Miscelaneous VPN Ramblings

Intro

What is VPN?

VPN stands for Virtual Provate Networking and using the internet creates a secure tunnel between your machine dialed into any ISP (internet service provider) and a VPN server on a private network making it look like you are plugged into that private network. This means you can do network drive, printer shares, FTP, telnet all the usual network things as if you were inside this private network in spite of the fact that you could be one the other side of the planet! Way cool.

There are many implementations of VPN, the only I will talk about here is Microsoft Windows 2000 Client server with a little about 95/98/NT. VPN is not unique to Microsoft and not unique to Windows.

VPN consists of two ends a server and a Client. I will try and cover off a bit of both.

VPN Server Miscelaneous Ramblings

In setting up my own VPN server I discovered some interetsting tid bits:

When VPN is up the server will appear invisible to the rest of the internet. This means it does not answer to pings and other internet applications to and from this machine may or may not work. In fact with a few exception most will not
VPN server can no coexist with a number of other services wanting to use the internet. This includes things like ICS (Internet Connection Server) and others. The net of this is that you should probably assume the VPN machine will be a stand alone machine running little else.
Microsoft ICS includes light versions of DNS and DHCP. These work fine from a client point of view however you can not use these as DNS and DHCP for your VPN servers. This means you will need to load DHCP and DNS onto a machine if you want name resolution.
if you add a modem to your VPN machine you can dial. With some changes you can even use it as an ISP and get an internet connection from it!

VPN Client Miscelaneous Ramblings

corporate firewalls may block VPN. The company I work for has a socks 4 firewall and it blocks VPN. In addition I have tested VPN on AT&T Global Network Services internet services and it too blocks VPN.
VPN will go through ICS and connect!

Default VPN routings

Route tables tell Windows what adapters to use to get where. The default settings for the VPN client and server seem a little odd. When you connect to a VPN server your default path becomes the VPN machine. Problem with this is the default connection for the VPN machine will be the internet yet there is no Internet connection sharing on the VPN server. The net of this is as soon as you connect to the VPN server you loose your internet connection. Yummy, thanks Microsoft. So you have two choices (really only one works).

You can change the VPN server so that the default path is your internal networks gateway. Trouble with this is it breaks VPN. So this is useful if you want to be able to dial into your VPN machine and get internet connectivity. So let's say that your default gateway on your internal network is 192.168.0.1 (which is what it is for ICS). Then you would issue the following commands:
```
route delete 0.0.0.0 mask 0.0.0.0
route add 0.0.0.0 mask 0.0.0.0 192.168.0.1
```
And to return it back to the way it was:
```
route delete 0.0.0.0 mask 0.0.0.0
route add 0.0.0.0 mask 0.0.0.0 IPNUMBER
```
where IPNUMBER is whatever the IP of your VPN machine is.
Second choice is really the winner. You need to change your client so that the default path is not the VPN server but rather is the internet connection of that machine. This will give you VPN connection and internet connection as usual. This is actually more desireable anyway. The commands to do this are:
```
route delete 0.0.0.0 mask 0.0.0.0
route add 0.0.0.0 mask 0.0.0.0 GATEWAY
```
Where GATEWAY is whatever the gateway of your internet connection is. Only bummer is each client has to do this each time they connect to your VPN.
By the way if you are not sure what your IPNUMBER is or what your GATEWAY is open a dos prompt and type the following command:
```
ipconfig /all|more
```
There actually is a cleaner way to do this, right click on top of the VPN connection on the client, Select properties, Select the networking tab, Select TCPIP, Select properties, Select Advanced, and uncheck the Use the default gateway on remote network!

Creating VPN connections

Windows 2000

In Windows 2000 creating a VPN connection from the client is simple. Do the following:

Right click on top of My Network Places found on your desktop and select properties. This brings up your Network and Dial-up connections screen. You can also get there by pressing, Start menu, Settings, Contol Panel, Network and DIal-up connections.
Double click on make a new connection
Select Next
Select Create a Virtual Private Network connection ...
Select whether you need to dial-up your ISP or not
Type in the name or IP of your VPN server you want to connect to
Select whether you are creating this connection for only you or everyone who uses this machine
Type a name for the VPN connection
This will create an icon in your Network Connections. Double click on it and it will ask for the Username and password on the VPN server to start the connection

Windows 95 and 98 VPN Client

For Windows 95/98 there are updates from Microsoft that need to be installed to use VPN. Here are the links:
95
98

Windows NT VPN Client

The process to document installing a VPN client on NT.