setting up a vpn server..

[dispid]

ive never done this before and id like some info on how to go about creating a vpn server.. i think your supposed to go through the wizard, but when i get to the part about selecting a connection device.. alli see listed is my Parallel port (lpt1). do i have to have a ras for a vpn? or is it as easy as going through the wizard? the help in w2k hasnt been to helpful so i have come here for more info..
thanks.

 

[Vero]

Ok, but I need to reach the computers on the other subnet. Can I use a computer as a gateway? Does it work? Thank you again.

 

[Jpoandl]

It would be much easier to change the IP address of the other computer so that it is on the private network? Is that possible?

To be honest, I don't have a lot of experience with VPN's. I just started getting into it with the Windows 2000 products. The only VPN concept I am familiar with is when you want external users to access your private network. To do this, you need a server that has a public IP address on the internet (or lab environment). This server becomes your VPN server. The client connects to the VPN server and is allowed access to the internal network.

But in your situation, it seems that you want the client not only access to the internal network, but you want him/her to have access to a seperate (non-VPN) server with a Public IP address. (This user doesn't really need a VPN connection at all then. He could just connect to this server on the internet.) However, if you wanted to do this you probably could through a router or a muti-homed server. My head is starting to hurt thinking about this. I don't think I can offer too much advice here...I simply don't have any experience in doing this. I would have to try this myslef to see if it could work.

Let me know how you make out!

-later



Joseph L. Poandl
MCSE 2000

 

[Vero]

Yes, my network is not so simple, so I thought to start simler thing: have a VPN connection to the private network, the rest will come. But it doesn't work, my client still can't see the privete network in the My network places but can access them from Find. I'm going cazy, I can't find what's wrong. I think I will re-install everything, I hope this will be usefull. Thank you again, you will find me in this forum with some other crazy question.

 

[Jpoandl]

I think if you rebuild and start from scratch you will run into the same problem.

I think you can't browse because you VPN client doesn't have access to DNS or WINS(needed for backwards compatability.). Without these services, the client won't be able to resolve names. (I'm actually still confused on how 2000 handles browsing. I need to look into this further.)

Before you rebuild environment, I would promote RRAS server using DCPROMO. If that doesn't fix browsing, add DNS. If still not able to browse, add WINS. If still having problems, create local HOST files on VPN client.

Just guessing at this point....

Joseph L. Poandl
MCSE 2000

 

[Binks7]

Vero:

I've had this same problem. I enabled WINs and made sure the clients and server had NetBEUI installed. to see computers in Network Neiborhood, try using the same workgroup name on the clients as on the computers you want to browse. I don't know all the whys,but it worked for me.

 

[Guest_imported]

Does anyone know if windows xp pro has built in vpn server capabilities?
Thanks
qusrron9@yahoo.com

 

[Guest_imported]

Im trying to set up a VPN using W2K Server and W98 laptop. I have configured everything as it should be (I think!). When i try to connect to the server through the laptop, i get the following error: Error 691.... WHY?
Any help would be appreciated. Thanks

 

[Binks7]

Many different things can cause an error 691. Specifically, you can get a 691 on a 98 client if the Authentication methods on the server - the MS-CHAP and CHAP boxes are not checked. Open RRAS, right click on the server, Properties, check the authentication methods. Also, you will get a 691 if the router is not forwarding the TCP ports 1723 and 47 to the server. In this case the GRE header sent back through the router from the server to authenticate is stopped at the router, so authentication back to the client cannot occur. Check to see if the router can pass GRE headers from Win2k server. Many routers cannot because of a hardware limitation. You might make sure these ports are open if possible. What router are you using?

 

[Guest_imported]

Thanks Binks7,
Im using the Windows Authentication and the MS-CHAP and CHAP boxes are checked. Im using RRAS on the W2K server. Ive just done a clean install of W2K server to get all the default settings back. I have enable the RRAS and made sure that "administrator" has rights for remote access. It seems I am missing out on the simplicity of this "easy to do" VPN setup! I am 100% positive that the W98 laptop is configured properly for VPN, but the problem seems to lie in configuration of the server. What am I missing??
Thanks again for the assistance.

