VPN over internet and XP Pro.

alamden · Mar 16, 2002

:disgust:

I'm hoping someone can help me with a problem I've had for quite a while now. I'm running two computers, each at a different location and I want to connect them with VPN over the internet. I've been through all the Microsoft tech support and Newsgroups, and all over the Internet trying to figure this out to no avail. I can't seem to connect either computer this way. One is using Pacbell (SBC) internet, which is PPPoE, and the other uses ATTBI (@home) cable. I have a dyndns computername for each. Other internet networking stuff works, such as WebFolders, Remote Desktop and FTP using IIS5.1. I get an error 800 every time I try to connect. CAN ANYONE HELP

The only other odd thing is that on one computer, I connect a laptop with a crossover LAN cable and use ICS at times, and when doing so, I can't connect any of the above to the computer. When I turn off ICS its fine again. DOES ANYONE KNOW ABOUT THIS?

Thanks so much for all your help.
Oh, and hi, Phil!

Andrew
alamden@bigfoot.com

Santa · Mar 16, 2002

Welcome to Anandtech alamden,

Your goal of connecting the two computers via VPN through the internet can only be accomplished by purchasing more equipment. If you have just XP Pro you will not be able to create a tunnel between the two computer.

You need to purchase either a Windows 2000 Server or some sort of VPN Server appliance such as Cisco PIX Firewall/VPN, CheckPoint Firewall1/VPN1, ect..

There are many more and even some SOHO routers from Linksys and Symantec that you can purchase to create the tunnels.

Let us know your budget because if it is next to nothing you may want to scratch the idea till later.

[EDITED INFORMATION BELOW] Please Read my post at the bottom about how it IS possible

FUBAR · Mar 17, 2002

Uhhh, Santa, are you sure about that? Have they removed some functionality from XP pro that was in 2000 pro? I have had 2 2k pro boxes on a VPN before, over i-net, with firewalls. Havent' tried XP yet tho.

Are you running some routers or something? Is one behind a corporate firewall? You need to have ports forwarded if so. Please fill in the blanks.

Santa · Mar 17, 2002

If you reread his post it sounds like he wants to connect 2 XP Pro machines together using a VPN Tunnel. This is not possible even in Win2K Pro days.. It is a feature that is availble in RRAS of Win2k Server and above among other VPN Server hardware/software suites you can buy.

[EDITED INFORMATION BELOW] Please Read my post at the bottom about how it IS possible

alamden · Mar 17, 2002

Thanks Santa and Fubar. I do believe that xp pro does allow for this feature without more equipment. I am not using the Win XP built in firewall. Instead, I've been usuing Tiny Personal Firewall software. I am supposed to be able to tunnel through the internet with XP pro. There's not other equipment.

The only odd thing is that Pacbell PPPoE when I log in (connect) tells me it doesn't use/need the IPX protocol. Could that have anything to do with it?

Thanks much for all you help!

Alamden@bigfoot.com

FUBAR · Mar 17, 2002

Actually, that's what I read his post as saying, and that's what I have done previously with 2k. Still can't confirm with XP tho, my vpn buddy is not around now.

I can't confirm the ICS issue, since I never do that either, routers are goood

Perhaps you need to add his pc/ip/hostname or port 1723 to your firewall package. What exactly does error 800 read?

Rhi · Mar 17, 2002

Actually I thought you can connect VPN with win2k or Xp PRo It's under Network & Dial-Up Connections>Make new connection>Connect to a private ip through net>You simply put in the ip of pc hosting vpn.

Santa, are you saying the OS hosting must be win2k Server+, or a vpn appliance?

-Rhi

Rhi · Mar 17, 2002

AHHH. Gotcha. Santa ic correct. Thanks!

Setup VPN

-Rhi

alamden · Mar 17, 2002

Thanks guys. I appreciate all this help.

However, this is tough and I'm not understanding....

Win XP Pro says it can do this. All the documentation says this.

Is it a problem with pppoe?

Should pppoe handle IPX or reject it? Right now it rejects IPX

And as for error 800, here's what I get: "Error 800: Unable to establish this VPN connection. The VPN server may be unreachable, or security parameters may bot be configured properly for this connection."

Could this be because the pppoe already uses a wan miniport, and the VPN also uses wan miniport?

Thanks,
alamden@bigfoot.com

FUBAR · Mar 17, 2002

I'm convinced that unless you have set up your firewall to allow in the traffic, that may be the issue. Try turning it off and see what happens.

YES! you can do it with XP, unless the functionality has now been removed since it was in 2k.

As for IPX, it will have to be encapsulated in TCP/IP since you can't route IPX.

JustinLerner · Mar 17, 2002

IPX is routable, but must be encapsulated over the internet since IPX is not an Internet standard, but a Novell proprietary implementation of IP (which never caught on.)

There is nothing wrong with setting up a tunnel and using IPX as the encapsulated protocol. Yes, IPX is routable, NetBEUI is not routable. TCP/IP is also routable but will be the transport protocol since this is what the internet uses.

Yes, you need a multihomed server or router capable of providing tunnels and terminating them. (I don't know how FUBAR got a VPN like PPTP or L2TP via XP to XP (or 2000 to 2000) without a server, but I would like to hear. He probably just had a regular connection/share and didn't know how to properly test it for tunnel isolation and security, or assumed that since he had multiple firewalls and could get through them that he had achieved a VPN.)

alamden · Mar 17, 2002

Thanks again....but my problem isn't solved yet.

