site can connect with a software client.
If both need access to eachother, I think the way to do it will be you connect to the other site via the VPN tunnel, and the other site connects to you via a different VPN tunnel, IE:
Tunnel 1: Your software client > VPN Tunnel 1 over internet > Remote machine VPN hardware > Remote machine/network
Tunnel 2: Remote Machine software client > VPN Tunnel 2 over internet > Your VPN hardware > Your machine/network.
At least, I think this is how it works - my experience of VPN's has only been when getting remote workers to connect to the site at which I manage - We have capable VPN hardware here, and the remote workers connect to it using an IPSec VPN Client (NCP), which I set up.
If you can give us some more specific information of exactly what you want to achieve then I can give you a more specific answer.
Hope this is useful.
'When all else fails.......read the manual'
- Thread starter
- #3
Thanks for your response. Basically I have a Point of Sale terminal which is a pc running Windows 2000 and the EPOS software, this is the remote unit. In the head office I have a PC running XP PRO with the backoffice software. If these two machine were in the same location the two software packages would communicate via TCP/IP or IPX/SPX (user selected). I need to recreate this network performance over a DSL connection.
cyberspace
Technical User
I see - well in that case you could use a suitable VPN box at head office, and then a VPN software client such as NCP running on the remote machine to connect to HO. If you need to purchase a VPN unit, make sure it supports IPSec!
I strongly reccommend that you use an IPSec client - this is a secure protocol, which is going to be especially important for epos transaction data.
NCP is around £55 per licence - more information here:
PPtP (Point to Point Tunnel Protocol) is not secure and should definatley not be used in this case. This requires a simple username and password (I think it's sent in plain text accross the link!!) so certainly poses a risk.
This setup will effectively make the remote machine a local machine on the head office network via the vpn tunnel.
Hope this helps!
'When all else fails.......read the manual'
I strongly reccommend that you use an IPSec client - this is a secure protocol, which is going to be especially important for epos transaction data.
NCP is around £55 per licence - more information here:
PPtP (Point to Point Tunnel Protocol) is not secure and should definatley not be used in this case. This requires a simple username and password (I think it's sent in plain text accross the link!!) so certainly poses a risk.
This setup will effectively make the remote machine a local machine on the head office network via the vpn tunnel.
Hope this helps!
'When all else fails.......read the manual'
- Thread starter
- #5
Thanks again for your information. By VPN box do you mean a router that supports VPN? Would it be possible if you could explain a little further how to go about setting up the VPN connection using the router and NCP? I'm not experienced at all in this field, so any help is much appreciated
cyberspace
Technical User
Yes, thats what I mean; a Router that supports VPNs. sorry for the jargon!
It's not too difficult to set up, it's just fiddly because it doesn't always work first time becuase you may have made some minute error at some point in the config, for example...two letters the wrong way round in a word, mis-typed key, and such like.
The exact setup of a VPN can differ between different hardware/software, but the principles and general [ractice is the same. Essentially, you go to the VPN setup on your router/firewall unit, and you will see something like this:
(I have included some examples)
SKIP/IPSEC VPN
VPN Link Details:
VPN channel:
Destination network: 192.168.1.0
Destination netmask: 255.255.255.0
Tunnel IP address: 0.0.0.0
Local network: <your local network address eg. 10.0.0.0>
Local netmask: 255.0.0.0 in this case
Username: NCP
Pre Shared Key: <generated by unit>
Peer Is: Generic IPSEC (Main Mode)
So this is the basis of the VPN connection, typically it is only one screen to fill in on the VPN unit.
Configuring the client is where it can be fiddly.
However I can give you pretty much an exact config for NCP as that is what we use here...obviously I have removed the exact details used - the different sections are underlined. WHen initially setting up a profile the order is not exactly the same but you get the idea...
