As I explained in Chapter 18, if you are connecting to a home network using a public Wi-Fi hotspot, using a virtual private network (VPN), which acts as a kind of tunnel through the Internet, is a great way to enhance security. In Chapter 18, I showed you the way to set up the VPN from the client (meaning the remote laptop).
Earlier in this chapter, I explained that using a VPN to isolate the Wi-Fi access point from the rest of the network, and to restrict access to authorized users, is a great way to beef up network security.
You can buy dedicated remote access servers that provide VPN functionality. For example, the Watchguard SoHo Firebox that I mentioned earlier is a good dedicated box for the SoHo class network that provides firewall and VPN capabilities. You can also buy sophisticated software to enable a VPN.
But why pay for it if it is available for free? Windows XP Professional already includes a VPN remote access server.
To set up your VPN using Windows XP Professional, open the Network Connections window by clicking on Network Connections in the Control panel. Next, click Create a New Connection in the Tasks pane on the upper left of the Network Connections window.
The New Connection Wizard will open with a welcome screen. Click Next to get started. In the Network Connection Type pane of the wizard, choose Set Up an Advanced Connection as shown in Figure 19.3.
Click Next. In the Advanced Connection Options pane, choose Accept Incoming Connections as shown in Figure 19.4
Click Next. The Devices for Incoming Connections pane will probably show your parallel port (LPT1) and nothing else. Don't do anything in this pane. Just click Next to continue setting up your VPN server.
Now that the VPN server has been added as an incoming connection, you can edit it by selecting it in the Network Connections window and choosing Properties from its context menu. You don't have to run the New Connection Wizard again.
In the Incoming VPN Connection pane choose Allow Virtual Private Connections.
Click Next. In the User Permissions pane, shown in Figure 19.5, you can specify the users who have permission to use the VPN.
There are a number of good features in specifying the users who can use the VPN in this way. First of all, access to the VPN is authenticated using the authentication controls baked into the operating system. Secondly, users who access the VPN have only the privileges on the network that they've been granted. So guests, for example, may only have the right to read certain files (and no right to delete files).
If the VPN is behind a router, as will often be the case, for this setup to work, the router will have to be configured to automatically forward communications from the appropriate ports to the VPN server, a process called port mapping. The ports used for VPN access are forwarded to the IP for the VPN server.
The ports used for VPN access depend on the VPN protocol used. Point-to-Point Tunneling Protocol (PPTP) uses ports 47 and 1723. Layer-To-Tunneling Protocol (L2TP) uses ports 50, 51, and 500.
Click Next. The Networking Software pane, shown in Figure 19.6, will open.
In the Networking Software pane, with the Internet Protocol (TCP/IP) item selected, click Properties. In the Incoming TCP/IP Properties window, shown in Figure 19.7, determine whether IP addresses for VPN clients, or callers, should be assigned by DHCP, or provide a scheme for IP assignment.
Click OK to close the Incoming TCP/IP Properties window. Click Next to move to the final wizard pane. Click Finish to create the VPN server, which will now be shown as an incoming connection in the Network Connections window, as you can see in Figure 19.8.