by May 1, 1999 0 comments

A VPN (virtual private network) lets companies
connect geographi-cally separate networks, using the Internet as the data carrier. Win NT
can be set up to do this in a few easy steps. The example given here uses PPTP
(point-to-point tunneling protocol) to create a tunnel through the Internet, that the VPN
clients can use to access their company’s network.

The basic requirement for setting up a VPN server is that
it should have a static Internet IP address. This is not possible in case of a dial-up
connection, as the IP address changes at every login. We’ll tackle this later in the

Setting up a VPN server on Win NT Server 4

You’ll first need to install PPTP on your NT server.
You can do this by going to Control Panel>Network>Protocols, and adding PPTP from
the list. Once the protocol is installed, it’ll ask for the number of VPN connections
you would like to establish. This is the maximum number of users who will be able to
access the VPN simultaneously. Besides PPTP, you must also add the TCP/IP and NetBEUI

Next, install the RAS (remote access services) of Win NT
and dial-up networking. You’ll need to install
NT Service Pack 3 before doing this. Install RAS by going to Control Panel>
Network>Services, and adding Remote Access Services from the list that follows.
You’ll need your Win NT CD for this. The setup will then prompt you to add RAS
capable devices. These are all the communication devices on your machine, such as modems
and the VPN connections you just added while setting up PPTP. RAS will automatically
detect and display all these devices, which you need to add to the RAS list of enabled

You’ll also need to configure the network settings for
each VPN connection separately. These settings let you configure the dial-out protocols to
be used, the RAS server settings for various protocols (TCP/IP, NetBEUI, IPX), etc. You
must also enable the option to allow access to a pre-determined IP address.

Setting up VPN clients

VPN clients can be configured for both Win 95 and 98. Win
98 comes with VPN client software built in. Before installing it, make sure you’ve
dial-up networking and TCP/IP installed. To add the VPN client adapter, go to Control
Panel>Add/Remove Programs, select the Windows setup tab, choose the Communications
option, and finally select the Virtual Private Networking option from the list that
follows. You’ll need to restart Windows after doing this.

Win 95 doesn’t come with VPN support. However,
it’s available in the upgrade to dial-up networking called DUN1.2. The upgrade is
very easy to install. It comes as a single executable file that installs everything.

Once the software has been installed, you’ll have to
create two dial-up networking connections on the client. Go to My Computer and open the
Dial-up networking folder. Here, run the Make New Connection utility. Create the first
connection by selecting the modem as the dial-out device. Now run the utility again, and
this time when it asks you to choose the dial-out device, choose VPN adapter from the
drop-down list. When you click the Next button, it’ll ask you for the host name or IP
address of the VPN server. Type in the IP address of the VPN server. Click on the finish
button to complete the connection.

Creating the tunnel

Now comes the most exciting part. Once all the software and
updates have been installed, it’s time to connect the VPN client to NT over the

First assign dial-in permissions to NT domain users. You
can do this by opening Remote Access Service Manger from Start>Adminisrative tools,
going to the Users menu and selecting the Permissions option.

Connect to the Internet from the client using the modem.
Once you are connected, run the VPN connection you created. The connection will search for
the IP address of the VPN server that you specified. If it finds it, you’ll be
prompted to enter your username, password, and the NT domain to log onto. Enter the
details, and it’ll log you in within no time.

That’s it! You’ve tunneled your way through the
Internet into your VPN server. To share the resources, just go to Network Neighborhood,
and you’ll find your Win NT server and all other machines on the network that have
sharing enabled.

Permanent IP address for dial-up connections

As already mentioned, the problem with using a dial-up
connect at the server end is that the IP address changes every time it connects. In case
of companies who have leased-line connectivity to the Internet and have an Internet server
with a fixed IP address, this is not the case. But for others, there has to be some method
of informing the VPN clients of the new IP address.

One method is to work out a deal with your ISP to get a
fixed IP address every time you connect. This IP address can then be given to VPN clients.
They can be informed that the server will be online at a fixed time during the day, so
they should only connect during those hours. Highly unlikely in the Indian scenario.
Another way is that after the server connects to the Net, you mail out the IP address of
the server to all the people who are to connect. When the client connects to the Net, it
downloads this mail first. The VPN setting is now changed to reflect the new server IP
address, and the client can now log in.

Or, add an entry to the DNS server of your Website, if
you’ve one. This entry can keep a permanent host name mapped to an IP address. Every
time the VPN server connects to the Internet, the IP address entry should be changed in
the DNS server which is pointing to this host name. This way, a VPN client doesn’t
have to remember any IP address. He can enter the host name in the VPN client settings. As
this is permanent, reconfiguration will not be required. Slightly cumbersome, and you need
to have the ability to change the DNS of your Web server on a daily basis.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.