Hack 62 Set Up a Virtual Private Network


Sometimes you would like to connect to your home machine from work or while traveling. Making your home machine a virtual private network (VPN) server is a secure way to accomplish this.

If you've ever taken files home to work on your personal computer you've probably had the experience of arriving to work the next day only to realize you've forgotten to bring the files back with you. If the work was important enough, you probably had to drive all the way back home get it or make a lame excuse to your boss as to why you don't have the TPS report ready yet. Perhaps you're a road warrior who has found himself stranded in a hotel room on a Monday morning, just hours before a big meeting without that copy of the presentation you thought you had copied from your home machine. If either of these sound like a situation you've been in, this is the hack for you.

It is well known that Windows XP has a VPN client built into it, which allows you to make secure connections to your company's network. Less well known is that Windows XP also has the ability to act as a VPN server, allowing you, or others you designate, to make secure connections into your home network. While you have an established VPN session with your home machine, you can access files from its hard drive or other machines on the network that have file sharing enabled. All you need is a local Internet connection and a VPN client that supports the Point to Point Tunneling Protocol (PPTP), which the client for all versions of Windows does.

Preparing your home machine to accept VPN connections is fairly straightforward. Click Start Settings Control Panel Network and Internet Connections Network Connections Create a New Connection. This will launch the New Connection Wizard. While advancing through this wizard, the options you want to enable are "Set up an advanced connection," "Accept Incoming Connections," and "Allow virtual private connections." The sixth screen of the wizard allows you to specify the users that can use the VPN; make sure you enable at least one account. If you haven't created a password for your user, now is the time to do so. You are essentially opening up a part of your machine to the Internet, so make sure you choose a good password. After the wizard is complete, nothing further needs to be done; the VPN is ready to accept incoming connections. You can test this by using a VPN client to connect to the IP address of the VPN server machine.

Most home users use a router that provides Network Address Translation (NAT), which obscures the actual IP address of the machine they want to make a VPN connection to. This means you won't be able to make a VPN connection to your machine until you configure your router to allow the VPN traffic to pass through to your VPN server. See [Hack #47].