Posted by on Oct 26th, 2005 -
Subscribe Mood: Windows XP VPN'ed
KeyWords: Virtual, Private, Network, vpn, windows, xp, setup, install, howto, server
HowTo: Windows XP VPN Server Setup
By FrosT
Introduction
Recently I have been trying to locate a tutorial on how to setup a VPN (Virtual Private Networking) server without a router or expensive $500 software. When behold I found out that Windows XP has it's own VPN Server Software built right into it. Who knew that windows could actually make a helpful feature such as a VPN Server. Not only does Windows XP have the VPN Server Software but Windows XP also has the VPN Client Software built into it (which will be another entry). Throughout this entry I will be describing step by step instructions on HowTo setup a Windows XP VPN Server.
Step One: Creating A VPN Server
Now children we are venturing into a world of 1's and 0's where few people have ventured before. First lets make sure our check list of materials is complete.
Windows XP (64 Bit works too)
Firewall of Some Sort (for security protection)
20oz Mountain Dew
Now that our checklist of materials is complete let's get started. This is the "Global" way of getting into Network Connections, use any way you please:
Click on the "Start" button.
Goto "Settings"
Then to "Network Connections".
Once you are in Network Connections there should be a "Create New Connection" on the left-hand side.
Click Next on the initial screen.
Now you should be viewing "Network Connection Type." Click on the very last option "Set up an Advanced Connection."
Click Next. An "Advanced Connection Options Screen should now be visible.
Select "Accept Incoming Connections."
Click Next.
Click Next.
Check "Allow virtual Private Connections"
Click Next.
User Permissions:
Either Add a new user to access the VPN or chose a user from the current list. The username and password combination used will be the Username and Password you connect via the VPN Server Client. Once all the users who you want to give access to have it, click next.
Click Next.
Click Finish.
Step Two: Configuring Your Windows XP VPN Server
Now you have a new "Incomming Connections" icon in the "Network Connections" folder. Right click on the Incomming Connections icon and goto Properties.
Click on the "Networking" Tab.
Select "TCP/IP Protocol"
Click on "Properties"
Click "Specify IP Address"
Add whatever range you want. For me I used 192.168.0.100 to 192.168.0.150 because my network is 192.168.0.1 - 192.168.0.99 that way the VPN Server will not conflict with my personal network.
I also checked "Allow Computer to Assign its Own IP Address." This step is not necessary.
Now the VPN Server is setup, but you are not home free yet.
Step Three: Hardware Firewalls
Generally broadband connections mean there is a Hardware Firewall. Hardware Firewalls are firewalls that are built into a Router or a Modem. Depending on the type of router and firewall these steps WILL vary.
1. Enter into your Router/Modem (usually 192.168.0.1 or a variant)
2. If there is a username/password look up the defualt username and password via google. That should get you in.
3. Find the "Advanced Options" or "Port Forwarding"
4. Once on "Port Forwarding," forward these ports: 1723 (both TCP/UDP) to the computer that has the Windows XP VPN Server installed (Start > Run > cmd > ipconfig /all)
5. Forward Port: 500 (both TCP/UDP) to the same IP Address.
6. Save this configuration. If your router/modem has to be restarted, do so and wait for the Router/Modem to com back up.
7. That should allow connections without tearing down your whole firewall.
Set Four: Software Firewalls
If you have a hardware firewall, I would suggest you to disable any software firewall. A hardware firewall provides more than enough protection. If you do not want to disable your software firewall or that is your only firewall, figure out how to forward ports and do so. I am not sure how to allow the Windows XP VPN Server program via your software firewall, I would refer to PPTP and IPSEC port forwarding in the Software Manual.
Ending Notes
For one I take no responsibility for any damage, corruption, or virus infection that may come from using this guide to it's full extents. Take some personal responibilty and do research before venturing into waters unknown. Make backups of critical files and set a "System Restore Point." Either way I will not take responsibility for user error or mis-use of this guide. By reading this guide you are accepting responsiblity for your own actions.
Now that the disclaimer is out of the way. Windows XP VPN Server is an excellent tool for your laptop, or even a friend who you want to share networking resources with. Now you are networked up time to learn how to Connect to your Windows XP VPN Server from another computer/remote location. This guide can be found at HowTo: Windows XP VPN Into a Remote Location
Posted by anonymous on May 04th, 2006
Hi,
Good simple guide - well pt together.
