EDITED
Server 2003, simple network, no domain. Basically a file server.
Our IPs are assigned via DHCP from the router.
I've set things up server-side, but now I'm trying to get remote laptops connected.
I created a new VPN connection (XP Pro), but should we be entering the IP of our actual internet service address, or the IP of our server? The former never gets as a connection; using the latter we login right away but then cannot access network resources.
Also, our router doesn't appear to have specific VPN settings. Should we be using port forwarding then? Netgear's site says ports 500 and 1723 should be used for PPTP, which I've tried setting up under forwarding but nothing seems to work.
VPN setup
I would just use VPN services on the 2003 server. Its really easy to setup. I think I have a post about it somewhere around here. You need to forward the following ports: 1723, 47
when you log in from a remote location you need to use the ip address on the WAN side. If your router/firewall supports dynamic DNS, I recommend setting that up especially if your IP on the wan side is not static.
Also make sure the users account is enabled for remote log in.
when you log in from a remote location you need to use the ip address on the WAN side. If your router/firewall supports dynamic DNS, I recommend setting that up especially if your IP on the wan side is not static.
Also make sure the users account is enabled for remote log in.
Zilog B wrote:Loading the dishwasher at brembo's house means bringing the fiancee a sixpack home.
-
mnosteele52
- Posts: 11913
- Joined: Tue Jul 24, 2001 12:00 pm
- Location: Chesapeake, VA
What VPN software are you using?
If you haven't installed any software yet, I would suggest trying Gbridge, it's free, secure and fast.
If you haven't installed any software yet, I would suggest trying Gbridge, it's free, secure and fast.
-
YeOldeStonecat
- SG VIP
- Posts: 51171
- Joined: Mon Jan 15, 2001 12:00 pm
- Location: Somewhere along the shoreline in New England
VPN can be utilized several different ways.
First thing to realize...is that the VPN tunnel between 2x points will be a bit slower than the weakest link. With broadband, you have asymmetrical speeds. Download is faster, upload is slower. Lets say the main office has a 6,000/384 connection, and the remote user has a 3,000/128 connection at home. The tunnel will effectively be able to only transfer 384 from office to home, and 128 back to the office. A bit less actually...thanks to overhead 'n netbios traffic 'n such.
Summary:VPN tunnels are sloooooow. Browsing and opening files on shares from the server are tedious at best.
Running applications through a VPN tunnel are even more difficult. If you intend on VPN'ing to the office..launching Quickbooks (which you installed on your home computer) and opening up the company books stored on the server....forget about it.
If you have a very fast connection at the office..and at home...some very light programs may run tolerably for you.
Enter a more common method of using a VPN...to remote desktop to your workstation at the office....or..to a terminal server you have at the office. I'll take it a terminal server is probably out of the budget. You can enable remote desktop on each end users workstation at the office. You'll want to make sure their workstations get the same internal IP address all the time, so that they can be called up by the home users. With most routers these days..easily done through a feature called "Reservations". You'll see that under DHCP management on the router...we can visit this later in more detail if you take this approach.
The nice thing about remote desktop computing...you "see" the desktop of your office workstation, all programs are run from that workstation, only the video output and keyboard strokes are transmitted through remote desktop. Remote desktop client uses very little bandwidth..so it runs well through the VPN tunnel. You can launch your ProFX or CBS software or Quickbooks on the workstation at the office..and they run smoothly...because they access your data on the server through your offices fast LAN. Take Burkes workstation, have it assigned the same IP address every day..192.168.1.105. Setup the VPN for Burke. Burke goes home, sets up his VPN dialer to the office...once connected, Burke launches his Remote Desktop Connection client..connecting to 192.168.1.105..logs onto his workstation at the office...and basically it's like he's sitting right in front of his workstation at the office.
"What does the VPN"? IMO...best done from a dedicated appliance, such as a business grade broadband router. Most home grade routers don't support being the VPN server. I'm not fond of using Windows built in VPN service as a host (exposing that through the firewall)...especially on your one and only server.
