Vista Forums - View Single Post

08-09-2007

Great.

However, once I set up Vista this way to function as a VPN server over the
Internet, how do I access it from the client? Can I work with the Vista VPN
server like I could with Remote Desktop?

And are there any inherent security weaknesses in Vista if I set it up to
function as a VPN server over the Internet?

Thanks.

"Jesper" wrote:

> Aah, no, that was not clear. If you want to turn your workstation into a VPN
> server then you need two things:
> 1. A way to find the system. Dynamic DNS, like what you can get from
> DynDNS.org, works well.
> 2. A way to reach it. If the system is directly on the Internet with a
> public address then you already have this. If your system is configured with
> a non-routable address behind a NAT router you need to turn on port
> forwarding on the NAT router. If you are using PPTP you need the router to
> forward protocol 47 and TCP port 1723 to your computer.
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/047...otectyourwi-20
>
>
> "JJ" wrote:
>
> > Hi:
> >
> > I don't think I've communicated my question right.
> >
> > Here's what I want to do:
> > 1. Enable incoming connections on my Vista PC at home from Network & Sharing
> > Center -> Manage Network Connections -> File -> New Incoming Connection.
> > 2. Once I set that up, I would like to connect to this PC from my laptop
> > over the Internet (how?)
> >
> > How do I address my Vista PC over the Internet? It either has to have a
> > static and public IP address or a host name registered in the global DNS
> > pointing to a static and public IP address or a simulated static and public
> > IP address (through dynamic DNS).
> >
> > Please enlighten me.
> >
> > Thanks.
> >
> > "Jesper" wrote:
> >
> > > It will work the same way any other packet that goes through a network
> > > address translator works (DHCP is entirely orthogonal to this issue). PPTP,
> > > proposed in RFC 2637, simply encapsulates a TCP or UDP session in a GRE
> > > packet. The surrounding IP packet gets address translated just like any other
> > > traffic, in accordance with RFC 2663.
> > >
> > > This is the same way IPsec works, except that IPsec validates the source
> > > address on the encapsulating packet. Therefore you have to use IPsec NAT-T,
> > > per RFCs 3715, 3947, and 3948, and perform the encapsulation inside a UDP
> > > packet instead of GRE. That's all handled automatically by the stack in
> > > Windows.
> > >
> > > When you connect you get an address local to the remote network. That
> > > address is link-local to the VPN head-end and it will respond to ARP messages
> > > for that address. When it gets a request for that address it simply
> > > encapsulates the packet and ships it to you across the VPN.
> > >
> > > This stuff has worked for 10 years at least, longer if you count pre-cursor
> > > technologies like PPP. It's not exactly new technology.
> > > ---
> > > Your question may already be answered in Windows Vista Security:
> > > http://www.amazon.com/gp/product/047...otectyourwi-20
> > >
> > >
> > > "JJ" wrote:
> > >
> > > > Well, how is it going to work over the Internet if the Vista PC doesn't have
> > > > a static and public IP address?
> > > >
> > > > Thx.
> > > >
> > > > "Jesper" wrote:
> > > >
> > > > > Yes.
> > > > > ---
> > > > > Your question may already be answered in Windows Vista Security:
> > > > > http://www.amazon.com/gp/product/047...otectyourwi-20
> > > > >
> > > > >
> > > > > "JJ" wrote:
> > > > >
> > > > > > Can this work with Vista over the Internet?
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > > "Jesper" wrote:
> > > > > >
> > > > > > > PPTP is a perfectly acceptable VPN technology, although IPsec is a more
> > > > > > > common technology to use now. Both use encrypted connections (which is
> > > > > > > essentially the definition of VPN) and neither needs static addresses.
> > > > > > > ---
> > > > > > > Your question may already be answered in Windows Vista Security:
> > > > > > > http://www.amazon.com/gp/product/047...otectyourwi-20
> > > > > > >
> > > > > > >
> > > > > > > "JJ" wrote:
> > > > > > >
> > > > > > > > Hi:
> > > > > > > >
> > > > > > > > I found an interesting article on the Web while searching for a VPN solution
> > > > > > > > that runs on Vista:
> > > > > > > > http://theillustratednetwork.mvps.or...P/PPTPVPN.html
> > > > > > > >
> > > > > > > > This solution is built into Vista. Is this secure? Does this use encrypted
> > > > > > > > connnections? And wouldn't I need a static and public IP address for the PC
> > > > > > > > running Vista for this to work?
> > > > > > > >
> > > > > > > > Thx.
> > > > > > > >

