Vista VPN

  • Thread starter Thread starter JJ
  • Start date Start date
RE: Vista VPN

PPTP is a perfectly acceptable VPN technology, although IPsec is a more
common technology to use now. Both use encrypted connections (which is
essentially the definition of VPN) and neither needs static addresses.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


"JJ" wrote:

> Hi:
>
> I found an interesting article on the Web while searching for a VPN solution
> that runs on Vista:
> http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
>
> This solution is built into Vista. Is this secure? Does this use encrypted
> connnections? And wouldn't I need a static and public IP address for the PC
> running Vista for this to work?
>
> Thx.
>
 
RE: Vista VPN

Can this work with Vista over the Internet?

Thanks.

"Jesper" wrote:

> PPTP is a perfectly acceptable VPN technology, although IPsec is a more
> common technology to use now. Both use encrypted connections (which is
> essentially the definition of VPN) and neither needs static addresses.
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
>
>
> "JJ" wrote:
>
> > Hi:
> >
> > I found an interesting article on the Web while searching for a VPN solution
> > that runs on Vista:
> > http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
> >
> > This solution is built into Vista. Is this secure? Does this use encrypted
> > connnections? And wouldn't I need a static and public IP address for the PC
> > running Vista for this to work?
> >
> > Thx.
> >
 
RE: Vista VPN

Yes.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


"JJ" wrote:

> Can this work with Vista over the Internet?
>
> Thanks.
>
> "Jesper" wrote:
>
> > PPTP is a perfectly acceptable VPN technology, although IPsec is a more
> > common technology to use now. Both use encrypted connections (which is
> > essentially the definition of VPN) and neither needs static addresses.
> > ---
> > Your question may already be answered in Windows Vista Security:
> > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> >
> >
> > "JJ" wrote:
> >
> > > Hi:
> > >
> > > I found an interesting article on the Web while searching for a VPN solution
> > > that runs on Vista:
> > > http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
> > >
> > > This solution is built into Vista. Is this secure? Does this use encrypted
> > > connnections? And wouldn't I need a static and public IP address for the PC
> > > running Vista for this to work?
> > >
> > > Thx.
> > >
 
RE: Vista VPN

Well, how is it going to work over the Internet if the Vista PC doesn't have
a static and public IP address?

Thx.

"Jesper" wrote:

> Yes.
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
>
>
> "JJ" wrote:
>
> > Can this work with Vista over the Internet?
> >
> > Thanks.
> >
> > "Jesper" wrote:
> >
> > > PPTP is a perfectly acceptable VPN technology, although IPsec is a more
> > > common technology to use now. Both use encrypted connections (which is
> > > essentially the definition of VPN) and neither needs static addresses.
> > > ---
> > > Your question may already be answered in Windows Vista Security:
> > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > >
> > >
> > > "JJ" wrote:
> > >
> > > > Hi:
> > > >
> > > > I found an interesting article on the Web while searching for a VPN solution
> > > > that runs on Vista:
> > > > http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
> > > >
> > > > This solution is built into Vista. Is this secure? Does this use encrypted
> > > > connnections? And wouldn't I need a static and public IP address for the PC
> > > > running Vista for this to work?
> > > >
> > > > Thx.
> > > >
 
RE: Vista VPN

It will work the same way any other packet that goes through a network
address translator works (DHCP is entirely orthogonal to this issue). PPTP,
proposed in RFC 2637, simply encapsulates a TCP or UDP session in a GRE
packet. The surrounding IP packet gets address translated just like any other
traffic, in accordance with RFC 2663.

This is the same way IPsec works, except that IPsec validates the source
address on the encapsulating packet. Therefore you have to use IPsec NAT-T,
per RFCs 3715, 3947, and 3948, and perform the encapsulation inside a UDP
packet instead of GRE. That's all handled automatically by the stack in
Windows.

When you connect you get an address local to the remote network. That
address is link-local to the VPN head-end and it will respond to ARP messages
for that address. When it gets a request for that address it simply
encapsulates the packet and ships it to you across the VPN.