1. I took out the firewall on each side and antivirus, and it still doesn't work.

2. There are settings in XP pro to do pptp.

3. How do I 'encapsulate' ipx? When I log onto Pacbell (SBC) pppoe, I get a message in Windows that says that that protocol couldn't connect. I need to uncheck ipx in the Wan Miniport connection to Pacbell.

4. According to everything I read at Microsoft, and a few books and websites, it still should work.

but it doesn't.

I appreciate anyone who keeps trying. Thanks!
alamden@bigfoot.com

Santa · Mar 17, 2002

[EDITED INFORMATION BELOW] Please Read my post at the bottom about how it IS possible

alamden · Mar 17, 2002

Ok Santa. So the 'Incoming Connections' network connection set up to allow for VPN on the other computer doesn't qualify?

Thanks
alamden@bigfoot.com

Santa · Mar 18, 2002

Correct.. the Incoming Connections does not qualify. It is only a passthrough redirector for ICS

Read about it here..

Link

[EDITED INFORMATION BELOW] Please Read my post at the bottom about how it IS possible

FUBAR · Mar 18, 2002

I quit.

True, i did not try to hack into the connection to test security. But I was able to see the other side of the net from each machine and access other pc's on either side. If that's not working I'll surrender my networking experience.

IPX is only routable with an IPX routing router... not many of those in a non-Novell shop.

[edit]
OK, I take that back, I should have said i could see the connected pc, not the network which is what I wanted it to do, so it worked for my purposes.

And on the incoming connections, does that mean the box that says "Allow others to make private connections to my computer by tunneling through the internet or other networks", labeled Virtual Private Network is essentailly useless?

alamden · Mar 19, 2002

Santa,

The link you provided in your previous post does not refer to the "incoming connections" connection that Fubar and I are referring to. To see what I mean, go to network connections, add a connection and you can add a connection for incoming VPN that has nothing to do with ICS unless you want it to. I just want VPN to work.

Thanks
alamden

miken · Mar 19, 2002

VPN will not work without a VPN server and proper DNS.

XP to XP is only of connecting seperate PC's over the internet, not networks. Anything that XP does that may look like a VPN is just MS's take on VPN, which in fact is not a true VPN.

Remember, it's only a VPN if you are authenticated and can see the secure DOMAIN.

Jovack2 · Mar 19, 2002

Something I wanna know is can games be played on a vpn in similar fashion to playing them over network?

alamden · Mar 19, 2002

Milken, thanks, and what I'm trying to get is MS's take on a vpn. My understanding is that the "incoming connections" connection is setup as a server, which is what I've done. But it still doesn't work.

Thanks
Andrew.

JustinLerner · Mar 19, 2002

Gotta have a real VPN server (either MS Server [NT4 PPTP/2000/.NET almost everything], Solaris, Linux, FreeBSD, Cisco, Lucent, Baynetworks, etc.)

That is the only way to make VPN work. Any 2000/XP PC can be a VPN client and and NT4 PC can be a PPTP client. Addin's are available with thirdparty software, but you still have to pay $$ to make this work without a MS Server or some other piece of equipment.

--

When they say Microsoft server they mean the following:
NT4.0 Server/ 2000 Server/ 2000 Advanced Server / .NET Server
NOT 2000 Professional or XP Professional or XP Home.

alamden · Mar 20, 2002

Thanks,

Its just really odd that books, and the MS XP pro literature/support says I can do it without some other server...

And, if I connect my notebook, with xp pro on it, to my desktop, running xp pro, using a crossover cable, I can run Microsoft's VPN on that network, no problem. It is just some kind of glitch between the two computers that are connected to/through the internet. And I recall that it wasn't a problem at one time, and then at least one computer had XP pro. The other either had XP pro or Win 2k Pro.

Don't mean to be rude, but it seems like we're still defining the problem here. And please note that I have hooked two xp pro computers together....and used the 'vpn' features. Its something about doing so over the internet with pptp.

Thanks for continuing to help!!!
andrew.

dude8604 · Mar 21, 2002

Santa · Apr 13, 2002

After seeing more and more of these posts pop up about VPN and Windows XP Professional, I double checked my information and found out that I was incorrect in prior posts saying Windows XP is not capable of hosting VPN connections.

Here are some links for your reading pleasures.

Link 1
Link 2
Link 3
Link 4

According to what I found out Since All Windows NT 4, 2000, XP Workstation flavors are able to host 1 session per incoming connection setup. This means you should be able to host 1 VPN session from your workstation.

Now the setup is not straight forward and changes depending on whether you are part of a workgroup or part of a domain. It seems to be much harder if you are part of a domain.

If I find more on how to troubleshoot a problem I will let you know but there is also the issue about split tunneling. By default when you create a connection to a VPN site via the Micrsoft networking and PPTP "Add Connection" wizard it is setup to "Use default gateway on remote server" This means you are NOT using split tunneling and will push all your Internet traffic over the VPN tunnel to route out the internet of your host VPN server. To disable this you go into the TCP/IP protocal settings in your VPN connection on the client and disable this.

Ideally it is best to get some sort of "VPN Server" to host your VPN session because of how Microsoft chose to complicate the process in getting VPN connections to a workstation.

VPN over internet and XP Pro.

Junior Member

Golden Member

Senior member

Golden Member

Junior Member

Senior member

Member

Member

Junior Member

Senior member

Senior member

Junior Member

Golden Member

Junior Member

Golden Member

Senior member

Junior Member

Senior member

Senior member

Junior Member

Senior member

Junior Member

Platinum Member

Golden Member