One note about VPN, it doesn't like mixing IP ranges on both sides of the coin. If your office is setup 192.168.0.xxx or 192.168.1.xxx...and many home grade routers default to that, users on the same IP range won't be able to VPN in until you change their home router setups (or change your offices IP setup). Tis why I build clients networks on different IP ranges to start with...figuring at some point down the road home users may want to VPN in.
Don't want the hassles of purchasing a new router if your current one doesn't support VPN hosting, and setting up static IPs too much of a pain? And dealing with setting up remote users with the VPN and training them? Enter another option for you.
Business account of GoToMyPC or LogMeIn. Purchase however many licenses you need...it's a small host that gets installed on the workstations at the office. No VPN needed, the employees go home...point their web browser to gotomypc or logmeins website....enter their username and password, they see their office computer as available to connect to..and they log into it again...and blammo...you're looking at the desktop of your office computer. With "almost as smooth as" remote desktop experience.
For a smaller office without a business network infrastructure...the last suggestion above would be my recommendation. If you wish to take the VPN and remote desktop approach, glad to help.
First thing to realize...is that the VPN tunnel between 2x points will be a bit slower than the weakest link. With broadband, you have asymmetrical speeds. Download is faster, upload is slower. Lets say the main office has a 6,000/384 connection, and the remote user has a 3,000/128 connection at home. The tunnel will effectively be able to only transfer 384 from office to home, and 128 back to the office. A bit less actually...thanks to overhead 'n netbios traffic 'n such.
Summary:VPN tunnels are sloooooow. Browsing and opening files on shares from the server are tedious at best.
Running applications through a VPN tunnel are even more difficult. If you intend on VPN'ing to the office..launching Quickbooks (which you installed on your home computer) and opening up the company books stored on the server....forget about it.
If you have a very fast connection at the office..and at home...some very light programs may run tolerably for you.
Enter a more common method of using a VPN...to remote desktop to your workstation at the office....or..to a terminal server you have at the office. I'll take it a terminal server is probably out of the budget. You can enable remote desktop on each end users workstation at the office. You'll want to make sure their workstations get the same internal IP address all the time, so that they can be called up by the home users. With most routers these days..easily done through a feature called "Reservations". You'll see that under DHCP management on the router...we can visit this later in more detail if you take this approach.
The nice thing about remote desktop computing...you "see" the desktop of your office workstation, all programs are run from that workstation, only the video output and keyboard strokes are transmitted through remote desktop. Remote desktop client uses very little bandwidth..so it runs well through the VPN tunnel. You can launch your ProFX or CBS software or Quickbooks on the workstation at the office..and they run smoothly...because they access your data on the server through your offices fast LAN. Take Burkes workstation, have it assigned the same IP address every day..192.168.1.105. Setup the VPN for Burke. Burke goes home, sets up his VPN dialer to the office...once connected, Burke launches his Remote Desktop Connection client..connecting to 192.168.1.105..logs onto his workstation at the office...and basically it's like he's sitting right in front of his workstation at the office.
"What does the VPN"? IMO...best done from a dedicated appliance, such as a business grade broadband router. Most home grade routers don't support being the VPN server. I'm not fond of using Windows built in VPN service as a host (exposing that through the firewall)...especially on your one and only server.
One note about VPN, it doesn't like mixing IP ranges on both sides of the coin. If your office is setup 192.168.0.xxx or 192.168.1.xxx...and many home grade routers default to that, users on the same IP range won't be able to VPN in until you change their home router setups (or change your offices IP setup). Tis why I build clients networks on different IP ranges to start with...figuring at some point down the road home users may want to VPN in.
Don't want the hassles of purchasing a new router if your current one doesn't support VPN hosting, and setting up static IPs too much of a pain? And dealing with setting up remote users with the VPN and training them? Enter another option for you.
