Denver Colorado Blog

Denver Colorado Blog

created by James Worthen

HowTo: Windows XP VPN Server Setup

Oct 26th, 2005 - Subscribe
Keywords: Virtual, Private, Network, vpn, windows, xp, setup, install, howto, server

HowTo: Windows XP VPN Server Setup
By FrosT

Introduction

Recently I have been trying to locate a tutorial on how to setup a VPN (Virtual Private Networking) server without a router or expensive $500 software. When behold I found out that Windows XP has it's own VPN Server Software built right into it. Who knew that windows could actually make a helpful feature such as a VPN Server. Not only does Windows XP have the VPN Server Software but Windows XP also has the VPN Client Software built into it (which will be another entry). Throughout this entry I will be describing step by step instructions on HowTo setup a Windows XP VPN Server.

Step One: Creating A VPN Server

Now children we are venturing into a world of 1's and 0's where few people have ventured before. First lets make sure our check list of materials is complete.

Windows XP (64 Bit works too)
Firewall of Some Sort (for security protection)
20oz Mountain Dew

Now that our checklist of materials is complete let's get started. This is the "Global" way of getting into Network Connections, use any way you please:
Click on the "Start" button.
Goto "Settings"
Then to "Network Connections".

Once you are in Network Connections there should be a "Create New Connection" on the left-hand side.
Click Next on the initial screen.
Now you should be viewing "Network Connection Type." Click on the very last option "Set up an Advanced Connection."
Click Next. An "Advanced Connection Options Screen should now be visible.
Select "Accept Incoming Connections."
Click Next.
Click Next.
Check "Allow virtual Private Connections"
Click Next.
User Permissions:
Either Add a new user to access the VPN or chose a user from the current list. The username and password combination used will be the Username and Password you connect via the VPN Server Client. Once all the users who you want to give access to have it, click next.
Click Next.
Click Finish.

Step Two: Configuring Your Windows XP VPN Server

Now you have a new "Incomming Connections" icon in the "Network Connections" folder. Right click on the Incomming Connections icon and goto Properties.
Click on the "Networking" Tab.
Select "TCP/IP Protocol"
Click on "Properties"
Click "Specify IP Address"
Add whatever range you want. For me I used 192.168.0.100 to 192.168.0.150 because my network is 192.168.0.1 - 192.168.0.99 that way the VPN Server will not conflict with my personal network.
I also checked "Allow Computer to Assign its Own IP Address." This step is not necessary.

Now the VPN Server is setup, but you are not home free yet.

Step Three: Hardware Firewalls

Generally broadband connections mean there is a Hardware Firewall. Hardware Firewalls are firewalls that are built into a Router or a Modem. Depending on the type of router and firewall these steps WILL vary.

1. Enter into your Router/Modem (usually 192.168.0.1 or a variant)
2. If there is a username/password look up the defualt username and password via google. That should get you in.
3. Find the "Advanced Options" or "Port Forwarding"
4. Once on "Port Forwarding," forward these ports: 1723 (both TCP/UDP) to the computer that has the Windows XP VPN Server installed (Start > Run > cmd > ipconfig /all)
5. Forward Port: 500 (both TCP/UDP) to the same IP Address.
6. Save this configuration. If your router/modem has to be restarted, do so and wait for the Router/Modem to com back up.
7. That should allow connections without tearing down your whole firewall.

Set Four: Software Firewalls

If you have a hardware firewall, I would suggest you to disable any software firewall. A hardware firewall provides more than enough protection. If you do not want to disable your software firewall or that is your only firewall, figure out how to forward ports and do so. I am not sure how to allow the Windows XP VPN Server program via your software firewall, I would refer to PPTP and IPSEC port forwarding in the Software Manual.

Ending Notes

For one I take no responsibility for any damage, corruption, or virus infection that may come from using this guide to it's full extents. Take some personal responibilty and do research before venturing into waters unknown. Make backups of critical files and set a "System Restore Point." Either way I will not take responsibility for user error or mis-use of this guide. By reading this guide you are accepting responsiblity for your own actions.

Now that the disclaimer is out of the way. Windows XP VPN Server is an excellent tool for your laptop, or even a friend who you want to share networking resources with. Now you are networked up time to learn how to Connect to your Windows XP VPN Server from another computer/remote location. This guide can be found at HowTo: Windows XP VPN Into a Remote Location

Comments:

anonymous
on May 04th, 2006
Hi,

Good simple guide - well pt together.

Thanks

Dave

anonymous
on May 26th, 2006
AWSOME!!! Thanks for the help my fellow geek!

anonymous
on May 28th, 2006
thanks for the help! your guide got it working!

thanks!

anonymous
on June 26th, 2006
Hi,

I was able to setup the server and the client fine. Configured the router to allow traffic at ports 1723, 500, 47. Client was able to connect successfully to server, connected fine. My problem is , as a client, how can I see the resources on the remote private network? I see nothing in My Network Places. I have disable the software firewall in both the client and server computers but still resources are not available. Please help. I desperately need it.

frost
on June 26th, 2006
Well first you must share the folder on the Server. Once that is done you need to map a network drive using the private IP the server has assigned to it (IE: 192.168.1.1) in the format //server/foldername and that should connect you to that folder.

--FrosT

anonymous
on June 27th, 2006
Hello FrosT, thanx for the idea. I tried it but sorry, its still not working.

