VPN setup for Dynamic and Static!

[Blammo300]

I need to setup a VPN between an Ofiice with Static DSL connected to a home which has Dynamic DSL.


I currently have a VPN setup here at the office connecting our 2 offices together which are both using Static lines.

Is there anything I need to do diffrently to connect Static to Dynamic.

 

[RebateMonger]

In most cases, people just set up a client-to-server VPN when coming from home. You use a software VPN client on the home PC and connect with a VPN server at the office. When done this way, there's no need for additional hardware at the home. The type of IP address assignment at the home would make no difference.

 

[Blammo300]

There is already a Linksys VPN router at the house. Would software still be better?

 

[blemoine]

Client - Server vpn setup will be alot easier. unless you require a constant connection between home and office.

 

[spidey07]

agree on doing the client server thing. MUCH simpler.

normally you only do lan-2-lan tunnels when you truly need a lan-2-lan type of connection. And even then there are ways to do it with dynamic addressing depending on the equipment used.

 

[ColKurtz]

Install Hamachi. It's a peer to peer secure VPN app, so every Hamachi computer is both a client and a server. You don't need a VPN router and you don't need to leave any ports open. It's also free. It freakin' rocks.

If/when you install it, if possible install it at the same time on different computers. Hamachi will assign you a permanent address, and if you run the install concurrently you'll have concurrent (or close, at least) IP addresses. Easier to remember that way.

 

[Blammo300]

How do I access the built in Client VPN?? It isnt the Remote Desktop Connection is it?

 

[blemoine]

network connections --> create new connection --> connect to my workplace --> vpn
fill in the static ip of the vpn server. you should be able to follow the bouncing ball from here.

 

[Blammo300]

How to configure a W2K/XP as VPN client
How to configure a W2K/XP as VPN client
To connect to a VPN server, you should have a dail-in modem or a dedicated connection to the Internet. To setup a XP client to access the VPN host, go to the Properties of My Network Places>Create a New Connections>Connect to the network at my workplace>Virtual Private Network connection. Type Computer that will be showed as connection name in VPN section, select Do not dial the initial connection and then type the VPN host IP. You have two options to create this connection for anyone or for yourself.

Would I have to change anything on our VPN server here if I follow these directions for the client comp?

 

[RebateMonger]

Originally posted by: Blammo300
Would I have to change anything on our VPN server here if I follow these directions for the client comp?

You still haven't told us what the VPN server at work is. Hardware VPN router, Linux Firewall with VPN server, or Windows Server?

Whatever the VPN server is, it needs to be told to allow you to connect to it. How you do that will depend on what type of server it is.

 

[Blammo300]

We are running Windows 2000 Server with Linksys VPN Router. We already have 1 active tunnel which everyone connects through using Remote Desktop. We have 2 offices which are seperated by a street.

We are trying to open a 2nd tunnel from the Windows Server 2000 to a home user. The home user also has a VPN router.

I tried setting up a tunnel but it is not connecting... Is it because I am entering a Dynamic IP for Remote Security Gateway on the Server Router?

 

[Goosemaster]

Originally posted by: ColKurtz
Install Hamachi. It's a peer to peer secure VPN app, so every Hamachi computer is both a client and a server. You don't need a VPN router and you don't need to leave any ports open. It's also free. It freakin' rocks.

If/when you install it, if possible install it at the same time on different computers. Hamachi will assign you a permanent address, and if you run the install concurrently you'll have concurrent (or close, at least) IP addresses. Easier to remember that way.

If anything, love it more for it's ability to use NAT-T.

 

[Blammo300]

Anybody have a clue on why this isnt working?

 

[RebateMonger]

If you are going to allow a VPN link to somebody's home, then be sure you can trust the home user to not allow spouse and kids to use his/her computer. If it gets a worm, virus, or other malware, it'll be directly on your office network.

 

[Aarondeep]

You also need to specify agressive mode for the VPN endpoint (linksys)

 

[ddeder]

If you have a dynamic IP address at home you can use a dynamic DNS Service such as the one found here to create a static hostname based on your dynamic IP address. In other words, the hostname is associated with your IP address automatically no matter how many times your IP address changes.

Once you have the static hostname, it is a simple matter to configure both VPN routers to use the hostname instead of the IP address.

Make sure the initiating VPN router is set to aggressive mode.

 

[spidey07]

I'll bite.

WTH is agressive mode?

 

[spidey07]

Originally posted by: RebateMonger
If you are going to allow a VPN link to somebody's home, then be sure you can trust the home user to not allow spouse and kids to use his/her computer. If it gets a worm, virus, or other malware, it'll be directly on your office network.

exactly why you don't trust lan-2-lan VPNs with networks you don't trust.

For clients to connect to VPNs I've always recommended enforcing a personal firewall policy, managed and dictated by the head end. If you're not running it and don't have the policy then you don't connect.

 

[ddeder]

-------------------------------
WTH is agressive mode?
--------------------------------

It's a setting on the router. One of the routers has to be in aggressive mode to initiate the tunnelling.

 

[spidey07]

Originally posted by: ddeder
-------------------------------
WTH is agressive mode?
--------------------------------

It's a setting on the router. One of the routers has to be in aggressive mode to initiate the tunnelling.

I still need to know what the hell this "aggresive mode" is.

 

[RebateMonger]

Originally posted by: spidey07
I still need to know what the hell this "aggresive mode" is.

The opposite of "wimpy mode"?

 

[randal]

Originally posted by: ddeder
-------------------------------
WTH is agressive mode?
--------------------------------

It's a setting on the router. One of the routers has to be in aggressive mode to initiate the tunnelling.

mmm, sorta. aggressive mode is where the initiating vpn endpoint signals all the IKE encryption & identity stuffs in the first few packets instead of building a secure channel and then sending all of it through there. It makes building the connection quite a bit faster, but it is - theoretically - less secure as you can sniff the keys and such on the wire.