This stuff has worked for 10 years at least, longer if you count pre-cursor
technologies like PPP. It's not exactly new technology.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


"JJ" wrote:

> Well, how is it going to work over the Internet if the Vista PC doesn't have
> a static and public IP address?
>
> Thx.
>
> "Jesper" wrote:
>
> > Yes.
> > ---
> > Your question may already be answered in Windows Vista Security:
> > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> >
> >
> > "JJ" wrote:
> >
> > > Can this work with Vista over the Internet?
> > >
> > > Thanks.
> > >
> > > "Jesper" wrote:
> > >
> > > > PPTP is a perfectly acceptable VPN technology, although IPsec is a more
> > > > common technology to use now. Both use encrypted connections (which is
> > > > essentially the definition of VPN) and neither needs static addresses.
> > > > ---
> > > > Your question may already be answered in Windows Vista Security:
> > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > >
> > > >
> > > > "JJ" wrote:
> > > >
> > > > > Hi:
> > > > >
> > > > > I found an interesting article on the Web while searching for a VPN solution
> > > > > that runs on Vista:
> > > > > http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
> > > > >
> > > > > This solution is built into Vista. Is this secure? Does this use encrypted
> > > > > connnections? And wouldn't I need a static and public IP address for the PC
> > > > > running Vista for this to work?
> > > > >
> > > > > Thx.
> > > > >
 
RE: Vista VPN

Hi:

I don't think I've communicated my question right.

Here's what I want to do:
1. Enable incoming connections on my Vista PC at home from Network & Sharing
Center -> Manage Network Connections -> File -> New Incoming Connection.
2. Once I set that up, I would like to connect to this PC from my laptop
over the Internet (how?)

How do I address my Vista PC over the Internet? It either has to have a
static and public IP address or a host name registered in the global DNS
pointing to a static and public IP address or a simulated static and public
IP address (through dynamic DNS).

Please enlighten me.

Thanks.

"Jesper" wrote:

> It will work the same way any other packet that goes through a network
> address translator works (DHCP is entirely orthogonal to this issue). PPTP,
> proposed in RFC 2637, simply encapsulates a TCP or UDP session in a GRE
> packet. The surrounding IP packet gets address translated just like any other
> traffic, in accordance with RFC 2663.
>
> This is the same way IPsec works, except that IPsec validates the source
> address on the encapsulating packet. Therefore you have to use IPsec NAT-T,
> per RFCs 3715, 3947, and 3948, and perform the encapsulation inside a UDP
> packet instead of GRE. That's all handled automatically by the stack in
> Windows.
>
> When you connect you get an address local to the remote network. That
> address is link-local to the VPN head-end and it will respond to ARP messages
> for that address. When it gets a request for that address it simply
> encapsulates the packet and ships it to you across the VPN.
>
> This stuff has worked for 10 years at least, longer if you count pre-cursor
> technologies like PPP. It's not exactly new technology.
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
>
>
> "JJ" wrote:
>
> > Well, how is it going to work over the Internet if the Vista PC doesn't have
> > a static and public IP address?
> >
> > Thx.
> >
> > "Jesper" wrote:
> >
> > > Yes.
> > > ---
> > > Your question may already be answered in Windows Vista Security:
> > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > >
> > >
> > > "JJ" wrote:
> > >
> > > > Can this work with Vista over the Internet?
> > > >
> > > > Thanks.
> > > >
> > > > "Jesper" wrote:
> > > >
> > > > > PPTP is a perfectly acceptable VPN technology, although IPsec is a more
> > > > > common technology to use now. Both use encrypted connections (which is
> > > > > essentially the definition of VPN) and neither needs static addresses.
> > > > > ---
> > > > > Your question may already be answered in Windows Vista Security:
> > > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > > >
> > > > >
> > > > > "JJ" wrote:
> > > > >
> > > > > > Hi:
> > > > > >
> > > > > > I found an interesting article on the Web while searching for a VPN solution
> > > > > > that runs on Vista:
> > > > > > http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
> > > > > >
> > > > > > This solution is built into Vista. Is this secure? Does this use encrypted
> > > > > > connnections? And wouldn't I need a static and public IP address for the PC
> > > > > > running Vista for this to work?
> > > > > >
> > > > > > Thx.
> > > > > >
 
