Setting up a private VPN does not need expensive software

Network administration - If you want to access the network securely when you're out of the office, you can use a virtual private network (VPN) solution. With this solution you can connect via the Internet and securely access your shared files and resources. No need to buy an expensive VPN server if you don't have many users. The official Windows operating system provides server and VPN client functions.

In this tutorial, we will show you how to set up Windows 7 or Vista VPN server and connect to Windows XP, Vista or Windows 7 computers.

Avoid IP conflicts

Because VPN connections will link networks to each other, you must be very careful with the subnet and IP addresses, so that they don't have any conflicts. On the network hosting the VPN server, you should use a different IP address for the router, such as 192.168.50.1. If you have multiple offices, you can assign each office a different IP / subnet, such as 192.168.51.1, 192.168.52.1, .

Setting up a private VPN does not need expensive software Picture 1
Figure 1

Create inbound connection in Windows

To configure a Windows VPN server, you need to do what is described by Microsoft, such as creating an inbound connection. This will be a VPN server or host. Also you need to specify the user you want to connect to. Follow these steps to create a connection to:

1. Right-click the network icon located in the system tray and select Open Network and Sharing Center .

2. Click on Manage network connections (Windows Vista) or Change adapter settings (Windows 7).

3. Click Manage network connections (Windows Vista) or Change adapter settings or (Windows 7)

4. Press Alt to display File Menu and click File > New Incoming connection .

5. Select who you like to provide access to VPN or create custom accounts by clicking Add someone . See the example in Figure 2. Once done, click Next .

Setting up a private VPN does not need expensive software Picture 2

Figure 2

6. Select Through the Internet , as shown in Figure 3, and click Next .

Setting up a private VPN does not need expensive software Picture 3
Figure 3

7. As shown in Figure 4, you can select the protocols you want to enable for this connection. Here you have options such as Internet Protocol Version 4 (TCP / IPv4) , so that remote users can receive IP addresses and can access the network or the Internet. Also, if you want remote users to access shared files and printers, select File and Printer Sharing for Microsoft Networks . Once done, click Allow access .

Setting up a private VPN does not need expensive software Picture 4
Figure 4

8. In the next window, click Close .

Now you need to access the properties of the newly created network connection and define the IP address range for VPN clients:

1. In the Network Connections window, double-click Incoming Connections .

2. Select the Networking tab and double-click Internet Protocol Version 4 (TCP / IPv4) .

3. Select Specify IP addresses and then enter the start address and end of the local subnet range but not conflict with the DHCP range. For example, if the IP of the Router is 192.168.50.1, you can enter 192.168.50.50 to 192.168.50.59, as shown in Figure 5, when your system will support 10 clients. If you want clients to manually assign an IP, select that option.

Setting up a private VPN does not need expensive software Picture 5
Figure 5

4. Click OK in both dialog boxes to save the changes.

Configure a third-party firewall

Windows will automatically allow VPN connections through the Windows firewall when you configure the inbound connection on the hosting computer. However, if you have installed a third-party firewall on this computer, you need to make sure it allows the VPN traffic to go through. You can do this manually by entering port numbers 47 and 1723.

Configure IP address, Dynamic DNS and Router

To enable VPN connections for host computers from the Internet, you must configure the Router so that it can forward them to the Windows computer that is accepting incoming connections. You can specify the host computer by entering the local IP address. Therefore, before setting up port forwarding, you should make sure you don't change your IP address.

Start by accessing the Router's web console. Then go to the network settings or DHCP and see if you can store the IP address for the computer so that it always receives the same address. This method is called DHCP reservation or Static DHCP. Some routers do not have this feature. In that case, you need to manually assign the computer a static IP address in the TCP / IP settings of the network connection in the Windows operating system.

Once you have specified the IP address, locate the virtual server or port forwarding in the Router's web console. Then create a 1723 port entry entry to the computer's local IP address, such as in Figure 6. Don't forget to save the changes!

Setting up a private VPN does not need expensive software Picture 6
Figure 6.

If your Internet connection uses a dynamic IP address, then you need to register and configure the dynamic DNS service. This is because when configuring remote clients, you need to enter the IP address of where the host computer resides. This will be a problem if the IP changes. However, you can register for a free service, such as the service provided from No-IP, and enter the account details into the Router so that it will update the hostname with your IP. You will then have a hostname (such as yourname.no-ip.org) assigned to remote clients, which will always point to the current Internet IP address of the host computer.

Now everything on the server side has been completed and you may be ready to move on to the next step, which is to install the clients.

Create outbound VPN connections in Windows

After you have installed the server, you need to configure the computers on which you want to connect, which are called VPN clients. Here's how to configure in Windows Vista and Windows 7:

1. Click on the network icon in the system tray and select Open Network and Sharing Center .

2. Click Set up a connection or network (Windows Vista) or Set up a new connection or network (Windows 7, as shown in Figure 7).

3. On the wizard, select Connect to a workplace , and click Next .

4. Select Use my internet connection (VPN) .

5. Type the Internet IP address or hostname into the Internet address section and enter something in the Destination name section . See the example in Figure 8. Other options can be disabled. Click Next to continue.

6. Enter the selected User name and password when you create the send VPN connection, click Next to make the connection. This operation will perform the connection action using the protocols: SSTP, PPTP, and then L2TP.

7. Once connected, click Close .

Windows can assign the default connection to Public Network, and you will be limited to sharing. So if you want to change, you can open the Network and Sharing Center and click Customize (Windows Vista) or the Public network link under the connection name (Windows 7). Then on the window that appears, select Work Network .

Here's how to create an outbound VPN connection in Windows XP:

1. Open the Network Connections window and click Create a new connection .

2. Select Connect to the network at my workplace and click Next .

3. Select the Virtual Private Network connection and click Next .

4. Enter a name for the connection and click Next .

5. Select Do not dial the initial connection and click Next .

6. Type the Internet IP address or hostname and click Next .

7. Click Finish .

Limit VPN traffic

By default, all Internet traffic on the VPN client will run through the VPN, not the local Internet they are connected to. This is an advantage if they are using a public connection, like a hotel port or Wi-Fi hotspot because it will allow for more private browsing. However, if they are located on a trusted network, like a home network or remote office network, this can be a waste of bandwidth. To limit traffic through a VPN connection we can do the following:

1. On the Network Connections window , click VPN connection and select Properties .

2. Select the Network tab and double-click Internet Protocol (TCP / IP).

3. Click the Advanced button and uncheck Use default gateway on remote network (see Figure 9).

4. Click OK on the dialog boxes to save the changes.

Now the VPN client will use the local Internet connection when browsing websites. It only uses a VPN connection when it fails to reach a server or certain IP address via the Internet, such as when accessing the shares on the VPN configuration network.

Connect with VPN

In Windows XP, you can connect and disconnect by opening the Network Connections window and right-clicking on the VPN connection. In Windows Vista, you can click the network icon in the system tray, click Connect to , then select the connection. In Windows 7, click the network icon in the system tray and select the VPN connection.

After connecting, you will have access to shared resources on the VPN configuration network. Note that you may have to manually access the shares (eg ip_address_of_computer or file: // computer_name /) instead of browsing in My Network Places or Network.