Help! I'm stuck trying to setup Vista for VPN access (pesonal use only)

aph · 17 Jun 2008 at 14:50

I'd like to be able to access certain files on my computer when I'm out.

I don't want to use a service like Hamachi. I want to be at a computer (XP or Vista) and be able to connect to my home computer and access files without installing any software.

I'm using Be* Broadband. They told me their router will allow VPN. This is the guidance I got for setting it up.

Code:

Thank you for contacting us.

Here are the basic steps you need to setup the VPN connection:

Login to the Be Box page: http://192.168.1.254 
-In the Be Box main menu click on ¿Toolbox¿ 
-Under ¿Toolbox¿ click on the option ¿Game & application sharing¿ 
-In ¿Game and application sharing¿ click the task ¿Assign a game or application to a local network¿ 
-Choose ¿IPSEC application¿ and assign it to your computer. Your computer will be visible in the list with the name that has been assigned to your computer 
-Then choose ¿PPTP application¿ and assign it to your computer 
-If you have a VPN, you will also need to configure the settings on your VPN client on your computer. This is because your VPN client is behind a NAT router using udp forwarding. Please confirm this with your system administrator who is responsible for maintaining your VPN client. 

Also go to Start -> Run -> cmd <enter>
telnet 192.168.1.254 <enter>
Authenticate with the username and password
(by default Administrator and blank for password)

service system ifdelete name=HTTPs group=wan <enter>

saveall <enter>

exit <enter>

These steps should allow you to run VPN behind NAT without any difficulties.

I then followed the steps on this website for setting up Vista as a VPN Server:

http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html

The point at which I got stuck/confused was here...

Code:

If remote VPN users will be allowed to access the home local area network check the Allow callers to access my local area network checkbox.
Configure the IP address assignment window using IP addresses in the same subnet as the VPN server PC and LAN (see the example local area network).
In the following example the From: address is the address assigned to the VPN gateway and the To: address is assigned to the incoming VPN client.
Click OK when finished.

Reason being that the example given was this:

It showed a sequence of ip adresses.

My router's IP address is - 192.168.1.254

I can't go higher than this IP address - so what do I put in the "To" IP address box.

I presume if I get this correct. I could be say at starbucks with my laptop. Choose to create a VPN. Enter the IP address. Enter the username and password and connect to my home computer.

What I'm confused about is supposing I told two computers in my house to accept incoming VPN connections - how would my router know which to forward to. Was that done above where I setup the PPTP and IPSEC forwarding.

As you can see I'm trying to get my head around this - but it's all very new to me.

Help would be greatly appreciated

paradigm · 17 Jun 2008 at 16:03

If you have enabled PPTP and IPSEC passthrough, your router isn't acting as a VPN server, you are entrusting that job to something on the inside of your LAN, therefore you should only use one of your PC's to listen for incoming point-to-point VPN connections.

The IP range that Vista is asking you for, just has to be on the same subnet as your PC and router (ie. router: 192.168.1.254, PC: 192.168.1.1, set the range to something like 192.168.1.100 - 192.168.1.120 - but try to set it to a range which your DHCP server doesn't assign addresses in).

aph · 17 Jun 2008 at 16:23

Thanks paradigm

I see. Well I was just saying "what if... two computers were setup for incoming vpn connections"

I haven't actually done so. Only one of the computers is.

I'm slightly confused by the example you gave me for the IP range.

Setting the range at 192.168.1.100 - 192.168.1.120

would mean that my computer (with an IP address of 192.168.1.5) and the Gateway (192.168.1.254) would be outside of this range.

Is that the way it should be?

Sorry if this seems like a really stupid question. I'm not simple (i hope), just rather uneducated in this area of computing =/

paradigm · 17 Jun 2008 at 19:03

Your network will be set up with the "subnet" 192.168.1.x (where x is a number between 1 and 255). This is defined with the "subnet mask" of 255.255.255.0.

So, any computer with an IP address of 192.168.1.xxx will be on the same "subnet" as your router and your PC.

The only reason I say to give the dial in users a range of IP's that isn't within your DHCP scope, is so that you never have two PC's trying to use the same internal IP address.

You should set up your router to only give out say addresses between 192.168.1.1 - 192.168.1.99, and your dial in users (set by that dialogue box in vista) to 192.168.1.100 -192.168.1.120.

aph · 17 Jun 2008 at 20:14

Spot on. Well explained. I understand you now

Out of curiousity - is there a way I can check to see if the VPN connection is working... without going to say a friends house and attempting to connect.

Just that if it isn't set up properly it's a pain to have to keep travelling to and from to see if its working.

I can't think of one off the top of my head though :|

paradigm · 18 Jun 2008 at 08:58

Use a dial-up modem?