Using Windows 2003 Server as a VPN server is one of the better (read: overkill) remote access solutions for a SOHO network. This how-to will show how to create a simple yet effective VPN solution with certain limitations. Mainly, it assumes the Windows 2003 server has only one network card and sites behind a router/firewall. Make sure you have administrator privileges before continuing.
Main configuration:
- Open Routing and Remote Access by going to
Control Panel -> Administrative Tools -> Routing and Remote Access
. - Right-click on the server name.
- In the context menu, select Configure and Enable Routing and Remote Access. Click Next on the wizard.
- On the Configuration page, select Custom Configuration. (Note: This particular option is chosen because we are using a single network card.)
- On the next screen, pick VPN Access then click Next. Then hit Finish to close out the wizard.
- A dialog box will appear asking if you want to start the service. Click Yes.
- In Routing and Remote Access, right-click the server name as before.
- In the context menu, select Properties.
- Click the IP tab.
- Select the radio-button next to Static address pool.
- Click the Add button.
- In the New Address Range window, enter the appropriate start and end IP addresses. The addresses should follow the convention of the rest of your network.
- Click Okay and Apply until returning to the Routing and Remote Access window and close that as well.
- Open Active Directory Users and Computers and click the Users folder.
- Double-click on a user name to be given VPN access in the right hand window.
- Click the Dial-in tab.
- Select the radio-button next to Allow access in the Remote Access Permission (Dial-in or VPN) section. (Note: If you have multiple users, then it might be easier to create a new user group with VPN access. Then the add user profiles to the group as necessary.)
- Close out the window. Repeat as necessary for any other users.
- PPTP: 1723.
- IPSec: 500, 50-51.
Configuring an XP client is straight forward. The only caveat is knowing the IP address of the server. If you are on a static IP, then there is no problem. If you happen to be on a dynamic IP address (i.e. an IP that changes regularly), then a service like DynDNS will give you a resolvable host name.
These are the steps to configure the XP machine for VPN access:
- Go to
Start -> Settings -> Network Connections
. - Open the New Connection Wizard.
- Pick Connect to the network at my workplace then click Next.
- Pick Virtual Private Network connection then click Next.
- In the text box, provide a connection name then click Next.
- Since I have broadband available from wherever I need to access my network, I have no need to dial an internet provider. If this is the case in your set up, then pick Do not dial the initial connection.
- On the next screen enter the host name or IP address of the VPN server then click Next. Then pick Finish.