[转载]Configuring a free VPN in home with Windows XP
文章作者:CCIE9277I've had numerous members here email me about writing an article on setting up a secure, inexpensive, home VPN solution that they could use to share files between their home and office computers while they were at work. After speaking with many different people on the subject, I decided that most of them were running Windows XP for their operating systems and Linksys brand routers. That being said the following article is based on the above specifications and will involve no extra cost in setting up the VPN connection.
VPNs or Virtual Private Networks continue to increase in popularity due to the rise of inexpensive, high capacity Internet connectivity. Therefore lots of people are now using secure VPNs in order to connect to their home based networks as well as their office networks. If you have stumbled across this article and do not know the meaning of the term VPN it would be as follows:
A VPN is used to connect multiple private networks securely across an unsecured public network like the Internet. A private network in this case would be a network in which the traffic is not freely accessible by the public. If we break down the meaning of Virtual Private Network in the instance explained above it would be as follows. The two end points of this "network" are private networks that are seamlessly connected across a public network in which neither private network knows about, creating a "Virtual Private Network" between them.
For more information on what VPNs are you can read this article I wrote on the subject as an overview of the technology:
[url]http://www.computernetworkinghelp.com/content/view/37/2/[/url]
Microsoft has built in the ability to act as a VPN termination point right into Windows XP. Microsoft XP allows one connection to come in over the configured VPN via the PPTP protocol, using MPPE 128-bit encryption and Microsoft CHAP v2 authentication. It's fairly easy to configure and can run on your existing LAN connection of your home computer. Below I will walk you through the steps of configuring the VPN server, allowing the protocol to pass through your Linksys router and finally how to configure your client to connect to the VPN.
Section 1: Configuring the VPN server (PC that VPN clients will connect to).
Step 1: First we need to click on the "start" menu and then click on "control panel", you will see a screen similar to the one in the image below in Figure 1-A.
Figure 1-A
[attach]4100[/attach]
Step 2: Next we will need to click on "Network and Internet Connections" as shown outlined in red in Figure 1-A above. Next you should see a screen similar to the one in the image below in Figure 1-B.
Figure 1-B
[attach]4101[/attach]
Step 3: Next we will need to click on "Network Connections" as shown outlined in red in Figure 1-B above. Next you should see a screen similar to the one in the image below in Figure 1-C.
Figure 1-C
[attach]4102[/attach]
Step 4: On this screen you will see the currently configured network connections to the right and then a menu on the left. Don't worry if the connections on the right don't look exactly like the ones in Figure 1-C. Next we will need to click on "Create a new connection" to the left, in the "Network Tasks" section as shown outlined in red in Figure 1-C above. Next you should see a screen similar to the one in the image below in Figure 1-D.
Figure 1-D
[attach]4103[/attach]
Step 5: You have now opened up the "New Connection Wizard", we will use this again later in Section 2 to configure the VPN client as well. This screen is purely informational, we will just need to click on the next button as shown outlined in red in Figure 1-D above. Next you should see a screen similar to the one in the image below in Figure 1-E.
Figure 1-E
[attach]4104[/attach]
Step 6: Now we will need to click on the radio button next to "Set up an advanced connection" as shown outlined in red in Figure 1-E above and then click the next button once that has been selected. Next you should see a screen similar to the one in the image below in Figure 1-F.
Figure 1-F
[attach]4105[/attach]
Step 7: Now we will need to click on the radio button next to "Allow incoming connections" as shown outlined in red in Figure 1-F above and then click the next button once that has been selected. Next you should see a screen similar to the one in the image below in Figure 1-G.
Figure 1-G
[attach]4106[/attach]
Step 8: Notice that there is a device listed in Figure 1-G. If your list of connection devices is different don't worry about it. In this scenario we won't be selecting a device here because we are not using a device terminate our incoming connections but if you were using a modem for example, you would select it here. Now you will want to just click the next button as shown outlined in red in Figure 1-G above. Next you should see a screen similar to the one in the image below in Figure 1-H.
Figure 1-H
[attach]4107[/attach]
Step 9: Now we will need to click on the radio button next to "Allow virtual private connections" as shown outlined in red in Figure 1-H above and then click the next button once that has been selected. Next you should see a screen similar to the one in the image below in Figure 1-I.
Figure 1-I
[attach]4108[/attach]
Step 10: This is the User Permissions screen in figure 1-I above. Here you will see a list of currently configured users on this system. In this case for simplicity, I have clicked on the box next to "VPN User" which I had already configured on my system previously. Notice how the box in the picture now has a checkmark located in it indicating that it has been selected. Now in this case you could just use your standard user ID on your system or you could click on the "add" button first to create a new ID for the VPN connection (NOTE: Should always be a password protected account!). Now we will need to click on the next button to continue. Next you should see a screen similar to the one in the image below in Figure 1-J.
Figure 1-J
[attach]4109[/attach]
Step 11: This is the Networking Software screen in figure 1-J above. Here you will see a list of currently available networking software on this system. In this case we will want to click the box next to "File and Printer Sharing for Microsoft Networks" as outlined in red in Figure 1-J above. The boxes next to boxes next to "Internet Protocol (TCP/IP)", "Client for Microsoft Networks" should already be checked, If not, click them as well. Now we will need to click on the next button to continue and we're almost done. Next you should see a screen similar to the one in the image below in Figure 1-K.
Figure 1-K
[attach]4110[/attach]
Step 12: You now see the "Completing New Connection Wizard" dialog. This screen is purely informational also, we will just need to click on the finish button as shown outlined in red in Figure 1-K above and you are done. Next you should be back to your "Network Connections" screen similar to the one in the image below in Figure 1-L.
