I'm running a desktop with XP SP1, and a laptop with XP SP2. Both computers are connected to my Netgear wireless router, each computer has it's own firewall. I'm trying to use the laptop to connect to the desktop from anywhere. This is what I've done so far.

1. Setup remote desktop. At home, I can use the laptop to take control of the desktop.

2. Setup VPN connection on the laptop. I want to go the library, connect to their wireless network to access the internet (the library's networks are not properly protected :cheers: ), use the VPN to tunnel to my network, and use remote desktop to take control of the desktop computer.

Problem: I can't connect when I use the VPN connection at the library. To paraphrase the error message, it say's it can't connect to the VPN server. XP help says as long as I have the remote routing services enabled, it should be all good. so, I don't know what to do next. Here's some things I tried:

1. Logged into the router and enabled DMZ server. No dice.
2. Enabled remote management. This only let's you log into the router to change the settings from anywhere.

Any suggestions? Maybe it can't be done without a true network?

i dont think xp can act as a vpn server, but I may be wrong.

i was wrong:
http://www.onecomputerguy.com/networking/xp_vpn_server.htm

The router will kill an inbound VPN connection, since it's a one to many route (i.e., one live IP address can route to many different machines on your internal network).

You either need a dedicated IP address for your PC, or you can also go through some very long & complicated setups on your router & within VPN networking on XP to get it running.

i dont think xp can act as a vpn server, but I may be wrong.

i was wrong:
http://www.onecomputerguy.com/networking/xp_vpn_server.htm

It can be good to be wrong. :) Thanks. I kind of thought the option to do that was buried in there somewhere, but was too lazy to check.

If you have the dough, the easiest way is to get a router with VPN Access ie Linksys wireless VPN router
http://www.linksys.com/products/product.asp?grid=33&scid=35&prid=565

This may be too expensive and out of the question, but it is much easier.

Otherwise go the XP route suggested above, although it is very complicated and depends on the network you are on allowing that type of traffic.

If you work at a place that has an IT dept, talk to your firewall guy, they always have the best tricks.

Thanks guys. Jeffbx, as you say, setting up the port forwarding and passthrough is a pain, I don't know if I can figure it out. I'm self-employed, so YOU guys are my IT :) . Anyways, back to troubleshooting... :dead:

watchguard soho6. replace your router with it. i love those things

watchguard soho6. replace your router with it. i love those things

They're 250 and up. Are they good enough so that I can disable the firewall on each computer?

Yup - that's what I use at home & I don't run a software firewall anymore. They are REAL pricey, tho - the unit itself is $250, and then the software to upgrade to VPN is another $279. You might have to buy licenses on top of that as well for another $160 - I don't know for sure.

Another option is to look for an older unit on ebay - look for the Watchguard SOHO, the Webramp 700s, Netscreen 5XT, Sonicwall SOHO - there are a ton of them out there. Just make sure you find one with the VPN upgrade already installed!

I'm not sure about the netgear router, but it should not be too hard to set up NAT with the proper rules to allow VPN to the desktop computer. I have done it on a friends cheap-o d-link and on my SMC... it took me 5 minutes.

Paraphrasing, this is what you need to do: First you need to give the workstation a static IP address. Then you have to enable NAT and forward inbound VPN to that static IP. If the router has a pre-defined rule for VPN, then use that. If it does not, it is port 1723 TCP. (WinXP uses PPTP, so this is the port it uses.) GRE also needs to be enabled but that is likely not even something you can explicitly define on that router so do not worry about that. Good luck!

Note, if that does not work and you have the option to specify TCP and/or UDP, try port 1723 TCP/UDP. I am pretty sure Windows VPN uses TCP only though so you should be good.

Thanks, I got it to work but it's useless for what I want to do. You see, I want to be able to control the desktop, but by using the desktop as a VPN server, I've already "connected to the console", so I can't connect again via remote desktop. That's my understanding anyway.

Jeffbx, didn't you post a deal for the Webramp awhile ago? They were closing it out or something. I should have picked up one.

Thanks, I got it to work but it's useless for what I want to do. You see, I want to be able to control the desktop, but by using the desktop as a VPN server, I've already "connected to the console", so I can't connect again via remote desktop. That's my understanding anyway.

Hmmm... it should work anyway. If remote desktop does not, try using VNC. You may also have to reference the destination machine by IP address...
VNC: http://www.realvnc.com/

forget vpn'ing.

just do the NAT on the router. it's real easy.

go to your desktop, and grab the ip address.

go to your router, find the NAT page on the website, and enter in the ipaddress with TCP and 3389 port.

then try remote desktop-ing using the ipaddress given to you by your isp. don't know how to figure it out?
http://www.whatismyip.com/

that's what the outside world sees you as....

so, when you're at another computer (you can test it with your laptop), use that ipaddress for the RDC, and see if it gets you to your desktop.

(Btw, for vnc, you have to open up ports 5500, 5800, 5900)

If you are using good passwords and have done some basic security 'hardening' just port forward the RDC port to your PC and remote desktop straight in.

The port is 3389. I have done this at home and use it all the time. I periodically see people trying to log into it. I don't allow anonymous users to query user lists and I have accounts set to disable after 3 failed login attempts. I haven't had any break-ins. I also renamed the administrator account.. There is some risk to it, but there's risks involved in allowing VPN connections too. XP and 2000 server also have the web-based RDC.. you need to open port 80 and 3389 to use it, but then you can connect in from just about anywhere.

[Edit]
Attgig beat me to it..

Jeffbx, didn't you post a deal for the Webramp awhile ago? They were closing it out or something. I should have picked up one.

Yeah, there are still some floating around out there - try ebay... there's at least one of them up there now.

http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&category=64022&item=5718193044&rd=1

I gave mine to a friend - I should see if he's still using it.

Cool, I think I got it now with the NAT. I disabled the built in Admin account, and set it only to allow the Power user account to log in. I think that should take care of everything. Now, if I can bring myself to buy one of those webramp thingies...but I just spent 1K on a laptop... :|

Tracked it down! No one's using my old webramp 700s anymore, so I'm selling it on ebay. See http://www.gotapex.com/forums/showthread.php?p=748544 for details.