Howto set up a VPN

A

Asha'man X

Expert Member
Joined
Aug 31, 2006
Messages
1,401
Reaction score
23
Location
Cape Town
Hey everyone.

I've searched the net, tried reading my study books and searched through this site, but I couldn't find what I wanted to, so I thought I'd ask my question now.

I'm trying to set up a VPN server on our Windows 2003 server so that staff can access in remotely when need be. Hamachi is not up to the task, so I've decided to use the built in Windows 2003 facility. I looked at OpenVPN, and it seems a possible solution as well, but I want to avoid using third party products if possible.

Our setup is as follows:
  • Microcom ADSL router
    |
  • Symantec 320 Series Firewall
    |
  • Windows 2003 Server (one network card only)

I've already registered a Dynamic Dns name for something previously. I can forward the needed ports from the router to the firewall and then to the server from there. But I keep seeing that PPTP needs something called GRE, and L2TP needs IP Protocols 50 and 51.

I see nothing in either router of firewall to enable or forward these protocol types. Does this traffic even carry over the ADSL network without needing a special VPN package from your ISP?

As you can tell, I'm a bit lost with all of this. I know normal networking pretty well, but this stuff is pretty hectic. Playing with it in virtual machines helps to a point, but after that I get lost. I can't even seem to implement L2TP in that virtual machine.

Any help would be greatly appreciated thanks :)

EDIT: It seems the Microcom router can support VPN pass through, or so the box says. Finding information on Microcom products is not easy. The website they mention doesn't exist anymore. At least this is some progress I guess
 
Last edited:
Vpn

We are using openvpn with no problems what so ever
Easy to setup and very flexiable

why are you hesitant to use openvpn?

zak
 
You might be able to create vpn accounts on that Microcom router
 
Using Routing and Remote Access to manage VPN connections on our win2k3 box - and to log hits and logins as well.

Will have to look at openvpn at one stage - any good web sites or guides out there?
 
Thanks for the replies everyone.

@ XCalibre

I've looked through every single page on the Microcom web interface, and there is not one whiff of VPN. After reading the box it came in, it just offers VPN Passthrough, so I can only open ports and hope that the stuff related to GRE and other protocols pass through cleanly to the firewall and then the server.

@ greggpb

I don't know how the 2 would sync up, I haven't looked too much in detail yet. That is partly my reason for using the built in options from Server, everything is built to work together and intergrate well. I'm not sure if my admin skills are up to the task of managing OpenVPN actually.

@ T_L

Is there any chance you could maybe PM me a rough guide with some steps on how you got RRAS working. or at least some pointers? I've tried reading through the documentation built into RRAS, but it makes me squint after a few minutes with all the technical terms and steps. I'd appreciate it a lot.

I'm going to keep researching this, and keep playing. Eventually I'll figure out something, I hope :)
 
Last edited:
I remeber being puzzled about the GRE thing as well until I figured out it was just a tickbox that had to be turned on in the router web interface.

If you can, I really suggest you get a Linksys WRT54GL router and load the dd-wrt firmware. Everything you could possible need for a VPN setup is available with that combination.

The router manufacturers are ususally too lazy or too cheap to include a functional VPN setup in their 'consumer' products, mainly because it eats into their 'enterprise VPN' market. So it's usually up to us, (or the clever guys who write the custom firmwares) to get VPN features working on consumner routers.
 
@ Deenem

Thanks, that makes a lot of sense. I will keep the name of that router written down, and if and when this one fails, I'll make the school get that one.

Unfortunately, we had this nice old SMC router, but one holiday it just stopped working. In an emergency situation, the school bought something through an electronics firm in Cape Town. Turned out to be this Microcom piece of nonsense. I can't find a firmware update for it anywhere online. Every 6-7 days the thing also gets so sluggish it needs to be rebooted.

Maybe with the new bursar I can convince her to get a purchase up for that router. Explain how it would help with VPN and so on. Worth a try lol.

*Right, off to go investigate that router*
 
It's the dd-wrt firmware that does the job, more that the router itself.

They guy (German I think) had one of these routers and had to setup a VPN with authentication, found out it didn;t do what he wanted so he wrote a new firmware for it.

try www.dd-wrt.com
 
Thanks again Deenem, just been checking that site out. Seems very very interesting.

If we get one of these things, I presume I'd use the current Microcom router only as a "modem" and use PPoE to control it on the Linksys?

I'm just thinking that I can always put another network card into the server, and have that placed between the Linksys and the Symantec, in the DMZ. That way I can avoid opening ports on the Symantec, and I can packet filter the second network card in Windows.

I'm going to draw some diagrams and play around with config options.
 
internet <- router -> firewall -> server -> internal network

That's the way we always set it up
 
How to setup openvpn

Hi there,

Does anyone out there have a simple "how to" setup guide for openVPN:confused:
 
As noted, the router supports VPN pass-through. After finding out what that means, I have hope that VPN should work correctly here, as the router will forward it to the firewall, and the firewall into the server. The Symantec does support VPN, but I think only for their own software client or something.

I think I'll try to get PPTP up and running first, and then try L2TP, as that one is very complex.

Thanks for the help everyone. Please keep posting advice and suggestions, anything and everything helps.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X