RE: Vista VPN

Aah, no, that was not clear. If you want to turn your workstation into a VPN
server then you need two things:
1. A way to find the system. Dynamic DNS, like what you can get from
DynDNS.org, works well.
2. A way to reach it. If the system is directly on the Internet with a
public address then you already have this. If your system is configured with
a non-routable address behind a NAT router you need to turn on port
forwarding on the NAT router. If you are using PPTP you need the router to
forward protocol 47 and TCP port 1723 to your computer.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


"JJ" wrote:

> Hi:
>
> I don't think I've communicated my question right.
>
> Here's what I want to do:
> 1. Enable incoming connections on my Vista PC at home from Network & Sharing
> Center -> Manage Network Connections -> File -> New Incoming Connection.
> 2. Once I set that up, I would like to connect to this PC from my laptop
> over the Internet (how?)
>
> How do I address my Vista PC over the Internet? It either has to have a
> static and public IP address or a host name registered in the global DNS
> pointing to a static and public IP address or a simulated static and public
> IP address (through dynamic DNS).
>
> Please enlighten me.
>
> Thanks.
>
> "Jesper" wrote:
>
> > It will work the same way any other packet that goes through a network
> > address translator works (DHCP is entirely orthogonal to this issue). PPTP,
> > proposed in RFC 2637, simply encapsulates a TCP or UDP session in a GRE
> > packet. The surrounding IP packet gets address translated just like any other
> > traffic, in accordance with RFC 2663.
> >
> > This is the same way IPsec works, except that IPsec validates the source
> > address on the encapsulating packet. Therefore you have to use IPsec NAT-T,
> > per RFCs 3715, 3947, and 3948, and perform the encapsulation inside a UDP
> > packet instead of GRE. That's all handled automatically by the stack in
> > Windows.
> >
> > When you connect you get an address local to the remote network. That
> > address is link-local to the VPN head-end and it will respond to ARP messages
> > for that address. When it gets a request for that address it simply
> > encapsulates the packet and ships it to you across the VPN.
> >
> > This stuff has worked for 10 years at least, longer if you count pre-cursor
> > technologies like PPP. It's not exactly new technology.
> > ---
> > Your question may already be answered in Windows Vista Security:
> > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> >
> >
> > "JJ" wrote:
> >
> > > Well, how is it going to work over the Internet if the Vista PC doesn't have
> > > a static and public IP address?
> > >
> > > Thx.
> > >
> > > "Jesper" wrote:
> > >
> > > > Yes.
> > > > ---
> > > > Your question may already be answered in Windows Vista Security:
> > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > >
> > > >
> > > > "JJ" wrote:
> > > >
> > > > > Can this work with Vista over the Internet?
> > > > >
> > > > > Thanks.
> > > > >
> > > > > "Jesper" wrote:
> > > > >
> > > > > > PPTP is a perfectly acceptable VPN technology, although IPsec is a more
> > > > > > common technology to use now. Both use encrypted connections (which is
> > > > > > essentially the definition of VPN) and neither needs static addresses.
> > > > > > ---
> > > > > > Your question may already be answered in Windows Vista Security:
> > > > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > > > >
> > > > > >
> > > > > > "JJ" wrote:
> > > > > >
> > > > > > > Hi:
> > > > > > >
> > > > > > > I found an interesting article on the Web while searching for a VPN solution
> > > > > > > that runs on Vista:
> > > > > > > http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
> > > > > > >
> > > > > > > This solution is built into Vista. Is this secure? Does this use encrypted
> > > > > > > connnections? And wouldn't I need a static and public IP address for the PC
> > > > > > > running Vista for this to work?
> > > > > > >
> > > > > > > Thx.
> > > > > > >
 
RE: Vista VPN

Great.

However, once I set up Vista this way to function as a VPN server over the
Internet, how do I access it from the client? Can I work with the Vista VPN
server like I could with Remote Desktop?

And are there any inherent security weaknesses in Vista if I set it up to
function as a VPN server over the Internet?

Thanks.