Figure 1-L
[attach]4111[/attach]
Step 13: Note: Now on the Network Connections screen in Figure 1-L above you have a new section called "Incoming" and a new connection called "Incoming Connections" below that. You can come here to view connections to the VPN. There are also additional properties that can be changed there but that's out of the scope of this document. At this time Section 1: Configuring the VPN Server is completed.
Step 1: First we need to enable PPTP pass through on a screen similar to the one in the image below in Figure 2-A.
Figure 2-A
[attach]4112[/attach]
NOTE: I'm not going into a lot of detail here because there are so many different routers and so many different versions of firmware. This specific explaination is for a Linksys model router, not all Linksys model routers will look the same depending on the version of firmware as well. PPTP uses TCP over port 1723, this type of VPN also requires GRE (Generic Routing Encapsulation) for the data stream. The NAT engine in the router must have support for GRE in order for this to function properly but most newer routers won't have a problem with this.
Step 2: Now we need to enable PPTP port fowarding on a screen similar to the one in the image below in Figure 2-B.
Figure 2-B
[attach]4113[/attach]
NOTE: The IP address needs to be the address of the PC that you configured the VPN server on. Its a good idea to have statically defined addresses on devices that perform specific functions like a VPN server.
Step 3 (Optional): If you are running windows firewall on the VPN server interface you will need to allow PPTP (TCP Port 1723) to pass through. You can do this by going to "Add Port" under the "Exceptions" tab in the Windows Firewall configuration similar to the screen in Figure 3-B below. You can name it PPTP, put in 1723 in the "Port Number" field and select the TCP radio button and then select OK. You should see PPTP checked in the Programs and Services list afterwards.
Figure 2-C
[attach]4114[/attach]
NOTE: You will need to make sure that "Don't allow exceptions" is NOT checked on the General tab of the Windows Firewall configuration screen.
Step 1: First we need to click on the "start" menu and then click on "control panel", you will see a screen similar to the one in the image below in Figure 3-A.
Figure 3-A
[attach]4115[/attach]
Step 2: Next we will need to click on "Network and Internet Connections" as shown outlined in red in Figure 3-A above. Next you should see a screen similar to the one in the image below in Figure 3-B.
Figure 3-B
[attach]4116[/attach]
Step 3: Next we will need to click on "Network Connections" as shown outlined in red in Figure 3-B above. Next you should see a screen similar to the one in the image below in Figure 3-C.
Figure 3-C
[attach]4117[/attach]
Step 4: On this screen you will see the currently configured network connections to the right and then a menu on the left. Don't worry if the connections on the right don't look exactly like the ones in Figure 3-C. Next we will need to click on "Create a new connection" to the left, in the "Network Tasks" section as shown outlined in red in Figure 3-C above. Next you should see a screen similar to the one in the image below in Figure 3-D.
Figure 3-D
[attach]4118[/attach]
Step 5: You have now opened up the "New Connection Wizard", if you remember we used this in section 1 to create the VPN server connection. This screen is purely informational, we will just need to click on the next button as shown outlined in red in Figure 3-D above. Next you should see a screen similar to the one in the image below in Figure 3-E.
Figure 3-E
[attach]4119[/attach]
Step 6: Now we will need to click on the radio button next to "Connect to the network at my workplace" as shown outlined in red in Figure 3-E above and then click the next button once that has been selected. Next you should see a screen similar to the one in the image below in Figure 3-F.
Figure 3-F
[attach]4120[/attach]
Step 7: Now we will need to click on the radio button next to "Virtual Private Connection" as shown outlined in red in Figure 3-F above and then click the next button once that has been selected. Next you should see a screen similar to the one in the image below in Figure 3-G.
Figure 3-G
[attach]4121[/attach]
Step 8: Now we will need to name this VPN connection by typing in the "Company Name" field as shown in Figure 3-G above. In this instance I just used the name "VPN Connection" but you can use anything you wish. Once you've named the connection click the next button. Next you should see a screen similar to the one in the image below in Figure 3-H.
Figure 3-H
[attach]4122[/attach]
Step 9: Now we will need to specify the public IP address (reachable from the Internet) by typing in the "Host name or IP address" field as shown in Figure 3-H above. In this instance I just used the IP Address "10.1.1.1" which is simply made up for this tutorial. In your case this will need to be the public IP address that is assigned from your Internet Service Provider (ISP) and will be assigned to the public interface of your router if you have one or the Internet interface of your PC (VPN Server) if you don't use a router. Sometimes this address can change if your provider gives you a dynamic IP address and will need to be change in the client when/if this happens. This information should be in the documentation that you received from your ISP or can be retrieved from your PC or router. Once you've assigned an IP address to the connection click the next button. Next you should see a screen similar to the one in the image below in Figure 3-I.
Figure 3-I
[attach]4123[/attach]
Step 10: You now see the "Completing New Connection Wizard" dialog. You will want to click on the box next to "Add a shortcut to this connection to my desktop" and then it should have a check mark in the box. Now we will just need to click on the finish button as shown outlined in red in Figure 3-I above and you are done.
Step 11: Now on your desktop you should have an icon called "VPN Connection", double click on that icon and you will see a login screen similar to the one in Figure 3-J below.
NOTE: Replace VPN Connection above with whatever you named the VPN connection in Step 8 of Section 3.
Figure 3-J
[attach]4124[/attach]
Type in the login name and password of the user that you assigned to the VPN server connection in Step 10 of Section 1 and click on the connect button. Provided you had the proper equipment and followed the instructions above you should be able to connect to the VPN and access shares securely that you have made available to the VPN user that you created or assigned in this tutorial.
If you get an error message you can refer to the "Troubleshoot VPN Connections" section in this microsoft document.
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;314076[/url]
Well, I hope you've enjoyed this article on configuring a free home VPN solution, see you next time.
页:
[1]