|
A "Virtual Private Network" lets you connect two
or more machines that are physically located in different places,
but connected via the Internet. Resources can be shared between
the two machines.
Windows XP supports a VPN to a Microsoft Registration Server,
but that software will only run on Windows 2000 or 2003 servers,
it will not run on Windows XP. So if you don't have a Microsoft
Server, and only have XP machines, you can't run a Microsoft
VPN.
This is dumb.
However, there are alternatives.
 I have had success with OpenVPN. It's free, it works on XP machines,
and it's fairly easy to set up.
In my case, I had a machine running XP in my office that I
wanted to connect to a machine at home, also running XP. There
are various ways to do this, including one of the VNC (Virtual
Network Computing) utilities, LapLink, Remote Desktop Connection,
etc. All of these allow you to seize control, transfer files,
etc., but they do not set up a network connection, merely a remote
control connection. I wanted a true network connection so that
I could use a file synchronisation utility to keep the two machines
the same.
If you want a real network connection, so that you can transparently
use normal Windows programs to access files on the remote machine,
you need a Virtual Private Network.
The first thing you need to do is make the remote machine
visible on the Internet, by giving it a public name. Most machines
are connected to the Internet with a dynamic IP address, which
changes with each logon. So you need a way to make a public name
point to the current IP address.
 I experimented with several ways to do
this, and settled on No-IP.com,
which has a free utility that updates the public name of the
machine with the current IP address. Click on the section titled
"No-IP Free". They also have pay versions with more
features. The utility is called "Dynamic DNS Update Client
(DUC)".
First, you need to make one machine (the remote machine you
want to connect to) publically visible. Go to that machine and
connect to the Internet. Go to No-IP.com.
Open an account at No-IP (it's free). In the No-IP setup screens
(on their web site), set up the information for your machine
(they call it a "host"). Give your host a name (such
as "MyOffice") and select an extension to be added
after "No-IP". If you selected ".biz", for
example, your machine will have the public name "myoffice.no-ip.biz".
Since the name you choose must be unique, No-IP provides a number
of different extensions; keep trying until your name is approved.
Download and install the DUC software.
 Also, go to the UltraVNC website and download and install
the latest version of UltraVNC; it's free. This is an easy to
use remote control program that will let you look at this machine
remotely and control it. You want to install the server version
here on this machine. Assign a password, set any other options
you want.
Go to the other machine, connect to the Internet.
Login to UltraVNC again, and download and install the client
version of UltraVNC.
Run UltraVNC and specify the remote computer with its public
name ("myoffice.no-ip.biz"). If everything is working
OK, the public name will be resolved and the UltraVNC server
on the office machine will respond and ask for the password.
If this doesn't happen, you need to check that the remote
machine is on, is connected to the Internet, is running the No-IP
DUC, and is running the UltraVNC server.
In my case, it didn't work. My office machine was running
Norton Internet Security, which has a firewall that prevents
virtually everything from working, until you configure it. Taking
apart a Mercedes Benz engine and reassembling it is easier than
configuring Norton Internet Security. I spent over an hour trying
various settings and didn't get anywhere (and guess what, I'm
a guy with 40 years experience at this crap). Next day I uninstalled
Norton altogether, installed AVG Free Anti-Virus, and turned on the Windows
Firewall. Worked fine, no more access problems.
Assuming everything is OK, you can now configure OpenVPN,
using UltraVNC to set the parameters on the remote machine.
I decided to give the remote office machine the IP address
of 10.8.0.1 and the local machine 10.8.0.2. IP addresses in the
10.0.0.0 segment are private, same as the 192.168.0.0 used by
Windows machines.
Because VPN connections are encrypted for security, you need
to create a key that is specified on both ends. You create a
key file on your local machine (I called mine "static.key",
as suggested by the OpenVPN documentation) and use UltraVNC to
copy it to the remote computer. It goes in the folder C:\Program
Files\OpenVPN\config on both machines.
On the local machine, my OpenVPN configuration file looks
like this:
remote <name of remote>.no-ip.biz
dev tun
ip-win32 manual
ifconfig 10.8.0.2 10.8.0.1
secret static.key
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
route 10.0.0.0 255.255.255.0 192.168.0.1
The last line routes our private IP addresses to the shared
Internet connection at 192.168.0.1.
You also need to modify the "Hosts" file in Windows
to make the name of the remote machine visible on the local machine.
The Hosts file is located in C:\WINDOWS\system32\drivers\etc.
Open it with NotePad, and add a line for your remote computer.
If that computer is called "Gronk", for example, the
line would be
10.8.0.1 gronk
This tells Windows that when the machine Gronk is referenced,
translate that to IP address 10.8.0.1; since OpenVPN is running,
that address will be routed to the remote computer.
You can now use Windows Explorer to map a drive letter to
a share on the remote computer, using the normal syntax: \\GRONK\SHAREDDATA
for example.
One thing you will notice, and which I find annoying, is that
OpenVPN runs in a DOS command window. When you minimise it, it
occupies a position in the task bar. Since it is open all day,
this is not a good idea, task bar space is limited. To solve
this, download and install the OpenVPN GUI. it is also free. It provides
a graphic user interface for OpenVPN, eliminates the DOS command
window, and displays a small icon in the system tray at the lower
right.
23 April 2007
|
