HowTo: Windows XP VPN Server Setup

KeyWords: Virtual, Private, Network, vpn, windows, xp, setup, install, howto, server

HowTo: Windows XP VPN Server Setup
By FrosT

Click here to read the disclaimer before attempting

Peer1.com, for people who are looking for high performance managed hosting.

Introduction

Recently I have been trying to locate a tutorial on how to setup a VPN (Virtual Private Networking) server without a router or expensive $500 software. When behold I found out that Windows XP has it's own VPN Server Software built right into it. Who knew that windows could actually make a helpful feature such as a VPN Server. Not only does Windows XP have the VPN Server Software but Windows XP also has the VPN Client Software built into it (which will be another entry). Throughout this entry I will be describing step by step instructions on HowTo setup a Windows XP VPN Server.

Step One: Creating A VPN Server

Now children we are venturing into a world of 1's and 0's where few people have ventured before. First lets make sure our check list of materials is complete.

Windows XP (64 Bit works too)
Firewall of Some Sort (for security protection)
20oz Mountain Dew

Now that our checklist of materials is complete let's get started. This is the "Global" way of getting into Network Connections, use any way you please:
Click on the "Start" button.
Goto "Settings"
Then to "Network Connections".

Once you are in Network Connections there should be a "Create New Connection" on the left-hand side.
Click Next on the initial screen.
Now you should be viewing "Network Connection Type." Click on the very last option "Set up an Advanced Connection."
Click Next. An "Advanced Connection Options Screen should now be visible.
Select "Accept Incoming Connections."
Click Next.
Click Next.
Check "Allow virtual Private Connections"
Click Next.
User Permissions:
Either Add a new user to access the VPN or chose a user from the current list. The username and password combination used will be the Username and Password you connect via the VPN Server Client. Once all the users who you want to give access to have it, click next.
Click Next.
Click Finish.

Step Two: Configuring Your Windows XP VPN Server

Now you have a new "Incomming Connections" icon in the "Network Connections" folder. Right click on the Incomming Connections icon and goto Properties.
Click on the "Networking" Tab.
Select "TCP/IP Protocol"
Click on "Properties"
Click "Specify IP Address"
Add whatever range you want. For me I used 192.168.0.100 to 192.168.0.150 because my network is 192.168.0.1 - 192.168.0.99 that way the VPN Server will not conflict with my personal network.
I also checked "Allow Computer to Assign its Own IP Address." This step is not necessary.

Now the VPN Server is setup, but you are not home free yet.

Step Three: Hardware Firewalls

Generally broadband connections mean there is a Hardware Firewall. Hardware Firewalls are firewalls that are built into a Router or a Modem. Depending on the type of router and firewall these steps WILL vary.

1. Enter into your Router/Modem (usually 192.168.0.1 or a variant)
2. If there is a username/password look up the defualt username and password via google. That should get you in.
3. Find the "Advanced Options" or "Port Forwarding"
4. Once on "Port Forwarding," forward these ports: 1723 (both TCP/UDP) to the computer that has the Windows XP VPN Server installed (Start > Run > cmd > ipconfig /all)
5. Forward Port: 500 (both TCP/UDP) to the same IP Address.
6. Save this configuration. If your router/modem has to be restarted, do so and wait for the Router/Modem to com back up.
7. That should allow connections without tearing down your whole firewall.

Set Four: Software Firewalls

If you have a hardware firewall, I would suggest you to disable any software firewall. A hardware firewall provides more than enough protection. If you do not want to disable your software firewall or that is your only firewall, figure out how to forward ports and do so. I am not sure how to allow the Windows XP VPN Server program via your software firewall, I would refer to PPTP and IPSEC port forwarding in the Software Manual.

Ending Notes

For one I take no responsibility for any damage, corruption, or virus infection that may come from using this guide to it's full extents. Take some personal responibilty and do research before venturing into waters unknown. Make backups of critical files and set a "System Restore Point." Either way I will not take responsibility for user error or mis-use of this guide. By reading this guide you are accepting responsibility for your own actions.

Update: First up, this guide was written by me a long time ago. Since it's writing I have learned a lot more. If you can find a better guide go for it. If you want write a better guide more power to you. This is being left here more for educational purposes and potential assistance to others.

Second up, any trolling remarks, such as idiot, will be deleted. Yes, I have full control and censorship on this blog, so if you plan on posting that type of nonsense, just do not post at all and save your time. Or take 5 minutes to actually think and write a better more thorough response without rude remarks or comments and it will be left up.