Thanks
Dave
Posted by anonymous on May 26th, 2006
AWSOME!!! Thanks for the help my fellow geek!
Posted by anonymous on May 28th, 2006
thanks for the help! your guide got it working!
thanks!
Posted by anonymous on June 26th, 2006
Hi,
I was able to setup the server and the client fine. Configured the router to allow traffic at ports 1723, 500, 47. Client was able to connect successfully to server, connected fine. My problem is , as a client, how can I see the resources on the remote private network? I see nothing in My Network Places. I have disable the software firewall in both the client and server computers but still resources are not available. Please help. I desperately need it.
Posted by frost on June 26th, 2006
Well first you must share the folder on the Server. Once that is done you need to map a network drive using the private IP the server has assigned to it (IE: 192.168.1.1) in the format //server/foldername and that should connect you to that folder.
--FrosT
Posted by anonymous on June 27th, 2006
Hello FrosT, thanx for the idea. I tried it but sorry, its still not working.
Without the VPN, both computers are behind NAT routers which happened to be VPN passthrough routers. Both routers have, 192.168.0.1 private IP add. Both computers are obtaining their private IP add from the router. For the VPN server configuration, I specified the range 192.168.0.140-149 (which does not conflict with the private network). The VPN server gets 192.168.0.140 and the VPN client gets 192.168.0.141. When I checked ipconfig on the client, the VPN settings gave me 192.168.0.141 for the IP add and the gateway and 255.255.255.255 for the subnet mask. Are these correct? I also tried pinging 192.168.0.140 (server), I get "Request Timed Out". I hope you can give me more insight about this. Thanks.
Posted by anonymous on July 11th, 2006
Network ID's must be the same. My Computer -> Properties ->Computer Name Tab
Posted by anonymous on August 02nd, 2006
I set up a VPN at my workplace. We have a router with a small network. I used the IP addy the ISP assigns to the router for the VPN connection destination IP. Also, I opened those two ports using port forwarding, i used a "one port" range, ie : 1723-1723. I did the same with port 500. It will be tested tonight. If anyone sees anything wrong with what I did, please do fill me in.
Thanks
Posted by anonymous on August 05th, 2006
Does the workgroup names HAVE to be identical? Me and my friend are trying to hook up a VPN, and we got different workgroups, and none of us want to change it since we have alot of stuff configured to our separate workgroup names. Shouldn't his workgroup just appear next to mine in the network? (it doesn't). We can log in on eachothers VPNs but we don't see shit once logged in, just like the anonymous guy above.
Posted by anonymous on August 08th, 2006
my vpn server is behind a dsl router and a linksys router and i have enabled port forwarding on both but still can't connect
Posted by frost on August 08th, 2006
Try the DMZ port on the linksys if that is the second one in the line.
--FrosT
Posted by anonymous on August 11th, 2006
Good but not secured. This VPN can be hacked by professional. h'about L2TP?
Posted by anonymous on September 03rd, 2006
Cant get this to work. HELP!
Posted by anonymous on September 19th, 2006
I opened only one port 1723 and it works, but this vpn connection has some limits:
1) Speed is only 28Kbps(look at taskmanager)
2) Only one client can access:S
Posted by anonymous on January 24th, 2007
how can i connect from school? at school only ports 80 and 8080 are open :S
Posted by anonymous on March 06th, 2007
"how can i connect from school? at school only ports 80 and 8080 are open :S "
You can't use VPN if ports are firewalled. But you can use Hamachi for this.
Posted by anonymous on May 11th, 2007
I have 1723, 50, and 47 forwarded but it hangs at negociating when I try to connect. Cable modem with Roiad Runner on VPN server side. Any ideas?
Posted by anonymous on October 17th, 2007
hi i have setuo my vpn and i am going to connect and it get to verifying user and pass then it comes up error 629 the connection was closed by the remote computer how do i fix this problem
Posted by anonymous on October 17th, 2007
hi i am able to connect connect vpn server but i am unable to ping server ip from client, even i have opened the ports(1723, 500, 47) in server.