08-09-2007	#9 (permalink)
JJ n/a posts	RE: Vista VPN Great. However, once I set up Vista this way to function as a VPN server over the Internet, how do I access it from the client? Can I work with the Vista VPN server like I could with Remote Desktop? And are there any inherent security weaknesses in Vista if I set it up to function as a VPN server over the Internet? Thanks. "Jesper" wrote: > Aah, no, that was not clear. If you want to turn your workstation into a VPN > server then you need two things: > 1. A way to find the system. Dynamic DNS, like what you can get from > DynDNS.org, works well. > 2. A way to reach it. If the system is directly on the Internet with a > public address then you already have this. If your system is configured with > a non-routable address behind a NAT router you need to turn on port > forwarding on the NAT router. If you are using PPTP you need the router to > forward protocol 47 and TCP port 1723 to your computer. > --- > Your question may already be answered in Windows Vista Security: > http://www.amazon.com/gp/product/047...otectyourwi-20 > > > "JJ" wrote: > > > Hi: > > > > I don't think I've communicated my question right. > > > > Here's what I want to do: > > 1. Enable incoming connections on my Vista PC at home from Network & Sharing > > Center -> Manage Network Connections -> File -> New Incoming Connection. > > 2. Once I set that up, I would like to connect to this PC from my laptop > > over the Internet (how?) > > > > How do I address my Vista PC over the Internet? It either has to have a > > static and public IP address or a host name registered in the global DNS > > pointing to a static and public IP address or a simulated static and public > > IP address (through dynamic DNS). > > > > Please enlighten me. > > > > Thanks. > > > > "Jesper" wrote: > > > > > It will work the same way any other packet that goes through a network > > > address translator works (DHCP is entirely orthogonal to this issue). PPTP, > > > proposed in RFC 2637, simply encapsulates a TCP or UDP session in a GRE > > > packet. The surrounding IP packet gets address translated just like any other > > > traffic, in accordance with RFC 2663. > > > > > > This is the same way IPsec works, except that IPsec validates the source > > > address on the encapsulating packet. Therefore you have to use IPsec NAT-T, > > > per RFCs 3715, 3947, and 3948, and perform the encapsulation inside a UDP > > > packet instead of GRE. That's all handled automatically by the stack in > > > Windows. > > > > > > When you connect you get an address local to the remote network. That > > > address is link-local to the VPN head-end and it will respond to ARP messages > > > for that address. When it gets a request for that address it simply > > > encapsulates the packet and ships it to you across the VPN. > > > > > > This stuff has worked for 10 years at least, longer if you count pre-cursor > > > technologies like PPP. It's not exactly new technology. > > > --- > > > Your question may already be answered in Windows Vista Security: > > > http://www.amazon.com/gp/product/047...otectyourwi-20 > > > > > > > > > "JJ" wrote: > > > > > > > Well, how is it going to work over the Internet if the Vista PC doesn't have > > > > a static and public IP address? > > > > > > > > Thx. > > > > > > > > "Jesper" wrote: > > > > > > > > > Yes. > > > > > --- > > > > > Your question may already be answered in Windows Vista Security: > > > > > http://www.amazon.com/gp/product/047...otectyourwi-20 > > > > > > > > > > > > > > > "JJ" wrote: > > > > > > > > > > > Can this work with Vista over the Internet? > > > > > > > > > > > > Thanks. > > > > > > > > > > > > "Jesper" wrote: > > > > > > > > > > > > > PPTP is a perfectly acceptable VPN technology, although IPsec is a more > > > > > > > common technology to use now. Both use encrypted connections (which is > > > > > > > essentially the definition of VPN) and neither needs static addresses. > > > > > > > --- > > > > > > > Your question may already be answered in Windows Vista Security: > > > > > > > http://www.amazon.com/gp/product/047...otectyourwi-20 > > > > > > > > > > > > > > > > > > > > > "JJ" wrote: > > > > > > > > > > > > > > > Hi: > > > > > > > > > > > > > > > > I found an interesting article on the Web while searching for a VPN solution > > > > > > > > that runs on Vista: > > > > > > > > http://theillustratednetwork.mvps.or...P/PPTPVPN.html > > > > > > > > > > > > > > > > This solution is built into Vista. Is this secure? Does this use encrypted > > > > > > > > connnections? And wouldn't I need a static and public IP address for the PC > > > > > > > > running Vista for this to work? > > > > > > > > > > > > > > > > Thx. > > > > > > > >
My System Specs