Setting Up a VPN

As I explained in Chapter 18, if you are connecting to a home network using a public Wi-Fi hotspot, using a virtual private network (VPN), which acts as a kind of tunnel through the Internet, is a great way to enhance security. In Chapter 18, I showed you the way to set up the VPN from the client (meaning the remote laptop).

Earlier in this chapter, I explained that using a VPN to isolate the Wi-Fi access point from the rest of the network, and to restrict access to authorized users, is a great way to beef up network security.

You can buy dedicated remote access servers that provide VPN functionality. For example, the Watchguard SoHo Firebox that I mentioned earlier is a good dedicated box for the SoHo class network that provides firewall and VPN capabilities. You can also buy sophisticated software to enable a VPN.

But why pay for it if it is available for free? Windows XP Professional already includes a VPN remote access server.

To set up your VPN using Windows XP Professional, open the Network Connections window by clicking on Network Connections in the Control panel. Next, click Create a New Connection in the Tasks pane on the upper left of the Network Connections window.

The New Connection Wizard will open with a welcome screen. Click Next to get started. In the Network Connection Type pane of the wizard, choose Set Up an Advanced Connection as shown in Figure 19.3.

Figure 19.3. Choose Set Up an Advanced Connection to create a VPN in Windows XP.

[View full size image]

Click Next. In the Advanced Connection Options pane, choose Accept Incoming Connections as shown in Figure 19.4

Figure 19.4. A VPN server should be set to accept incoming connections, or what is the point?

[View full size image]

Click Next. The Devices for Incoming Connections pane will probably show your parallel port (LPT1) and nothing else. Don't do anything in this pane. Just click Next to continue setting up your VPN server.



Now that the VPN server has been added as an incoming connection, you can edit it by selecting it in the Network Connections window and choosing Properties from its context menu. You don't have to run the New Connection Wizard again.

In the Incoming VPN Connection pane choose Allow Virtual Private Connections.

Click Next. In the User Permissions pane, shown in Figure 19.5, you can specify the users who have permission to use the VPN.

Figure 19.5. In the User Permissions pane, specify the users who can use the VPN.

[View full size image]

There are a number of good features in specifying the users who can use the VPN in this way. First of all, access to the VPN is authenticated using the authentication controls baked into the operating system. Secondly, users who access the VPN have only the privileges on the network that they've been granted. So guests, for example, may only have the right to read certain files (and no right to delete files).


If the VPN is behind a router, as will often be the case, for this setup to work, the router will have to be configured to automatically forward communications from the appropriate ports to the VPN server, a process called port mapping. The ports used for VPN access are forwarded to the IP for the VPN server.

The ports used for VPN access depend on the VPN protocol used. Point-to-Point Tunneling Protocol (PPTP) uses ports 47 and 1723. Layer-To-Tunneling Protocol (L2TP) uses ports 50, 51, and 500.

Click Next. The Networking Software pane, shown in Figure 19.6, will open.

Figure 19.6. Select the networking software that should be enabled for incoming connections.

[View full size image]

In the Networking Software pane, with the Internet Protocol (TCP/IP) item selected, click Properties. In the Incoming TCP/IP Properties window, shown in Figure 19.7, determine whether IP addresses for VPN clients, or callers, should be assigned by DHCP, or provide a scheme for IP assignment.

Figure 19.7. In the Incoming TCP/IP Properties window, choose to have IP addresses assigned using DHCP, or designate an IP addressing scheme.


Click OK to close the Incoming TCP/IP Properties window. Click Next to move to the final wizard pane. Click Finish to create the VPN server, which will now be shown as an incoming connection in the Network Connections window, as you can see in Figure 19.8.

Figure 19.8. The VPN server is shown as an incoming connection in the Network Connections window.

[View full size image]