Built in to all of the major operating systems distributed or downloadable today is the support for virtual private networking (VPN) - a VPN client for all, and a VPN server for most (with the availability of free servers for each OS, should you need it). With the need for increased security for any type of networking between two machines, establishing a VPN connection between them is not only a sound idea, but an easy one. In this quick review of the process for Windows XP and MacOS X, we will show you how to set those up...and also talk a little about the geek words connected to the process in order for you to understand what it is, and why it's important.
In the original days of networking, you placed a serial or parallel cable betwen them and used basic data moving appllications to transfer materials. Point-to-Point Protocol (PPP) was born, and was soon graduated to a dial-up line over standard telephone networks between two modems. In both of these cases, no other computers could interrupt or confiscate the data transmission, since the connection was established before the actual communication was initiated. When you began to get more than one machine in a local network, this was no longer the case...all of the network transmissions were "tokenized" and passed from one machine to another between the start and destination, meaning any piece of data was seen by all. The birth of Token Ring Networks and the basics of TCP/IP were created. Once the Internet achieved adolescence, these small 'ring' networks began to talk to each other...so all of your New York traffic would have been seen by the rest of the world were it not for routers, switches, and gateways to prohibit it. Local Area Networks and Wide Area Networks began to grown, and so pairing machines for direct transference of information without intervention or monitoring became critical.
One way to establish a methodology to do this was the concept of "tunneling". If we take all of the packets of information sent from one point to another and "encapsulate" it within a normal-looking transmission, the data is "tunneling" through the established open flow of networking and can therefore be somewhat secure. The first Point-to-Point Tunneling Protocols (PPTP) were established by Microsoft for client machines to remotely access a NT Server securely. Basic user authentication was handled by the server, and some encryption was added as an option. the tunneling done in this phase was the conversion of the Windows-specific WINS networking protocol within the open TCP/IP Internet protocol, so that the communications between sites could be done over normal Internet Service Providers. After a few years of this going on, and the basics of the concept down pat, Level 2 Tunneling Protocol (L2TP) was created to "fix" and extend all of the issues in PPTP. These two are the standards of establishing a "tunneled" secure connection over the Internet between two machines - a virtual private network.
Before we cover the steps to set this up, you will need to know three things:
Just about everyone has a firewall...software or hardware...that prohibits intruders from seeing the inside working of your machine or machines at a location. Both types of VPN communications use specific TCP "ports" or listening channels that are probably not open to the public by default, so the firewalls will need to be configured to open them.
While VPN clients are built-in to all operating systems, VPN servers are not. Servers allow for more than one client to connect at the same time. If you don't need this type of communication, then you can stick with the client to client approach. If you are trying to set up an existing machine (that is not a server) to be a VPN host for multiple connections, you may need to download and install a VPN server.
Since we are using the Internet for the "tunnel" of our private communications, it is essential that source and destination have a fixed IP address to respond to. You may need to configure the device to "map" all incoming VPN traffic to a specific internal address.
The set-up and configuration of these three issues are beyond the scope of this introduction, which will continue with how the VPN clients are set up to talk to each other, assuming the three above issues are either not a problem, or have been addressed. If you're having problems with that part of the preliminaries, KAUi can help get the information and set-up required -- but since just about every router/gateway/firewall is different, we cannot go into those details here.
Outbound - Under the Control Panels, open up the Network Connections window, then double-click on the "Create a new connection" item at the top of the left pane. Select "Connect to the network at my workplace" option and click Next. Pick "Virtual Private Network connection" and again, click Next. Give your VPN connection a name, such as your place of work, and click Next. Select "Do not dial the initial connection" if you have any kind of broadband (DSL, cable, etc.), or "Automatically dial this initial connection" if you use AOL or another dial-up service, and click Next. Enter the destination IP address (get this from your IT support folk at work, or sit at that machine and visit "www.myipaddress.com" to get its related IP address), then click Next. You have the option to make a shortcut of the connection on your desktop, or you can just click on Finish to create the network connection between this machine and the specified destination.
Inbound - Again, under the Network Connections, start the new connection wizard, and pick "Set up an advanced connection". Click Next, and pick "Accept incoming connections". Select your Ethernet (or dial-in modem) connection from the list of Devices for Incoming Connections, then Next. Select "Allow virtual private connections" , and after the Next youwill see a list of users defined to this machine that can be "approved" for VPN access. If you are the only one using the machine, your existing ID/password will be fine...but if you are letting others in, go to the User Accounts control panel and create a separate one for them before getting to this point. After Next, check the TCP/IP protocol to be used and "Client for Microsoft Networks". After this Next, click Finish to complete the incoming VPN configuration.
To connect to the destination machine using VPN, open the Network Connections window and double-click on the icon with the name you gave it in the "outbound" phase above. The first time you do this, click on "Properties" to pick the type of VPN connection under the "Network" tab - PPTP or L2TP - as well as any specific protocols that your company may require. After reviewing the properties, enter the user ID and password for the destination, and you're in!
Outbound - Open the Internet Connect program in the applications folder, and select "New VPN connection" from the "File" menu. Pick the type of VPN connection (PPTP or L2TP) from the initial dialog, and then select "Edit Configurations" from the "Configuration" pull-down menu. Fill in the information for the connection and click "Ok" to save it.
To connect to the destination machine using VPN, open Internet Connect, select the icon at the top of the window representing the connection to the destination, and click on the "Connect" button.
Local: 678-454-7344 / World: +01.866.442.8991
kaui@kaui.com
Unless otherwise specified, all material on this web site
is copyright © 1994 - 2008
by KAUi Software, Inc. Last modified 03/13/06