Finally, take what was written here with a grain of salt. Do your own research before attempting and attempt to figure it out on your own. As I said this was meant as an educational assistance and is incomplete and outdated. I also no longer run Windows, so I cannot confirm or go through the guide again to verify it works or revamp it. And honestly, I would just setup OpenVPN now instead of using Windows built in system.

Now that the disclaimer is out of the way. Windows XP VPN Server is an excellent tool for your laptop, or even a friend who you want to share networking resources with. Now you are networked up time to learn how to Connect to your Windows XP VPN Server from another computer/remote location. This guide can be found at HowTo: Windows XP VPN Into a Remote Location

Posted by frost on Oct 26th, 2005 11:06 - Subscribe Bookmark and Share


Post a comment:


ReCaptcha:

Posting as anonymous Anonymous guest, why not register, or login now.



Posted by anonymous on May 04th, 2006

Hi,

Good simple guide - well pt together.

Thanks

Dave



Posted by anonymous on May 26th, 2006

AWSOME!!! Thanks for the help my fellow geek!



Posted by anonymous on May 28th, 2006

thanks for the help! your guide got it working!

thanks!



Posted by anonymous on June 26th, 2006

Hi,

I was able to setup the server and the client fine. Configured the router to allow traffic at ports 1723, 500, 47. Client was able to connect successfully to server, connected fine. My problem is , as a client, how can I see the resources on the remote private network? I see nothing in My Network Places. I have disable the software firewall in both the client and server computers but still resources are not available. Please help. I desperately need it.



Posted by frost on June 26th, 2006

Well first you must share the folder on the Server. Once that is done you need to map a network drive using the private IP the server has assigned to it (IE: 192.168.1.1) in the format //server/foldername and that should connect you to that folder.

--FrosT



Posted by anonymous on June 27th, 2006

Hello FrosT, thanx for the idea. I tried it but sorry, its still not working.

Without the VPN, both computers are behind NAT routers which happened to be VPN passthrough routers. Both routers have, 192.168.0.1 private IP add. Both computers are obtaining their private IP add from the router. For the VPN server configuration, I specified the range 192.168.0.140-149 (which does not conflict with the private network). The VPN server gets 192.168.0.140 and the VPN client gets 192.168.0.141. When I checked ipconfig on the client, the VPN settings gave me 192.168.0.141 for the IP add and the gateway and 255.255.255.255 for the subnet mask. Are these correct? I also tried pinging 192.168.0.140 (server), I get "Request Timed Out". I hope you can give me more insight about this. Thanks.



Posted by anonymous on July 11th, 2006

Network ID's must be the same. My Computer -> Properties ->Computer Name Tab



Posted by anonymous on August 02nd, 2006

I set up a VPN at my workplace. We have a router with a small network. I used the IP addy the ISP assigns to the router for the VPN connection destination IP. Also, I opened those two ports using port forwarding, i used a "one port" range, ie : 1723-1723. I did the same with port 500. It will be tested tonight. If anyone sees anything wrong with what I did, please do fill me in.

Thanks



Posted by anonymous on August 05th, 2006

Does the workgroup names HAVE to be identical? Me and my friend are trying to hook up a VPN, and we got different workgroups, and none of us want to change it since we have alot of stuff configured to our separate workgroup names. Shouldn't his workgroup just appear next to mine in the network? (it doesn't). We can log in on eachothers VPNs but we don't see shit once logged in, just like the anonymous guy above.



Posted by anonymous on August 08th, 2006

my vpn server is behind a dsl router and a linksys router and i have enabled port forwarding on both but still can't connect



Posted by frost on August 08th, 2006

Try the DMZ port on the linksys if that is the second one in the line.

--FrosT



Posted by anonymous on August 11th, 2006

Good but not secured. This VPN can be hacked by professional. h'about L2TP?



Posted by anonymous on September 03rd, 2006

Cant get this to work. HELP!



Posted by anonymous on September 19th, 2006

I opened only one port 1723 and it works, but this vpn connection has some limits:
1) Speed is only 28Kbps(look at taskmanager)
2) Only one client can access:S



Posted by anonymous on January 24th, 2007

how can i connect from school? at school only ports 80 and 8080 are open :S



Posted by anonymous on March 06th, 2007

"how can i connect from school? at school only ports 80 and 8080 are open :S "

You can't use VPN if ports are firewalled. But you can use Hamachi for this.