Posted by frost on October 17th, 2007
Since this particular blog has been getting a lot of traffic lately I felt I need to mention something.
If I can answer your question I will. But for the most part, the questions being asked are really vague and there are too many variables to determine what is going on.
Your ISP may not allow the use of VPN (comcast residential does not allow vpn traffic). It could also be a firewall that is enabled that is blocking, hardware or software. Given that I do not know your equipment or your level of expertise, this is hard to diagnose. So sorry if you feel I am not providing adequate support, but the above worked for me on Qwest DSL, but no longer works with Comcast. So I am SOL on this also.
Have a great day!
Posted by anonymous on November 21st, 2007
Thanks for the great HowTo. I didn't realize this feature existed in XP and it may be just what I need.
Initially, I could connect but couldn't access shares. It occurred to me to check the software firewall on the 'server' computer and it was blocking necessary ports.
Posted by anonymous on December 02nd, 2007
Hi,
I have a adsl modem and dsl wifi router.I have port forwarded 1723,500,4500,50,51 ports .But if i connect to my com from outside,it shows veryfying username and password .And the connection terminates with error.
Please me some solution
Posted by anonymous on December 02nd, 2007
Hi,
I am dhyan.I have my pc after a adsl modem and a wifi router.I have forwaded all the necessary ports 1723,500,4500,50,51 .I have by-passed my firewall .But i get error 721 message after "verifying user name and password" status .
Posted by anonymous on December 04th, 2007
Nice, how about using L2TP/IPSEC instead of using PPTP?
Posted by anonymous on December 05th, 2007
oooo so nice of ..thanks alot..
Posted by anonymous on January 28th, 2008
I'm pretty sure I used this to setup my home VPN over a year ago so thank you. It works fine when I want to log in from a hotel and such when I travel. Recently my friends and I wanted to play some network games and so I set up accounts for them to log in. One of them can get in but the other can't saying authentication fails(They are both behind the same router on their end). When I tried to log in to the server with my username while the first was also logged in, it told me it wont accept more than one connection of that type. My friend mentioned something about his router not allowing more than one PPTP connection at a time. Is this true in all cases? If you need more information before you can answer, please say as much and I'll respond here.
Posted by anonymous on March 17th, 2008
You don't need to open UDP port 1723 - this is not secure. Just open TCP port 1723. You shouldn't need to open any other ports for this to work. GRE (46) is NOT a port, it's a protocol. Cheers.
Posted by anonymous on March 18th, 2008
to answer all your trouble problems is to get another internet service that is for server.
Posted by anonymous on April 28th, 2008
So you know I have used this with comcast and this works great!
Posted by anonymous on May 08th, 2008
Is there a limit on connections????
Thanks,
Scott Owens
Posted by anonymous on June 03rd, 2008
Thanks for the tutorial...
--
Sai Gudigundla
Posted by anonymous on June 12th, 2008
up ya bum!
Posted by anonymous on June 27th, 2008
hi how many computers can connect simultaneously
Posted by anonymous on July 24th, 2008
Guys, this is NOT a VPN server. VPN (Virtual PRIVATE network) encrypts all data before sending. The connection you are describing is a simple network connection. The data being sent is not encypted
Posted by anonymous on July 24th, 2008
Its possible to force encryption. Go to the user tab after creating the server connection and check 'Requiere all users to secure their passwords and data'
Posted by anonymous on August 02nd, 2008
i create a vpn server, 1 user, it works, but on the client pc , i don`t have net. why? can u help me please?
Posted by anonymous on August 11th, 2008
LOL 
I consider mountain dew as an essential item as well.
Posted by anonymous on August 14th, 2008
"i don`t have net. why? can u help me please?"
When you create your vpn connection in Windows right click on vpn connection, select properties : networking : tcp/ip : properties : advanced : general. Then uncheck User Default Gateway on Remote Network. Having it checked forwards iptable requests to the vpn server, which must be configured to forward or redirect your 'net' requests, otherwise you get no 'net'. Hope this helps -- troy at jpwebsite dot com.
Posted by anonymous on August 15th, 2008
Some sites say you can connect up to 10 people at the same time.... I have it runing but just allow to connect 1 user at a time... do somebody knows about any way, maybe register, to allow more than 1??? I just need 2.. 
