|
|
How do I set up my own Virtual Private Network?A "Virtual Private Network" lets you connect two or more machines that are physically located in different places, but connected via the Internet. Resources can be shared between the two machines. Windows XP supports a VPN to a Microsoft Registration Server, but that software will only run on Windows 2000 or 2003 servers, it will not run on Windows XP. So if you don't have a Microsoft Server, and only have XP machines, you can't run a Microsoft VPN. This is dumb. However, there are alternatives.
In my case, I had a machine running XP in my office that I wanted to connect to a machine at home, also running XP. There are various ways to do this, including one of the VNC (Virtual Network Computing) utilities, LapLink, Remote Desktop Connection, etc. All of these allow you to seize control, transfer files, etc., but they do not set up a network connection, merely a remote control connection. I wanted a true network connection so that I could use a file synchronisation utility to keep the two machines the same. If you want a real network connection, so that you can transparently use normal Windows programs to access files on the remote machine, you need a Virtual Private Network. The first thing you need to do is make the remote machine visible on the Internet, by giving it a public name. Most machines are connected to the Internet with a dynamic IP address, which changes with each logon. So you need a way to make a public name point to the current IP address.
First, you need to make one machine (the remote machine you want to connect to) publically visible. Go to that machine and connect to the Internet. Go to No-IP.com. Open an account at No-IP (it's free). In the No-IP setup screens (on their web site), set up the information for your machine (they call it a "host"). Give your host a name (such as "MyOffice") and select an extension to be added after "No-IP". If you selected ".biz", for example, your machine will have the public name "myoffice.no-ip.biz". Since the name you choose must be unique, No-IP provides a number of different extensions; keep trying until your name is approved. Download and install the DUC software.
Go to the other machine, connect to the Internet. Login to UltraVNC again, and download and install the client version of UltraVNC. Run UltraVNC and specify the remote computer with its public name ("myoffice.no-ip.biz"). If everything is working OK, the public name will be resolved and the UltraVNC server on the office machine will respond and ask for the password. If this doesn't happen, you need to check that the remote machine is on, is connected to the Internet, is running the No-IP DUC, and is running the UltraVNC server. In my case, it didn't work. My office machine was running Norton Internet Security, which has a firewall that prevents virtually everything from working, until you configure it. Taking apart a Mercedes Benz engine and reassembling it is easier than configuring Norton Internet Security. I spent over an hour trying various settings and didn't get anywhere (and guess what, I'm a guy with 40 years experience at this crap). Next day I uninstalled Norton altogether, installed AVG Free Anti-Virus, and turned on the Windows Firewall. Worked fine, no more access problems. Assuming everything is OK, you can now configure OpenVPN, using UltraVNC to set the parameters on the remote machine. I decided to give the remote office machine the IP address of 10.8.0.1 and the local machine 10.8.0.2. IP addresses in the 10.0.0.0 segment are private, same as the 192.168.0.0 used by Windows machines. Because VPN connections are encrypted for security, you need to create a key that is specified on both ends. You create a key file on your local machine (I called mine "static.key", as suggested by the OpenVPN documentation) and use UltraVNC to copy it to the remote computer. It goes in the folder C:\Program Files\OpenVPN\config on both machines. On the local machine, my OpenVPN configuration file looks like this: remote <name of remote>.no-ip.biz The last line routes our private IP addresses to the shared Internet connection at 192.168.0.1. You also need to modify the "Hosts" file in Windows to make the name of the remote machine visible on the local machine. The Hosts file is located in C:\WINDOWS\system32\drivers\etc. Open it with NotePad, and add a line for your remote computer. If that computer is called "Gronk", for example, the line would be 10.8.0.1 gronk This tells Windows that when the machine Gronk is referenced, translate that to IP address 10.8.0.1; since OpenVPN is running, that address will be routed to the remote computer. You can now use Windows Explorer to map a drive letter to a share on the remote computer, using the normal syntax: \\GRONK\SHAREDDATA for example. One thing you will notice, and which I find annoying, is that OpenVPN runs in a DOS command window. When you minimise it, it occupies a position in the task bar. Since it is open all day, this is not a good idea, task bar space is limited. To solve this, download and install the OpenVPN GUI. it is also free. It provides a graphic user interface for OpenVPN, eliminates the DOS command window, and displays a small icon in the system tray at the lower right.  If you got here via a search engine, click here to go to the start |
Spy Proof Your Computer!
|