"Jesper" wrote:

> Aah, no, that was not clear. If you want to turn your workstation into a VPN
> server then you need two things:
> 1. A way to find the system. Dynamic DNS, like what you can get from
> DynDNS.org, works well.
> 2. A way to reach it. If the system is directly on the Internet with a
> public address then you already have this. If your system is configured with
> a non-routable address behind a NAT router you need to turn on port
> forwarding on the NAT router. If you are using PPTP you need the router to
> forward protocol 47 and TCP port 1723 to your computer.
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
>
>
> "JJ" wrote:
>
> > Hi:
> >
> > I don't think I've communicated my question right.
> >
> > Here's what I want to do:
> > 1. Enable incoming connections on my Vista PC at home from Network & Sharing
> > Center -> Manage Network Connections -> File -> New Incoming Connection.
> > 2. Once I set that up, I would like to connect to this PC from my laptop
> > over the Internet (how?)
> >
> > How do I address my Vista PC over the Internet? It either has to have a
> > static and public IP address or a host name registered in the global DNS
> > pointing to a static and public IP address or a simulated static and public
> > IP address (through dynamic DNS).
> >
> > Please enlighten me.
> >
> > Thanks.
> >
> > "Jesper" wrote:
> >
> > > It will work the same way any other packet that goes through a network
> > > address translator works (DHCP is entirely orthogonal to this issue). PPTP,
> > > proposed in RFC 2637, simply encapsulates a TCP or UDP session in a GRE
> > > packet. The surrounding IP packet gets address translated just like any other
> > > traffic, in accordance with RFC 2663.
> > >
> > > This is the same way IPsec works, except that IPsec validates the source
> > > address on the encapsulating packet. Therefore you have to use IPsec NAT-T,
> > > per RFCs 3715, 3947, and 3948, and perform the encapsulation inside a UDP
> > > packet instead of GRE. That's all handled automatically by the stack in
> > > Windows.
> > >
> > > When you connect you get an address local to the remote network. That
> > > address is link-local to the VPN head-end and it will respond to ARP messages
> > > for that address. When it gets a request for that address it simply
> > > encapsulates the packet and ships it to you across the VPN.
> > >
> > > This stuff has worked for 10 years at least, longer if you count pre-cursor
> > > technologies like PPP. It's not exactly new technology.
> > > ---
> > > Your question may already be answered in Windows Vista Security:
> > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > >
> > >
> > > "JJ" wrote:
> > >
> > > > Well, how is it going to work over the Internet if the Vista PC doesn't have
> > > > a static and public IP address?
> > > >
> > > > Thx.
> > > >
> > > > "Jesper" wrote:
> > > >
> > > > > Yes.
> > > > > ---
> > > > > Your question may already be answered in Windows Vista Security:
> > > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > > >
> > > > >
> > > > > "JJ" wrote:
> > > > >
> > > > > > Can this work with Vista over the Internet?
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > > "Jesper" wrote:
> > > > > >
> > > > > > > PPTP is a perfectly acceptable VPN technology, although IPsec is a more
> > > > > > > common technology to use now. Both use encrypted connections (which is
> > > > > > > essentially the definition of VPN) and neither needs static addresses.
> > > > > > > ---
> > > > > > > Your question may already be answered in Windows Vista Security:
> > > > > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > > > > >
> > > > > > >
> > > > > > > "JJ" wrote:
> > > > > > >
> > > > > > > > Hi:
> > > > > > > >
> > > > > > > > I found an interesting article on the Web while searching for a VPN solution
> > > > > > > > that runs on Vista:
> > > > > > > > http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
> > > > > > > >
> > > > > > > > This solution is built into Vista. Is this secure? Does this use encrypted
> > > > > > > > connnections? And wouldn't I need a static and public IP address for the PC
> > > > > > > > running Vista for this to work?
> > > > > > > >
> > > > > > > > Thx.
> > > > > > > >
 
RE: Vista VPN

You actually can't work directly with the Vista box serving as the head-end
for the VPN. You can only access services exposed on the network behind it.
The VPN server itself becomes nothing more than a router. If you want to, say
use Remote Desktop to it from the Internet, you would need to first establish
the VPN from the machine on the Internet, then connect using RDP to a machine
behind the VPN server, and then connect inside that connection to the VPN
server. This is why using Vista as a VPN server is not really a recommended
scenario.