 

[Binks7]

Sorry to ask this, but do you have a second or additional dial-up adapter configured for VPN support on the client? Sometimes this is left out of the published procedures for client setup. This could also give you a 691. Also, if the IAS service is not running or installed. Check your Remote Access Policies in the RRAS. Make sure the radio button to "Grant Access" if condition is met is enabled. I've found it to default to "Deny" after SP2 was installed. A 691 is still an error, but it means you are close. Hang in there. When you select the VPN adapter, do you get the "verifying user name and password" box before it gives the 691 error?

 

[Guest_imported]

Yes,I have a second dial-up adapter configured for the VPN on the laptop. Also, IAS is loaded and running. After many frustrating hours, yesterday i was getting the verifying user name window, but today im not. Today im getting an error 678... unreasonable amount of time. Dont worry, im not giving up on this!! I will win!!!

 

[Binks7]

I assume you are using RRAS to assign a static IP to the client, not DHCP. And have assigned an address pool. Can you see the PPTP ports when you click on ports in RRAS? Is RRAS setup as a Router and Remote access? Is IGMP on the local connection enabled and as a router? You have probably done all this. I will have to think on this - it will be something simple.

 

[Guest_imported]

I have set up a static IP address pool of 10.0.0.0 to 10.0.0.5. I am now experiencing the issue of error 678 on the laptop. It doesnt appear that they can connect.. hmmm I wonder what I did?? Guess I should be logging my every move!! To late now! I still think the issue lies somewhere within my server setup. I wonder if I should try another clean install of the server and start from scratch!!?!

 

[Binks7]

A 678 is basically a "no answer" by the server. Before you re-install, you might try deleting the server in RRAS and re-enabling. Make sure your PPTP ports are configured and visible. Although this usually returns a "VPN connection refused" rather than a timeout. What's the brand and model of your router?

 

[Guest_imported]

im using my W2K server as the router.... im gonna take a break and clear my head... sometimes that seems to do the trick!!!

 

[Guest_imported]

I tried to disable and then re-enabled the RRAS. In the ports, there is a long list of PPTP ports as well as L2TP ports listed (all inactive). IGMP is enabled as a router. Next?

 

[Binks7]

Sorry, I wasn't clear. What I meant as the router is the server's interface to the internet, a modem, DSL modem - router. If you can ping the gateway and the server from the client, and your settings are probably correct, then you should be able to connect. This is unless the router is blocking the authentication back to the client. It would be my guess that you probably have done everything correctly, but the router will not pass the GRE encapsulation back to the client. For example: DLink routers will not pass this encapsulation, so they cannot be used for Microsoft VPN's with a Win2k server. Try to Telnet to your router to discover its setup. Go to Start, run, type Telnet and the IP address of the gateway (router): example Telnet 209.245.212.206 TCP port 1723 must be open to pass the PPTP used by the Win98 client and TCP port 47 must be open to pass the GRE header back from Win2k server. Many a router will not work. I do not even know of one ISDN product that works in this configuration. Third party VPN client software must be used. You can check your client setup and RRAs by setting up a VPN adapter on a workstation on the LAN - It should connect, and you will see the connection in the Remote Clients in the RRAS. If this checks out - you definitely have a router problem. Let me know what router you are using.

 

[Guest_imported]

i have a rogers cable modem on the server unit. im going through a clean install.... seems i had a hard drive issue..i will start from scratch and let you know how it goes from there... thanks for the directions so far... im sure you have not seen the last of me!!

 

[horsey1]

trying to set up a wireless network and use VPN.....2 nics............everything works
fine ( can ping from the server to the wireless hub on 1 network an any device on
the private network ). I than configure the "routing and remote access" and than
can no longer ping the wireless hub......disable "routing" and I can ping again ??
This is new to me.........is it something simple ??
thanks.