Setup Information for NCP Secure Entry Client
Configuration > Profile Settings
New Entry Procedure:
Basic Settings:
---------------
Profile Name: <whatever you want to call it>
Type: Link to Corporate Network using IPSec
Comms Medium: LAN/WLAN (Over IP)
Line Management:
----------------
Connection Mode: Manual
Inactivity Timeout: 100 seconds
ISDN Multilink: Off
IPSec General Settings:
------------------------
Gateway: <Remote Gateway ie. VPN machine/router>
IKE Policy: Pre Shared Key
IPSec Policy: ESP - AES128 - MD5
Adavanced Options:
------------------
Exch Mode: Main Mode
PFS Group: DH-Group2(1024 Bit)
Identities:
-----------
Type: IP Address
ID: 1
Use Pre Shared Key: <MUST BE SAME AS GENERATED ON VPN UNIT>
Leave XAUTH off.
IP Address Assignment:
----------------------
Manual IP Address: 192.168.1.X (same as specified on VPN unit)
Subnet Mask: 255.255.255.0
DNS/WINS: as per remote domain
Domain Name: as per remote domain
Remote Networks:
----------------
Network Address: <eg 10.0.0.0/255.0.0.0>
Certificate Check:
------------------
All blank
Link Firewall:
--------------
SPI: Off
NetBIOS enabled
Leave MS Dial Up unchecked.
That's about all you have to do really - looks worse than it is, it's fiddly - but to inspire you with confidence, I was in the exact same position as you at the time!
Hope this is useful..good luck.
'When all else fails.......read the manual'
It's not too difficult to set up, it's just fiddly because it doesn't always work first time becuase you may have made some minute error at some point in the config, for example...two letters the wrong way round in a word, mis-typed key, and such like.
The exact setup of a VPN can differ between different hardware/software, but the principles and general [ractice is the same. Essentially, you go to the VPN setup on your router/firewall unit, and you will see something like this:
(I have included some examples)
SKIP/IPSEC VPN
VPN Link Details:
VPN channel:
Destination network: 192.168.1.0
Destination netmask: 255.255.255.0
Tunnel IP address: 0.0.0.0
Local network: <your local network address eg. 10.0.0.0>
Local netmask: 255.0.0.0 in this case
Username: NCP
Pre Shared Key: <generated by unit>
Peer Is: Generic IPSEC (Main Mode)
So this is the basis of the VPN connection, typically it is only one screen to fill in on the VPN unit.
Configuring the client is where it can be fiddly.
However I can give you pretty much an exact config for NCP as that is what we use here...obviously I have removed the exact details used - the different sections are underlined. WHen initially setting up a profile the order is not exactly the same but you get the idea...
Setup Information for NCP Secure Entry Client
Configuration > Profile Settings
New Entry Procedure:
Basic Settings:
---------------
Profile Name: <whatever you want to call it>
Type: Link to Corporate Network using IPSec
Comms Medium: LAN/WLAN (Over IP)
Line Management:
----------------
Connection Mode: Manual
Inactivity Timeout: 100 seconds
ISDN Multilink: Off
IPSec General Settings:
------------------------
Gateway: <Remote Gateway ie. VPN machine/router>
IKE Policy: Pre Shared Key
IPSec Policy: ESP - AES128 - MD5
Adavanced Options:
------------------
Exch Mode: Main Mode
PFS Group: DH-Group2(1024 Bit)
Identities:
-----------
Type: IP Address
ID: 1
Use Pre Shared Key: <MUST BE SAME AS GENERATED ON VPN UNIT>
Leave XAUTH off.
IP Address Assignment:
----------------------
Manual IP Address: 192.168.1.X (same as specified on VPN unit)
Subnet Mask: 255.255.255.0
DNS/WINS: as per remote domain
Domain Name: as per remote domain
Remote Networks:
----------------
Network Address: <eg 10.0.0.0/255.0.0.0>
Certificate Check:
------------------
All blank
Link Firewall:
--------------
SPI: Off
NetBIOS enabled
Leave MS Dial Up unchecked.
That's about all you have to do really - looks worse than it is, it's fiddly - but to inspire you with confidence, I was in the exact same position as you at the time!
Hope this is useful..good luck.
'When all else fails.......read the manual'
- Status
Similar threads
- Locked
- Question
- Locked
- Solved