Posted by anonymous on May 11th, 2007

I have 1723, 50, and 47 forwarded but it hangs at negociating when I try to connect. Cable modem with Roiad Runner on VPN server side. Any ideas?



Posted by anonymous on October 17th, 2007

hi i have setuo my vpn and i am going to connect and it get to verifying user and pass then it comes up error 629 the connection was closed by the remote computer how do i fix this problem



Posted by anonymous on October 17th, 2007

hi i am able to connect connect vpn server but i am unable to ping server ip from client, even i have opened the ports(1723, 500, 47) in server.



Posted by frost on October 17th, 2007

Since this particular blog has been getting a lot of traffic lately I felt I need to mention something.

If I can answer your question I will. But for the most part, the questions being asked are really vague and there are too many variables to determine what is going on.

Your ISP may not allow the use of VPN (comcast residential does not allow vpn traffic). It could also be a firewall that is enabled that is blocking, hardware or software. Given that I do not know your equipment or your level of expertise, this is hard to diagnose. So sorry if you feel I am not providing adequate support, but the above worked for me on Qwest DSL, but no longer works with Comcast. So I am SOL on this also.

Have a great day!



Posted by anonymous on November 21st, 2007

Thanks for the great HowTo. I didn't realize this feature existed in XP and it may be just what I need.

Initially, I could connect but couldn't access shares. It occurred to me to check the software firewall on the 'server' computer and it was blocking necessary ports.



Posted by anonymous on December 02nd, 2007

Hi,
I have a adsl modem and dsl wifi router.I have port forwarded 1723,500,4500,50,51 ports .But if i connect to my com from outside,it shows veryfying username and password .And the connection terminates with error.
Please me some solution



Posted by anonymous on December 02nd, 2007

Hi,
I am dhyan.I have my pc after a adsl modem and a wifi router.I have forwaded all the necessary ports 1723,500,4500,50,51 .I have by-passed my firewall .But i get error 721 message after "verifying user name and password" status .



Posted by anonymous on December 04th, 2007

Nice, how about using L2TP/IPSEC instead of using PPTP?



Posted by anonymous on December 05th, 2007

oooo so nice of ..thanks alot..



Posted by anonymous on January 28th, 2008

I'm pretty sure I used this to setup my home VPN over a year ago so thank you. It works fine when I want to log in from a hotel and such when I travel. Recently my friends and I wanted to play some network games and so I set up accounts for them to log in. One of them can get in but the other can't saying authentication fails(They are both behind the same router on their end). When I tried to log in to the server with my username while the first was also logged in, it told me it wont accept more than one connection of that type. My friend mentioned something about his router not allowing more than one PPTP connection at a time. Is this true in all cases? If you need more information before you can answer, please say as much and I'll respond here.



Posted by anonymous on March 17th, 2008

You don't need to open UDP port 1723 - this is not secure. Just open TCP port 1723. You shouldn't need to open any other ports for this to work. GRE (46) is NOT a port, it's a protocol. Cheers.



Posted by anonymous on March 17th, 2008

to answer all your trouble problems is to get another internet service that is for server.



Posted by anonymous on April 28th, 2008

So you know I have used this with comcast and this works great!



Posted by anonymous on May 07th, 2008

Is there a limit on connections????

Thanks,
Scott Owens



Posted by anonymous on June 03rd, 2008

Thanks for the tutorial...

--
Sai Gudigundla



Posted by anonymous on June 12th, 2008

up ya bum!



Posted by anonymous on June 27th, 2008

hi how many computers can connect simultaneously



Posted by anonymous on July 24th, 2008

Guys, this is NOT a VPN server. VPN (Virtual PRIVATE network) encrypts all data before sending. The connection you are describing is a simple network connection. The data being sent is not encypted



Posted by anonymous on July 24th, 2008

Its possible to force encryption. Go to the user tab after creating the server connection and check 'Requiere all users to secure their passwords and data'



Posted by anonymous on August 02nd, 2008

i create a vpn server, 1 user, it works, but on the client pc , i don`t have net. why? can u help me please?



Posted by anonymous on August 11th, 2008

LOL happy.gif I consider mountain dew as an essential item as well.



Posted by anonymous on August 13th, 2008

"i don`t have net. why? can u help me please?"

