Has anyone played around with VPN. My office wants me to set it up so programmers can work at home. Every time I set it up on our server the server goes to SH*T. Then we bought this linksys VPN router but that doesn't seem to be what we need. So any help on this topic would be great.

Thank You

are you basically just trying to set up dialup networking?

More like you are connected to the internet and then by entering an IP address you go through a secure tunnel and log onto the LAN inside the office.

this may help you... it may be tough getting through a router because you have no DHCP server and your using 92.128 or 128.92 (whatever the hell it is..lol) IP's it will be hard to get to the server.

http://edserv05.its.yale.edu/ras/vpnwinnt.htm

hhhhmmmm...been thinking about this for a while, and maybe i am not fully grasping what you want to do. first question is what platform, windows or UNIX? if i were trying to make it easier for people to work from home in UNIX, i would just setup a server that they could access over the internet (and that is connected to the internal network) using ssh. over course you would have to make sure the server was secured well, but that should be done anyway. for windows, which i have MUCH less experience with, couldn't you do the same thing using PC anywhere? not sure what the secure protocol is in widows, and this may be to big of a bandwidth hug since you would displaying a gui over the internet. just some thoughts, and if you could describe what you are trying to do more fully, i may be able to help more :)

We have a Win2k DC server. With anywhere from 10-15 clients depending on who is there with their laptop. The idea is to set up a VPN(virtual private network) so that an employee could log into the LAN through this VPN connection. So UNIX is out because my boss would want nothing to do with it.

PC anywhere allows you to controll the desktop of a local machine remotely. I don't think that is what you are looking for. i am a big fan of SSH also, but it is just command line and I don't think your programmers will appriciate it. For a VPN you have a couple choices:

There is third party VPN software out there that is MUCH more secure than the windows VPN software... Price/security tradeoff. One is Check Point. i have used this and it works well.

The other option is Windows VPN. To set this up in 2K you must have 2 NICs (one for the LAN and one for the WAN). Your 2k server in this case will also act as a router. Pic a time when you can take down the WAN access and configure the second NIC for the WAN and the other for the LAN. Then install the optional components for routing and remote access and run the configuration. Choose VPN, this will also configure it for a router, and dial up. Or you can choose dial up RAS and it will still put in the VPN ports, I think that is how I did it. Once you walk through your steps it should work. Should is the operative word. may people have trouble getting it to work, including myself. i have it working at the office but have trouble getting it going on my home network. Once it is up it works great and just like a dialup. You can restrict who has access and who doesn't, also how many can connect at once. If you haven't already I would recomend setting up DNS and using the server as you primary DNS.

let us know how it goes and what you decide to do.

They ordered me a Linksys VPN router. From what I have read on the internet it seems like I can get 2000 and XP machine to connect to it but it is also a pain in the ass.

The other option is Windows VPN. To set this up in 2K you must have 2 NICs (one for the LAN and one for the WAN). Your 2k server in this case will also act as a router. Pic a time when you can take down the WAN access and configure the second NIC for the WAN and the other for the LAN. Then install the optional components for routing and remote access and run the configuration. Choose VPN, this will also configure it for a router, and dial up. Or you can choose dial up RAS and it will still put in the VPN ports, I think that is how I did it. Once you walk through your steps it should work. Should is the operative word. may people have trouble getting it to work, including myself. i have it working at the office but have trouble getting it going on my home network. Once it is up it works great and just like a dialup. You can restrict who has access and who doesn't, also how many can connect at once. If you haven't already I would recomend setting up DNS and using the server as you primary DNS.

I put an extra NIC in the server but when ever it enable the LAN gets all screwed up. How do you make one for the LAN and one for the WAN.

The way our network is setup know we have the router as a DHCP server. Should I make the Server the DHCP server?

Yes, the first thing you should do (IMO) is to make the server the DHCP server. Connect one NIC to the linksys from the server. THe other NIC goes to the LAN. The only rout the other PCs should have to the Linksys is through the server. Configure the LAN and the WAN (the two NICs in the server) on subnets. i.e.: LAN= 10.10.10.XX, and WAN= 192.168.1.XX

You then configure the WAN nic to use the Linksys as the router (192.168.1.1) and the other NIC to use the server as the router (10.10.10.1). (these IP addresses are just for an example.

At this point test you servers connectivity to both the LAN and WAN. For the LAN you may first need to set the extras in the scope for the DHCP server to set the DNS as whatever your DNS server is, and the gateway/router as the server (10.10.10.1).

The biggest thing to keep in mind in setting this up is anything on the LAN side can only communicate with the LAN NIC and anything on the WAN side can only communicate with the WAN NIC. To get from one side to the other the server will become a router.

THat was the easy part. The next part is to configure the VPN/RAS. Use the routing and remote access configuration utility. It should walk you through step by step, but you may need to play around by enabling and dissabling it a few times. When enabled check the connectivity on the server to both again, if it is a go then try a client machine..

Hopefully this makes sense. If anyone out there has any corrections please inform us!

Thank you I will have to give this a try. I'll let you know when I do it. I will most likely not get to it until Friday or the weekend.

Well I got it going yesterday. Thank you for all your help. It went better then I thought. I'm sure that there are something's that I'm going to have to tweak in the coming weeks but when I left yesterday everything seemed to be going good (knock on wood).

The only problem is that everyone can log on except for me. When I try to log on I get "Error 619: The specified port is not connected". I'm using a win2k pro machine. The other three people that logged in were using XP or win2k pro. So its not the server that is screwed up its my machine that's screwed up. Any ideas??

Thanx

hmmm... just to cover the basics... you have allowed yourself dial in access right?

You set your dialup to the VPN the same as everyone elses?

There isn't a difference as far as I can tell with XP and 2K and vpn usability (I use both from home).

I cannot find anything exciting on Microsofts Knowledgebase (except what I paste below as a quote), but you may check it out, you know more about your structure there than I do. Do a search on Error 619 or on The specified port is not connected.

WORK AROUND: make yourself another admin account with dial-in permissions that you can use.

See if this applies:1. Start the Routing and Remote Access administrative tool.
2. Expand the options under your Remote Access Service (RAS) server's name.
3. Click Remote Access Policies , and then right-click and go to Properties on the default policy called Allow access if dial-in permission is enabled .
4. Click Edit Profile .
5. On the Dial-in Constraints tab, do one of the following:
o Clear the Restrict Dial-in Media option.

-or-
o Select Restrict Dial-in Media , and then select Ethernet and VPN from the list of options available.

6. Click Apply , and then click OK .