Expert help needed -VPN setup

egan007

Hi

I have a simple network as follows:

Eircom Home Starter BB ---into--->
Server Ethernet port1 (gets DHCP address from BB router)
Server Ethernet port 2 has internet connection sharing enabled(gateway).
And is plugged into a switch.

The server is a domain controller.
All clients get their Lan IP's from the server.
All Clients are plugged into the switch and all use the net & shares.

So i want to setup VPN on the server above so that an external client can connect to the domain and use the shares.

I'm looking for
* recommended VPN server software. (cheapish)
* I have not setup VPN before so ease of use if preferred.
* Opinions on potential issues. -is this possible?
* I have tried RAS in 2k but this seems to kill the internal internet connection.
* Help

Many thanks

TimTim

I assume you are using Win2k server.

I'm almost positive there is a inbuilt VPN server. Remote access or something along those lines. Set it up and it should plug into everything automatically. passwords/usernames.

Forward the ports used by VPN to the server.

Connect from another location, friends house, irishwan whatever and test it.

It could open a security hole I'm not too sure but if you keep everything patched and secure on your system. No weak passwords etc there shouldn't be anything major.

egan007

Yeah - sorry i forgot to mention win2kserver

Yeah, as i said above, i've tried the Remote access in 2k but it cuts off my internal connnection.

Can you expand more on -Forward the ports used by VPN to the server.

and Connect from another location
Should this be to the IP of the BB router? Or server

Digler

Has your ISP given you a static IP address? If not, I don't know how you can VPN to your network from a different location. A static IP address will be needed to locate your private network over the WWW.

TimTim

If it cuts off your connection after setting up remote access you have two options:
a) find out why and fix it
b) use third party software

Personally I'd look at A first as its a intergrated solution and should be easier to mangage.

Despite the fact I'm the network type guy in school I've never used remote access in 2k cos nobody needs it

Although toying around with 2k3 for a network that wants to be setup in the near future I had remote access working in 30 mins, then my box got hit by sasser as soon as I let it out on the big bad world. (My fault really didn't want to bother patching a eval version)

Of course this is all in VMWare and such so under test conditions I have it working although your milage might vary in real life.

I'd check your trusty friend Google and the (under used IMO) Microsoft TechNet. They usally come up trumps.

Forwarding ports is referring to forwarding the ports needed from your router to your Win2k box so you can actually access it from the internet.

Another location is somewhere off your network. Be it a friends house with BB or work just someone else's net connection.

And if you need to know your IP setup a DynDNS or get a static IP

jayok

Well first of all I'd imagine that if you are using Windows 2000 Server to NAT and route and you're asking about the Routing and Remote access service that you've simply configured a ICS (Internet Connection Sharing) service for the network and not any formal routing rules, etc?

If you are using ICS (read bag-of-sh**e) you are limited in usage. First of all it required that you use the 192.168.0.0/24 network and amongst other things limits doesn't support inbound VPN connections :mad:

So you'll need to get a little more complex with your config. First of all remove ICS and explicitly configure your NAT and route rules (configure it as an Internet router). Secondly add in the dial-in policies for the router and remote access (this is not complicated but labourous) . What you will get is a PPTP with 40-bit encryption at the end - but hey you should be VPN'ing (as such).

TBH There is muck loads on support.microsoft.com about configuring this - but at least you know now what you're looking for.

Kali

OpenVPN... the windows gui client is exceptionally handy, including password protection on the client side, multiple simultaneous vpns and the ability to push additional routes, dns/wins information to the client.

wandererz

Firstly what you need is a proper firewall rather than that BB router cr*p (check out the Safe@Office firewalls at www.sofaware.com).

The model you require depends on 2 things:
1) How many VPN users.
2) How many devices on your your LAN.

If you let me know this i can make a recommendation.

egan007

Thanks for all the advice - I'll go through it all!
wandererz - that safe@office looks very reasonable
Will it work with the Eircom home starter connection?
Tere will be 2/3 VPn users max tha lan has about 16 devices. which all curently are going through a switch.

egan007

I think I'll tender for this!
Anyone here interested in a nixer?

Jaden

Two old PCs, (PII or better) each with 2 network card in them. Fixed IP's each end prefered.

A Copy of IpCop (www.ipcop.org). This is a PC based Linux firewall. Will perform the function of your current router/firewall, plus alot more. Costs you the price of the download, and some old hardware.

Easy to setup, does the job just fine.

egan007

Got help - thanks everyone