The biggest security issue with VPN is poor user credentials.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


"JJ" wrote:

> Great.
>
> However, once I set up Vista this way to function as a VPN server over the
> Internet, how do I access it from the client? Can I work with the Vista VPN
> server like I could with Remote Desktop?
>
> And are there any inherent security weaknesses in Vista if I set it up to
> function as a VPN server over the Internet?
>
> Thanks.
>
> "Jesper" wrote:
>
> > Aah, no, that was not clear. If you want to turn your workstation into a VPN
> > server then you need two things:
> > 1. A way to find the system. Dynamic DNS, like what you can get from
> > DynDNS.org, works well.
> > 2. A way to reach it. If the system is directly on the Internet with a
> > public address then you already have this. If your system is configured with
> > a non-routable address behind a NAT router you need to turn on port
> > forwarding on the NAT router. If you are using PPTP you need the router to
> > forward protocol 47 and TCP port 1723 to your computer.
> > ---
> > Your question may already be answered in Windows Vista Security:
> > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> >
> >
> > "JJ" wrote:
> >
> > > Hi:
> > >
> > > I don't think I've communicated my question right.
> > >
> > > Here's what I want to do:
> > > 1. Enable incoming connections on my Vista PC at home from Network & Sharing
> > > Center -> Manage Network Connections -> File -> New Incoming Connection.
> > > 2. Once I set that up, I would like to connect to this PC from my laptop
> > > over the Internet (how?)
> > >
> > > How do I address my Vista PC over the Internet? It either has to have a
> > > static and public IP address or a host name registered in the global DNS
> > > pointing to a static and public IP address or a simulated static and public
> > > IP address (through dynamic DNS).
> > >
> > > Please enlighten me.
> > >
> > > Thanks.
> > >
> > > "Jesper" wrote:
> > >
> > > > It will work the same way any other packet that goes through a network
> > > > address translator works (DHCP is entirely orthogonal to this issue). PPTP,
> > > > proposed in RFC 2637, simply encapsulates a TCP or UDP session in a GRE
> > > > packet. The surrounding IP packet gets address translated just like any other
> > > > traffic, in accordance with RFC 2663.
> > > >
> > > > This is the same way IPsec works, except that IPsec validates the source
> > > > address on the encapsulating packet. Therefore you have to use IPsec NAT-T,
> > > > per RFCs 3715, 3947, and 3948, and perform the encapsulation inside a UDP
> > > > packet instead of GRE. That's all handled automatically by the stack in
> > > > Windows.
> > > >
> > > > When you connect you get an address local to the remote network. That
> > > > address is link-local to the VPN head-end and it will respond to ARP messages
> > > > for that address. When it gets a request for that address it simply
> > > > encapsulates the packet and ships it to you across the VPN.
> > > >
> > > > This stuff has worked for 10 years at least, longer if you count pre-cursor
> > > > technologies like PPP. It's not exactly new technology.
> > > > ---
> > > > Your question may already be answered in Windows Vista Security:
> > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > >
> > > >
> > > > "JJ" wrote:
> > > >
> > > > > Well, how is it going to work over the Internet if the Vista PC doesn't have
> > > > > a static and public IP address?
> > > > >
> > > > > Thx.
> > > > >
> > > > > "Jesper" wrote:
> > > > >
> > > > > > Yes.
> > > > > > ---
> > > > > > Your question may already be answered in Windows Vista Security:
> > > > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > > > >
> > > > > >
> > > > > > "JJ" wrote:
> > > > > >
> > > > > > > Can this work with Vista over the Internet?
> > > > > > >
> > > > > > > Thanks.
> > > > > > >
> > > > > > > "Jesper" wrote:
> > > > > > >
> > > > > > > > PPTP is a perfectly acceptable VPN technology, although IPsec is a more
> > > > > > > > common technology to use now. Both use encrypted connections (which is
> > > > > > > > essentially the definition of VPN) and neither needs static addresses.
> > > > > > > > ---
> > > > > > > > Your question may already be answered in Windows Vista Security:
> > > > > > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > > > > > >
> > > > > > > >
> > > > > > > > "JJ" wrote:
> > > > > > > >
> > > > > > > > > Hi:
> > > > > > > > >
> > > > > > > > > I found an interesting article on the Web while searching for a VPN solution
> > > > > > > > > that runs on Vista:
> > > > > > > > > http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
> > > > > > > > >
> > > > > > > > > This solution is built into Vista. Is this secure? Does this use encrypted
> > > > > > > > > connnections? And wouldn't I need a static and public IP address for the PC
> > > > > > > > > running Vista for this to work?
> > > > > > > > >
> > > > > > > > > Thx.
> > > > > > > > >
 