Posted by anonymous on September 03rd, 2008
almost the only vpn guide on the entire internet that isn't a giant mess
Posted by anonymous on September 21st, 2008
見てよ。
Posted by anonymous on September 23rd, 2008
よく練られた。
Posted by anonymous on September 25th, 2008
Excellent document... Very easy.
Thanks
CRASH
Posted by anonymous on September 26th, 2008
Thanks for this post, I get my work done with this blog. Just want to ask for the limitations of its connection, how many client can serve this setup? the speed of the connection? Your insights will be highly appreciated.
Posted by anonymous on September 28th, 2008
how many clients could be simomtinously connected at one paticulas time on winxp vpn server
Posted by anonymous on September 29th, 2008
most probably 10
my question is how do you configur the security ?
is the data encrypted ?
and how can i tell if it is ?
Thanks
Daniel
Posted by anonymous on March 04th, 2009
The built-in Windows XP VPN server is hard code limited to 1 incoming connection at a time.
Posted by anonymous on March 06th, 2009
Thanks, u are giving us dood tecnical things.When u are answering configuration set up that should be displayes (screenshots) inthat way sothat non technical people it wud be easy foe understand
thanks,
Veeranji reddy
Posted by anonymous on March 17th, 2009
thanks thanks thanks thanks
Posted by anonymous on March 28th, 2009
how to setting for more than 1 client at sometime, were need to configurated?
Posted by anonymous on April 02nd, 2009
How to connect more than 1 client in windows xp VPN.
Posted by anonymous on April 16th, 2009
I just skimmed through the posts. Great how-to, one thing I've run into in the past is the IP addresses. If your home network uses the same address range as the VPN, you'll have "issues". You may be able to connect, but apart from that, it's hit or miss. If you are having problems, try changing your home address range to something out of the ordinary. I made a point to change my office network to 192.168.51.x this way I pretty much eliminate any IP issues with the tools who work here. Haven't had any problems other than internet speeds go through the roof when anyone connects to the vpn.
Hope this helps anyone who's having problems.
Posted by anonymous on May 08th, 2009
Grate article!!!!
Posted by anonymous on June 06th, 2009
Nice job! Very simple and clear. I didn't even need the Mountain Dew!
Posted by anonymous on July 19th, 2009
how can i ever thank you ..
Posted by anonymous on August 13th, 2009
Hi setup my XP server but cannot remotely logon using my laptop via my blacberry over VZN.. any ideas?
Posted by anonymous on August 18th, 2009
Thanks. It worked the first time.
Take care,
David
Posted by anonymous on August 23rd, 2009
Hi,
Doesn't work for me, unfortunately. I have Port TCP 1723 forwarded on my Router as well as in my PFW (Sunbelt). Connection succeeds, but I cannot go to any websites through VPN, only if I turn off the PFW on the VPN Server.
Anyone know why that is?
Thanks in advance.
Posted by anonymous on September 13th, 2009
Some routers (like my Linksys WRT54GS) have problems routing the required GRE packets, even if you do the port forwarding right. If you cannot access, use the DMZ feature in the router to completely expose the server to the internet (use the server's IP in DMZ), just make sure you have set up your windows firewall well enough.
My problem is that I want to allow the client to connect to my server and use my internet (client is in a country with heavy internet filtration and I want to allow him/her to get online without filtration).
Unfortunately, unless my server gets its IP through DHCP (i.e, manual IP configuration), the client connecting to my server wouldn't receive any default-gateway and therefore cannot route through my network to browse the internet.
Anyone have a solution to this ?
Posted by anonymous on September 16th, 2009
Anonymous on august 23rd, itwas answer on August 14th, 2008.
Thanks for this info.
Posted by anonymous on September 28th, 2009
my connection is established
on my server side i have 192.168.1.10
on my client side i have 192.168.1.11
my lan ip is 192.168.1.13
but i couldnt ping my server
what is the problem?
Posted by anonymous on October 14th, 2009
What's Mountain Dew?
Posted by anonymous on October 28th, 2009
Very Good Man, its too easy to understand
Thanx
Mian Zabeeh Ullah Sherpao
Add to Twitter | Post a comment