Without the VPN, both computers are behind NAT routers which happened to be VPN passthrough routers. Both routers have, 192.168.0.1 private IP add. Both computers are obtaining their private IP add from the router. For the VPN server configuration, I specified the range 192.168.0.140-149 (which does not conflict with the private network). The VPN server gets 192.168.0.140 and the VPN client gets 192.168.0.141. When I checked ipconfig on the client, the VPN settings gave me 192.168.0.141 for the IP add and the gateway and 255.255.255.255 for the subnet mask. Are these correct? I also tried pinging 192.168.0.140 (server), I get "Request Timed Out". I hope you can give me more insight about this. Thanks.

anonymous
on July 11th, 2006
Network ID's must be the same. My Computer -> Properties ->Computer Name Tab

anonymous
on August 02nd, 2006
I set up a VPN at my workplace. We have a router with a small network. I used the IP addy the ISP assigns to the router for the VPN connection destination IP. Also, I opened those two ports using port forwarding, i used a "one port" range, ie : 1723-1723. I did the same with port 500. It will be tested tonight. If anyone sees anything wrong with what I did, please do fill me in.

Thanks

anonymous
on August 05th, 2006
Does the workgroup names HAVE to be identical? Me and my friend are trying to hook up a VPN, and we got different workgroups, and none of us want to change it since we have alot of stuff configured to our separate workgroup names. Shouldn't his workgroup just appear next to mine in the network? (it doesn't). We can log in on eachothers VPNs but we don't see shit once logged in, just like the anonymous guy above.

anonymous
on August 08th, 2006
my vpn server is behind a dsl router and a linksys router and i have enabled port forwarding on both but still can't connect

frost
on August 08th, 2006
Try the DMZ port on the linksys if that is the second one in the line.

--FrosT

anonymous
on August 11th, 2006
Good but not secured. This VPN can be hacked by professional. h'about L2TP?

anonymous
on September 03rd, 2006
Cant get this to work. HELP!

anonymous
on September 19th, 2006
I opened only one port 1723 and it works, but this vpn connection has some limits:
1) Speed is only 28Kbps(look at taskmanager)
2) Only one client can access:S

anonymous
on January 24th, 2007
how can i connect from school? at school only ports 80 and 8080 are open :S

anonymous
on March 06th, 2007
"how can i connect from school? at school only ports 80 and 8080 are open :S "

You can't use VPN if ports are firewalled. But you can use Hamachi for this.

anonymous
on May 11th, 2007
I have 1723, 50, and 47 forwarded but it hangs at negociating when I try to connect. Cable modem with Roiad Runner on VPN server side. Any ideas?

anonymous
on October 17th, 2007
hi i have setuo my vpn and i am going to connect and it get to verifying user and pass then it comes up error 629 the connection was closed by the remote computer how do i fix this problem

anonymous
on October 17th, 2007
hi i am able to connect connect vpn server but i am unable to ping server ip from client, even i have opened the ports(1723, 500, 47) in server.

frost
on October 17th, 2007
Since this particular blog has been getting a lot of traffic lately I felt I need to mention something.

If I can answer your question I will. But for the most part, the questions being asked are really vague and there are too many variables to determine what is going on.

Your ISP may not allow the use of VPN (comcast residential does not allow vpn traffic). It could also be a firewall that is enabled that is blocking, hardware or software. Given that I do not know your equipment or your level of expertise, this is hard to diagnose. So sorry if you feel I am not providing adequate support, but the above worked for me on Qwest DSL, but no longer works with Comcast. So I am SOL on this also.

Have a great day!

anonymous
on November 21st, 2007
Thanks for the great HowTo. I didn't realize this feature existed in XP and it may be just what I need.

Initially, I could connect but couldn't access shares. It occurred to me to check the software firewall on the 'server' computer and it was blocking necessary ports.

anonymous
on December 02nd, 2007
Hi,
I have a adsl modem and dsl wifi router.I have port forwarded 1723,500,4500,50,51 ports .But if i connect to my com from outside,it shows veryfying username and password .And the connection terminates with error.
Please me some solution

anonymous
on December 02nd, 2007
Hi,
I am dhyan.I have my pc after a adsl modem and a wifi router.I have forwaded all the necessary ports 1723,500,4500,50,51 .I have by-passed my firewall .But i get error 721 message after "verifying user name and password" status .

anonymous
on December 04th, 2007
Nice, how about using L2TP/IPSEC instead of using PPTP?

anonymous
on December 05th, 2007
oooo so nice of ..thanks alot..

anonymous
on January 28th, 2008
I'm pretty sure I used this to setup my home VPN over a year ago so thank you. It works fine when I want to log in from a hotel and such when I travel. Recently my friends and I wanted to play some network games and so I set up accounts for them to log in. One of them can get in but the other can't saying authentication fails(They are both behind the same router on their end). When I tried to log in to the server with my username while the first was also logged in, it told me it wont accept more than one connection of that type. My friend mentioned something about his router not allowing more than one PPTP connection at a time. Is this true in all cases? If you need more information before you can answer, please say as much and I'll respond here.

anonymous
on March 17th, 2008
You don't need to open UDP port 1723 - this is not secure. Just open TCP port 1723. You shouldn't need to open any other ports for this to work. GRE (46) is NOT a port, it's a protocol. Cheers.

anonymous
on March 18th, 2008
to answer all your trouble problems is to get another internet service that is for server.

anonymous
on April 28th, 2008
So you know I have used this with comcast and this works great!

anonymous
on May 08th, 2008
Is there a limit on connections????

Thanks,
Scott Owens

anonymous
on June 03rd, 2008
Thanks for the tutorial...

--
Sai Gudigundla

anonymous
on June 12th, 2008
up ya bum!

anonymous
on June 27th, 2008
hi how many computers can connect simultaneously

Add Comments:


Image Verification: Verify Image

Posting as anonymous Anonymous guest, why not register, or login now.


copyright frost 2007-2009 Free Blog Hosting Community

Template courtesy of: Template World

eXTReMe Tracker
Denver DVR