RE: Vista VPN

Thanks. That answers my question.

I won't set up my Vista PC as a VPN server for exactly the reason that you
mentioned: poor user credentials.

JJ

"Jesper" wrote:

> You actually can't work directly with the Vista box serving as the head-end
> for the VPN. You can only access services exposed on the network behind it.
> The VPN server itself becomes nothing more than a router. If you want to, say
> use Remote Desktop to it from the Internet, you would need to first establish
> the VPN from the machine on the Internet, then connect using RDP to a machine
> behind the VPN server, and then connect inside that connection to the VPN
> server. This is why using Vista as a VPN server is not really a recommended
> scenario.
>
> The biggest security issue with VPN is poor user credentials.
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
>
>
> "JJ" wrote:
>
> > Great.
> >
> > However, once I set up Vista this way to function as a VPN server over the
> > Internet, how do I access it from the client? Can I work with the Vista VPN
> > server like I could with Remote Desktop?
> >
> > And are there any inherent security weaknesses in Vista if I set it up to
> > function as a VPN server over the Internet?
> >
> > Thanks.
> >
> > "Jesper" wrote:
> >
> > > Aah, no, that was not clear. If you want to turn your workstation into a VPN
> > > server then you need two things:
> > > 1. A way to find the system. Dynamic DNS, like what you can get from
> > > DynDNS.org, works well.
> > > 2. A way to reach it. If the system is directly on the Internet with a
> > > public address then you already have this. If your system is configured with
> > > a non-routable address behind a NAT router you need to turn on port
> > > forwarding on the NAT router. If you are using PPTP you need the router to
> > > forward protocol 47 and TCP port 1723 to your computer.
> > > ---
> > > Your question may already be answered in Windows Vista Security:
> > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > >
> > >
> > > "JJ" wrote:
> > >
> > > > Hi:
> > > >
> > > > I don't think I've communicated my question right.
> > > >
> > > > Here's what I want to do:
> > > > 1. Enable incoming connections on my Vista PC at home from Network & Sharing
> > > > Center -> Manage Network Connections -> File -> New Incoming Connection.
> > > > 2. Once I set that up, I would like to connect to this PC from my laptop
> > > > over the Internet (how?)
> > > >
> > > > How do I address my Vista PC over the Internet? It either has to have a
> > > > static and public IP address or a host name registered in the global DNS
> > > > pointing to a static and public IP address or a simulated static and public
> > > > IP address (through dynamic DNS).
> > > >
> > > > Please enlighten me.
> > > >
> > > > Thanks.
> > > >
> > > > "Jesper" wrote:
> > > >
> > > > > It will work the same way any other packet that goes through a network
> > > > > address translator works (DHCP is entirely orthogonal to this issue). PPTP,
> > > > > proposed in RFC 2637, simply encapsulates a TCP or UDP session in a GRE
> > > > > packet. The surrounding IP packet gets address translated just like any other
> > > > > traffic, in accordance with RFC 2663.
> > > > >
> > > > > This is the same way IPsec works, except that IPsec validates the source
> > > > > address on the encapsulating packet. Therefore you have to use IPsec NAT-T,
> > > > > per RFCs 3715, 3947, and 3948, and perform the encapsulation inside a UDP
> > > > > packet instead of GRE. That's all handled automatically by the stack in
> > > > > Windows.
> > > > >
> > > > > When you connect you get an address local to the remote network. That
> > > > > address is link-local to the VPN head-end and it will respond to ARP messages
> > > > > for that address. When it gets a request for that address it simply
> > > > > encapsulates the packet and ships it to you across the VPN.
> > > > >
> > > > > This stuff has worked for 10 years at least, longer if you count pre-cursor
> > > > > technologies like PPP. It's not exactly new technology.
> > > > > ---
> > > > > Your question may already be answered in Windows Vista Security:
> > > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > > >
> > > > >
> > > > > "JJ" wrote:
> > > > >
> > > > > > Well, how is it going to work over the Internet if the Vista PC doesn't have
> > > > > > a static and public IP address?
> > > > > >
> > > > > > Thx.
> > > > > >
> > > > > > "Jesper" wrote:
> > > > > >
> > > > > > > Yes.
> > > > > > > ---
> > > > > > > Your question may already be answered in Windows Vista Security:
> > > > > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > > > > >
> > > > > > >
> > > > > > > "JJ" wrote:
> > > > > > >
> > > > > > > > Can this work with Vista over the Internet?
> > > > > > > >
> > > > > > > > Thanks.
> > > > > > > >
> > > > > > > > "Jesper" wrote:
> > > > > > > >
> > > > > > > > > PPTP is a perfectly acceptable VPN technology, although IPsec is a more
> > > > > > > > > common technology to use now. Both use encrypted connections (which is
> > > > > > > > > essentially the definition of VPN) and neither needs static addresses.
> > > > > > > > > ---
> > > > > > > > > Your question may already be answered in Windows Vista Security:
> > > > > > > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > "JJ" wrote:
> > > > > > > > >
> > > > > > > > > > Hi:
> > > > > > > > > >
> > > > > > > > > > I found an interesting article on the Web while searching for a VPN solution
> > > > > > > > > > that runs on Vista:
> > > > > > > > > > http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
> > > > > > > > > >
> > > > > > > > > > This solution is built into Vista. Is this secure? Does this use encrypted
> > > > > > > > > > connnections? And wouldn't I need a static and public IP address for the PC
> > > > > > > > > > running Vista for this to work?
> > > > > > > > > >
> > > > > > > > > > Thx.
> > > > > > > > > >
 