When you create your vpn connection in Windows right click on vpn connection, select properties : networking : tcp/ip : properties : advanced : general. Then uncheck User Default Gateway on Remote Network. Having it checked forwards iptable requests to the vpn server, which must be configured to forward or redirect your 'net' requests, otherwise you get no 'net'. Hope this helps -- troy at jpwebsite dot com.



Posted by anonymous on August 15th, 2008

Some sites say you can connect up to 10 people at the same time.... I have it runing but just allow to connect 1 user at a time... do somebody knows about any way, maybe register, to allow more than 1??? I just need 2.. sad.gif



Posted by anonymous on September 03rd, 2008

almost the only vpn guide on the entire internet that isn't a giant mess



Posted by anonymous on September 21st, 2008

見てよ。



Posted by anonymous on September 23rd, 2008

よく練られた。



Posted by anonymous on September 25th, 2008

Excellent document... Very easy.
Thanks
CRASH



Posted by anonymous on September 25th, 2008

Thanks for this post, I get my work done with this blog. Just want to ask for the limitations of its connection, how many client can serve this setup? the speed of the connection? Your insights will be highly appreciated.



Posted by anonymous on September 28th, 2008

how many clients could be simomtinously connected at one paticulas time on winxp vpn server



Posted by anonymous on September 29th, 2008

most probably 10

my question is how do you configur the security ?
is the data encrypted ?
and how can i tell if it is ?

Thanks
Daniel



Posted by anonymous on March 04th, 2009

The built-in Windows XP VPN server is hard code limited to 1 incoming connection at a time.



Posted by anonymous on March 06th, 2009

Thanks, u are giving us dood tecnical things.When u are answering configuration set up that should be displayes (screenshots) inthat way sothat non technical people it wud be easy foe understand

thanks,
Veeranji reddy



Posted by anonymous on March 17th, 2009

thanks thanks thanks thanks



Posted by anonymous on March 28th, 2009

how to setting for more than 1 client at sometime, were need to configurated?



Posted by anonymous on April 02nd, 2009

How to connect more than 1 client in windows xp VPN.



Posted by anonymous on April 16th, 2009

I just skimmed through the posts. Great how-to, one thing I've run into in the past is the IP addresses. If your home network uses the same address range as the VPN, you'll have "issues". You may be able to connect, but apart from that, it's hit or miss. If you are having problems, try changing your home address range to something out of the ordinary. I made a point to change my office network to 192.168.51.x this way I pretty much eliminate any IP issues with the tools who work here. Haven't had any problems other than internet speeds go through the roof when anyone connects to the vpn.

Hope this helps anyone who's having problems.



Posted by anonymous on May 08th, 2009

Grate article!!!!



Posted by anonymous on June 06th, 2009

Nice job! Very simple and clear. I didn't even need the Mountain Dew!



Posted by anonymous on July 19th, 2009

how can i ever thank you ..happy.gif



Posted by anonymous on August 13th, 2009

Hi setup my XP server but cannot remotely logon using my laptop via my blacberry over VZN.. any ideas?



Posted by anonymous on August 18th, 2009

Thanks. It worked the first time.

Take care,
David



Posted by anonymous on August 23rd, 2009

Hi,

Doesn't work for me, unfortunately. I have Port TCP 1723 forwarded on my Router as well as in my PFW (Sunbelt). Connection succeeds, but I cannot go to any websites through VPN, only if I turn off the PFW on the VPN Server.

Anyone know why that is?

Thanks in advance.



Posted by anonymous on September 13th, 2009

Some routers (like my Linksys WRT54GS) have problems routing the required GRE packets, even if you do the port forwarding right. If you cannot access, use the DMZ feature in the router to completely expose the server to the internet (use the server's IP in DMZ), just make sure you have set up your windows firewall well enough.

My problem is that I want to allow the client to connect to my server and use my internet (client is in a country with heavy internet filtration and I want to allow him/her to get online without filtration).
Unfortunately, unless my server gets its IP through DHCP (i.e, manual IP configuration), the client connecting to my server wouldn't receive any default-gateway and therefore cannot route through my network to browse the internet.
Anyone have a solution to this ?



Posted by anonymous on September 16th, 2009

Anonymous on august 23rd, itwas answer on August 14th, 2008.

Thanks for this info.



Posted by anonymous on September 27th, 2009

my connection is established
on my server side i have 192.168.1.10
on my client side i have 192.168.1.11
my lan ip is 192.168.1.13
but i couldnt ping my server
what is the problem?



