WinXP's VPN: No idea what I'm doing...

[CZroe]

I used the connection wizzard to start a VPN server on my XP box. I have a cable modem and a hub that will lease me one real "outside" IP address for every device I connect (I guess my cable co has something misconfigured, eh?). I threw in 3 network cards and a USB NIC (Which fried my PSU but that's a different story) and connected them all to the hub and they all leased an IP address and were all able to connect to the Internet. When I initiate the VPN connection with myself or from another PC the PC the connection can no longer browse the web and such.

What I'm trying to do is connect to my PC from another Internet connection using VPN and gain a connection to the Internet through it with an outside IP address from where ever I might be able to access it. I know this is possible because my friend's cable co puts all its users behind a firewalled network using NAT and then sells outside IP addresses via VPN for an extra $10. I intend to use it because my connection from work and its security settings make it nearly impossible to connect to any IRC channel or FTP server, but I can connect to my VPN at home. PC Anywhere is allowed, this just makes it where I won't have to watch a lagged, remote-controled screen.

What's next? I know nothing of course.

 

[JustinLerner]

With builtin Microsoft software, functions and utilities, XP Professional or Home is not able to function as a VPN server. XP Pro/Home is only able to function as a VPN client. See the other recent post on VPN's.

----

See also the following:
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q314076

 

[CZroe]

Then why does it let me start one and connect to it?
I can obviously do something with that can't I?!

 

[JustinLerner]

So it allows you to start a VPN Server service or VPN client from RRAS?
Well, if it says it's a "VPN Server service", and this is what you want to do, then go ahead and do it, but it will be more complex.

Read the following to setup a VPN client to your workplace:
http://support.microsoft.com/view/tn.asp?kb=305550

Regular internet access to the WWW from a PC should be blocked as long as a VPN connection is maintained over the internet on the same PC to some VPN server.

A little confused by some of your first post, "I intend to use it [your friends ISP VPN access?] because my connection from work and its security settings make it nearly impossible to connect to any IRC channel or FTP server, but I can connect to my VPN at home [I guess one is already running properly?]. PC Anywhere is allowed [at work or your friends VPN ISP?], this just makes it where I won't have to watch a lagged, remote-controled screen [from work?]." This doesn't make sense to me.

 

[CZroe]

I intend to use it through my own server.
1) It can lease multiple IPs through my home connection
2) My friend's VPN account doesn't work unless you're on his cable co's private network of cable modem users
The one at home isn't running properly, because I haven't configured it to do anything but allow me to log in (That's the only option it gives me!). I can log in remotely or locally, and have tried it from other locations. It just doesn't seem to do anything but cut off my access to the web
PC Anywhere is allowed at work. My friend's ISP was just an example of what I want to set up for myself. His setup isn't part of anything I'm trying to do at all
In other words, instead of connecting to my home computer through PC Anywhere and using my home computer to do what I can't do from work, I can connect my laptop at work directly to the Internet by leasing an outside IP from my home PC. PC Anywhere's remote control is slow, laggy and transfers way more data than just the raw connection I need.

Tanks for your help!

BTW, for the VPN options in XP Pro:
Control Panel> Network Connections>"Create a new connection">NEXT>"Set up an advanced connection">"Accept incoming connections"> and so on

 

[JustinLerner]

If the RRAS VPN service can accept incoming connections (VPN), then it must have basic VPN capability. (Maybe like the 'basic' capability that ICS has to perform DHCP).

Yes, you can obtain multiple IP addresses from your ISP for your home use.

Your enthusiasm is great, but your concept has some flaws and potential dangers.
"In other words, instead of connecting to my home computer through PC Anywhere and using my home computer to do what I can't do from work, I can connect my laptop at work directly to the Internet by leasing an outside IP from my home PC. PC Anywhere's remote control is slow, laggy and transfers way more data than just the raw connection I need."

DANGER: Why can't you do your work from work? If your company uses an internal VPN (intranet) for extra security and you try to bypass this so you have simultaneous access to the internet and secured company VPN intranet resources this is immediate grounds for dismissal in many companies. I hope you read this, because I warned you. EXTREME DANGER AHEAD.

If you connect your laptop at work to the Internet, are you using your company LAN to access the internet or a modem? If you are using the LAN, then your NIC already has an IP address and cannot accept another address except from the local, intranet DHCP server.
If you setup a temporaty VPN from your work laptop (while at work) to your home PC, then your laptop cannot access any other network resources at work while the VPN connection is maintained. [Nifty security feature, huh?]
If your are directly dialing into your PC, via the laptop modem, then the modem can obtain an assigned or dynamic or 'leased' IP address from your home PC. But can your home RAS service assign a public IP address in the range assigned by your ISP or only a specific range of private IP addresses for RAS?
What is the benefit? IF connect to your home PC via the dial-up RAS, then you gain 33.6K modem to modem speed to your resources at home. If your laptop is part of the work domain and your home PC is not, you may still have problems accessing resources while using RAS dial-up.

Talk to your work admins about simultaneous Internet access while connected to work resources.

 

[CZroe]

Been away for a little while

"Why can't you do your work from work?"
Because it's not really work. I'm a security guard that works nights when the entire building is totally empty. They have no problem letting me get my laptop online while I watch cameras from the security desk all night.

"If your company uses an internal VPN (intranet) for extra security and you try to bypass this so you have simultaneous access to the internet and secured company VPN intranet resources this is immediate grounds for dismissal in many companies."
All they use is NAT, a proxy filter and a firewall, nothing more. However, IRC servers are picky about which hosts they allow, and the proxy filter filters sites that I should be able to access (Seeing as how I am not a company employee). I don't need "simultaneous" access, and would prefer it not to be that way. This is probably more secure than PC Anywhere, which they do allow, correct? Anyone can just plug into a cable and be on the network, so it's not very secure to begin with.

"If you are using the LAN, then your NIC already has an IP address and cannot accept another address except from the local, intranet DHCP server."
Yes, it's through a LAN and the NIC will already have an IP address for the LAN. But as I understand it, the virtual device, the "VPN Adapter" will lease the IP. This is how it is done on my friend's computer with his ISP. Shows up as an entirely different device with its own IP address and everything under IPCONFIG. Binding TCP/IP to it and setting it as the default TCP/IP connection should be all I need on that end. Right?

"But can your home RAS service assign a public IP address in the range assigned by your ISP or only a specific range of private IP addresses for RAS?"
I don't know anything about configuring any of that (I've never even set up a DHCP server! ). All I know is that my friend is able to get a real outside IP address through VPN with his ISP and because my computer can lease multiple IP addresses, I should be able to pass on one of them to my VPN connection. I'm not worried about assigning a specific IP address. If I have 3 NICs in there connected to my cable modem I have 3 IP addresses. I have been told it is possible to assign the IP address from one of the NICs to a remote VPN connection just like my friend is doing, but I have no idea what's next.

"What is the benefit? IF connect to your home PC via the dial-up RAS, then you gain 33.6K modem to modem speed to your resources at home."
It will be connecting using the NIC to my home PC through the Internet using one if it's three IP addresses. Much like my friend connects through his cable co's already Internet-connected network to their VPN server and it leases him an outside IP. It will still have 2 more outside IP addresses with which to gain Internet access. and can hopefully lease one of the IP addresses to my VPN connection. The drawback will be falling back to cable modem speeds, but I will be able to access the resources that I can not normally access at work. It's not that most things are blocked there, it's just that most things other than web browsing just plain don't work! They only block SMTP/POP, and filter web sites using the proxy, but that doesn't even touch the connection troubles I've had from there.

Thanks for the help!