RE: Vista VPN

:-)

So, what is your password? I'll need it to help you further. :-)

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


"JJ" wrote:

> Thanks. That answers my question.
>
> I won't set up my Vista PC as a VPN server for exactly the reason that you
> mentioned: poor user credentials.
>
> JJ
>
> "Jesper" wrote:
>
> > You actually can't work directly with the Vista box serving as the head-end
> > for the VPN. You can only access services exposed on the network behind it.
> > The VPN server itself becomes nothing more than a router. If you want to, say
> > use Remote Desktop to it from the Internet, you would need to first establish
> > the VPN from the machine on the Internet, then connect using RDP to a machine
> > behind the VPN server, and then connect inside that connection to the VPN
> > server. This is why using Vista as a VPN server is not really a recommended
> > scenario.
> >
> > The biggest security issue with VPN is poor user credentials.
> > ---
> > Your question may already be answered in Windows Vista Security:
> > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> >
> >
> > "JJ" wrote:
> >
> > > Great.
> > >
> > > However, once I set up Vista this way to function as a VPN server over the
> > > Internet, how do I access it from the client? Can I work with the Vista VPN
> > > server like I could with Remote Desktop?
> > >
> > > And are there any inherent security weaknesses in Vista if I set it up to
> > > function as a VPN server over the Internet?
> > >
> > > Thanks.
> > >
> > > "Jesper" wrote:
> > >
> > > > Aah, no, that was not clear. If you want to turn your workstation into a VPN
> > > > server then you need two things:
> > > > 1. A way to find the system. Dynamic DNS, like what you can get from
> > > > DynDNS.org, works well.
> > > > 2. A way to reach it. If the system is directly on the Internet with a
> > > > public address then you already have this. If your system is configured with
> > > > a non-routable address behind a NAT router you need to turn on port
> > > > forwarding on the NAT router. If you are using PPTP you need the router to
> > > > forward protocol 47 and TCP port 1723 to your computer.
> > > > ---
> > > > Your question may already be answered in Windows Vista Security:
> > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > >
> > > >
> > > > "JJ" wrote:
> > > >
> > > > > Hi:
> > > > >
> > > > > I don't think I've communicated my question right.
> > > > >
> > > > > Here's what I want to do:
> > > > > 1. Enable incoming connections on my Vista PC at home from Network & Sharing
> > > > > Center -> Manage Network Connections -> File -> New Incoming Connection.
> > > > > 2. Once I set that up, I would like to connect to this PC from my laptop
> > > > > over the Internet (how?)
> > > > >
> > > > > How do I address my Vista PC over the Internet? It either has to have a
> > > > > static and public IP address or a host name registered in the global DNS
> > > > > pointing to a static and public IP address or a simulated static and public
> > > > > IP address (through dynamic DNS).
> > > > >
> > > > > Please enlighten me.
> > > > >
> > > > > Thanks.
> > > > >
> > > > > "Jesper" wrote:
> > > > >