Posted by anonymous on October 14th, 2009

What's Mountain Dew?



Posted by anonymous on October 28th, 2009

Very Good Man, its too easy to understand
Thanx

Mian Zabeeh Ullah Sherpao



Posted by anonymous on January 08th, 2010

Hey, how about a Windows7 tutorial? Does such a feature exist within Windows7?



Posted by anonymous on March 08th, 2010

Just a quick note. It is protocol GRE, 47, not 46. Also this is not



Posted by anonymous on April 07th, 2010

how to accept multiple concurrent incoming connections on a single internet connection



Posted by anonymous on April 16th, 2010

how to connect to server through internet...? i mean to say which ip address should b put in server ip address when connecting through internet..does it works with internal ip or we have to pur external ip ??



Posted by anonymous on April 16th, 2010

if i have created windows vpn server here and u want to connect it then which ip address u should have to put in server ip address ?? does it works if u put my internal ip or wt else we have to configure ??



Posted by anonymous on May 13th, 2010

You need the remote PC's external IP address, not the IP address on the network...

You connect to that IP address... when you configure the router to forward the ports you are directing the connection to the IP address on your network for the PC you are connecting to...

So... the PC on your network should have a static IP address.
The router must forward the ports to that static IP address.
To do anything on the remote PC you both need to have the same work group name-- default for xp is MSHOME (Vista and Win 7 have different defaults-- I forget them right now).. the folders you want to access must be shared to access files.

There are vids on youtube now that explain how to do this pretty well. Can still be a bit confusing to set up.



Posted by anonymous on June 15th, 2010

How do you connect to this vpn server if it does not have public IP address?



Posted by anonymous on October 04th, 2010

Do I attach Mountain Dew before or after the router? And where can I purchase a Dew to RJ-45 connector.?
;-)
OK hostely, very good written how-to btw.
Thank you for this.
I was surprised to find this feature in WinXP_PRO (after failing to locate it on MAC OS X)



Posted by anonymous on October 16th, 2010

I can not get this to work. Is it my ip? My ip is a simple one assigned by a DCHP server (built into my router). I can only connect if I am on the same network the vpn server is on which is not helpful. I have a netgear router. What did I do wrong?



Posted by anonymous on November 28th, 2010

This really does work exactly as specified, but...
Some helpful hints to start your initial setup and testing:
1) Change your local LAN address scheme to something not usually assigned by a public router. (You do not want the local and remote address schemes to be the same...!!! - I cannot stress that enough). Try something way off from the standard 192.168.0.xx, 192.168.1.xx, etc. Use something like 10.10.10.xx as it's unlikely a Starbucks or other public wi-fi would assign that.
2) Start with your server (VPN server) in the demilitarized zone of your router (all traffic is forwarded to this address), and the firewall off. This gives you the best chance to get it working in the first place. Then close down one and tweak on the ports until it's working with no issues, and then the other.
Do NOTE: that with the simple windows VPN client (and these suggested settings), when you are on VPN your local network will not be visible, printers, other computer, etc. And all traffic will pass through the vpn server and the additive limitations of both internet connection speeds will apply. In fact, when on vpn your internet service (no matter where you are) will appear as the one the vpn server is on (check it at speedtest.net).
I hope this helps a little...




Posted by anonymous on December 31st, 2010

Thanks easy as pie



Posted by anonymous on January 25th, 2011

hey guys i love it



Posted by anonymous on February 27th, 2011

Thank you so much. This is exactly what I have been looking for for months. This is Awesome. Thanks again and keep up the good work.



Posted by anonymous on July 16th, 2011

Thanks a lot ! Nice resume of how to enable VPN PPTP on Windows XP.



Posted by anonymous on July 26th, 2011

really, a mountain dew? this takes all of maybe (if you are slow) 5 minutes.



Posted by anonymous on August 22nd, 2011

thank you for your guide, at least i have created the vpn server and incoming connection setup/ they al get connected. but my problem s , when they all get connected, my internet cease to function. though the modem would be connected but, there will be no connection when opening a webpage ,skype and yahoo messenger will not work. please help me resolve this issue. my email address is brightokine@yahoo.co.uk please mail me instead . thank you and be blessed. my skype is powerboy33 we can meet there also.



Posted by anonymous on July 15th, 2013

Thanxxxxxxxxxxxxxxxxxx



 

Widget

Hypersmash.com

Extras

  • Not Implemented