Business account of GoToMyPC or LogMeIn. Purchase however many licenses you need...it's a small host that gets installed on the workstations at the office. No VPN needed, the employees go home...point their web browser to gotomypc or logmeins website....enter their username and password, they see their office computer as available to connect to..and they log into it again...and blammo...you're looking at the desktop of your office computer. With "almost as smooth as" remote desktop experience.
For a smaller office without a business network infrastructure...the last suggestion above would be my recommendation. If you wish to take the VPN and remote desktop approach, glad to help.
MORNING WOOD Lumber Company
Guinness for Strength!!!
Guinness for Strength!!!
-
YeOldeStonecat
- SG VIP
- Posts: 51171
- Joined: Mon Jan 15, 2001 12:00 pm
- Location: Somewhere along the shoreline in New England
Just port 1723. The "47" you see regarding PPTP VPN traffic and firewalls is a actually "IP type 47 GRE"....it's a type of IP, not port. Basically it sums up to VPN passthrough when combined with NAT. PPTP VPN does not like NAT, so the checkbox commonly seen for VPN passthrough allows IP type 47 to pass through NAT unmolested.nightowl wrote: You need to forward the following ports: 1723, 47.
MORNING WOOD Lumber Company
Guinness for Strength!!!
Guinness for Strength!!!
No "IT budget" for any business-class upgrades in terms of firewall or router, so the best option of our small office is Stonecat's last suggestion. I set up a trial of LogMeIn (price was more palatable to the bosses) and it's just what we need.
The only thing is I'm trying to figure out how to access a mapped drive in the File Manager portion of it.
The only thing is I'm trying to figure out how to access a mapped drive in the File Manager portion of it.
-
YeOldeStonecat
- SG VIP
- Posts: 51171
- Joined: Mon Jan 15, 2001 12:00 pm
- Location: Somewhere along the shoreline in New England
Yeah, but the Remote Control portion is a bit slow and choppy. The direct File Manager is perfect, very fast, but when I select the mapped drive from the drop-down list it tells me the resource is unavailable.YeOldeStonecat wrote:Just open up the My Computer of the host PC you're remoted into. Basically...pretend you're sitting in front of your office PC.
-
YeOldeStonecat
- SG VIP
- Posts: 51171
- Joined: Mon Jan 15, 2001 12:00 pm
- Location: Somewhere along the shoreline in New England
For the most part, but we're opening a new office in Ft. Smith and will need access to the server here so that all the work done there can be transferred, and when we need to look at other reports and all that that they are readily available. Also, bosses want to be able to access their personal PCs too, so LogMeIn is a great way for them to do that.YeOldeStonecat wrote:Are you basically looking to copy something like Excel sheets home to work on?
Up until now e-mailing has been sufficient. An FTP is kinda scary to them, so a more "Windows" like experience will guarantee the most success.
-
YeOldeStonecat
- SG VIP
- Posts: 51171
- Joined: Mon Jan 15, 2001 12:00 pm
- Location: Somewhere along the shoreline in New England
Are these "reports" in MS Office style? Or prepared in other programs?
A consideration to help make a "snappier" remote desktop experience....would they consider upgrading the internet connection at the office? It's surprising how much more responsive remote desktop becomes when you upgrade your office say..from a 6,000/384 DSL connection to a 10,000/1,000 cable pipe. Granted you said "No IT budget"...but something like this, say 15-20 bucks more per month (if that..depending on your ISPs in your area), may be worth it.
A consideration to help make a "snappier" remote desktop experience....would they consider upgrading the internet connection at the office? It's surprising how much more responsive remote desktop becomes when you upgrade your office say..from a 6,000/384 DSL connection to a 10,000/1,000 cable pipe. Granted you said "No IT budget"...but something like this, say 15-20 bucks more per month (if that..depending on your ISPs in your area), may be worth it.
MORNING WOOD Lumber Company
Guinness for Strength!!!
Guinness for Strength!!!