> > > > > > It will work the same way any other packet that goes through a network
> > > > > > address translator works (DHCP is entirely orthogonal to this issue). PPTP,
> > > > > > proposed in RFC 2637, simply encapsulates a TCP or UDP session in a GRE
> > > > > > packet. The surrounding IP packet gets address translated just like any other
> > > > > > traffic, in accordance with RFC 2663.
> > > > > >
> > > > > > This is the same way IPsec works, except that IPsec validates the source
> > > > > > address on the encapsulating packet. Therefore you have to use IPsec NAT-T,
> > > > > > per RFCs 3715, 3947, and 3948, and perform the encapsulation inside a UDP
> > > > > > packet instead of GRE. That's all handled automatically by the stack in
> > > > > > Windows.
> > > > > >
> > > > > > When you connect you get an address local to the remote network. That
> > > > > > address is link-local to the VPN head-end and it will respond to ARP messages
> > > > > > for that address. When it gets a request for that address it simply
> > > > > > encapsulates the packet and ships it to you across the VPN.
> > > > > >
> > > > > > This stuff has worked for 10 years at least, longer if you count pre-cursor
> > > > > > technologies like PPP. It's not exactly new technology.
> > > > > > ---
> > > > > > Your question may already be answered in Windows Vista Security:
> > > > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > > > >
> > > > > >
> > > > > > "JJ" wrote:
> > > > > >
> > > > > > > Well, how is it going to work over the Internet if the Vista PC doesn't have
> > > > > > > a static and public IP address?
> > > > > > >
> > > > > > > Thx.
> > > > > > >
> > > > > > > "Jesper" wrote:
> > > > > > >
> > > > > > > > Yes.
> > > > > > > > ---
> > > > > > > > Your question may already be answered in Windows Vista Security:
> > > > > > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > > > > > >
> > > > > > > >
> > > > > > > > "JJ" wrote:
> > > > > > > >
> > > > > > > > > Can this work with Vista over the Internet?
> > > > > > > > >
> > > > > > > > > Thanks.
> > > > > > > > >
> > > > > > > > > "Jesper" wrote:
> > > > > > > > >
> > > > > > > > > > PPTP is a perfectly acceptable VPN technology, although IPsec is a more
> > > > > > > > > > common technology to use now. Both use encrypted connections (which is
> > > > > > > > > > essentially the definition of VPN) and neither needs static addresses.
> > > > > > > > > > ---
> > > > > > > > > > Your question may already be answered in Windows Vista Security:
> > > > > > > > > > http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > "JJ" wrote:
> > > > > > > > > >
> > > > > > > > > > > Hi:
> > > > > > > > > > >
> > > > > > > > > > > I found an interesting article on the Web while searching for a VPN solution
> > > > > > > > > > > that runs on Vista:
> > > > > > > > > > > http://theillustratednetwork.mvps.org/Vista/PPTP/PPTPVPN.html
> > > > > > > > > > >
> > > > > > > > > > > This solution is built into Vista. Is this secure? Does this use encrypted
> > > > > > > > > > > connnections? And wouldn't I need a static and public IP address for the PC
> > > > > > > > > > > running Vista for this to work?
> > > > > > > > > > >
> > > > > > > > > > > Thx.
> > > > > > > > > > >
 
Back
Top