Virtual Private Network

Virtual Private Network

6.1 Introduction

VPN stands for Virtual Private Network. A VPN uses the Internet as it's transport mechanism, while maintaining the security of the data through authentication and encryption. The most common configuration is to have a single main internal network with remote nodes using VPN to gain full access to the central net. The remote nodes are commonly remote offices or employees working from home. You can also link two small (or large) networks to form an even larger single network.

Remote users are authenticated using either PPTP or IPSec protocols against a user/password list maintained in the Rainmail Server. To create a virtual private network connection across the Internet, you must first set up two Dial-Up Networking connections. One connection is for your Internet access provider (vsnl) , and the other is for your corporate network (vpn).

To see if your Windows machine is capable of making PPTP VPN call is go to My Computer > >Control Panel >> Network. Check and see if there is a device called Microsoft Virtual Private Networking Adapter. Another device under Network Adapter category should be found as well called Dial Up Adapter (VPN Support). If you have a modem in the machine, this device will be shown as Dial Up Adapter #2 (VPN Support). If those two devices are not found in the machine, then please download and install Microsoft Dial-Up Networking (DUN) 1.4. Or if you already have the latest Dial Up Networking which includes Virtual Private Networking then you may only need to Install the VPN Adapter.

To configure VPN to connect to your VPN server, go to the My Computer folder, then Dial Up Networking. Double click on "Make New Connection". There should already be icons in this folder which are for your existing connections to your ISP. If you don't already have any connections set up, you cannot use VPN.

6.2 Installing PPTP-VPN Dialer

To start with you will have to install a VPN dialer, configure it and then connect to the virtual private network via your VPN dialer. The instructions below allow your roaming users to connect to your PPTP VPN Server.

Click Start >> Settings>> Control Panel.
Double Click Network Icon to open the Network window.
Click the Configuration Tab, then click the Add button to open the Select Network Component Type window. Here, choose Adapter and click Add, to open the Select Network Adapters window.
Choose Microsoft from the Manufacturer's List Box and Network Adapter as Microsoft Virtual Private Networking Adapter from the list. Click OK.
Again, choose Adapter and click Add, to open the Select Network Component Type window.
Choose Microsoft from the Manufacturer's List Box and Network Adapter as Dial-Up Adapter. Click OK.
Wait for the System Settings Change dialog box to appear and click Yes to restart the machine and the settings to take effect.

Double Click MyComputer >>Dial-Up Networking>>Make a new Connection to open the New Connection window.
Enter vpn in the Type a name for the computer you are dialing text box and select device as Microsoft VPN Adapter. Click Next.
Enter VPN Server IP address in the Host name or IP Address field. This is the same as public IP address of Rainmail Server (in this example 203.199.245.254). Click Next.
Click Finish.
You will find a VPN Dial-Up Networking connection icon, the vpn dialer.

6.3 Configuring VPN Dialer

Right Click the vpn dialer and choose Properties.
In the Server Types Tab click TCP/IP Settings button to open the TCP/IP Settings window.
Choose Server assigned IP address and Server assigned name server addresses Option buttons. Click OK.

6.4 Connecting to VPN

Connect to your ISP first.
Then in the Dial-Up Networking window double click vpn connection icon.
Enter the User name and the Password and the VPN Server address.
Click Connect to get connected.

6.5 Testing VPN

To check if the connection is through, ping the connection or type ipconfig command in the command window.

Click Start >>Run .
In the Run dialog that appears, type in command and click OK.
In the command prompt enter ping <Private IP address of Rainmail Server> (in this example, 192.168.1.4). That will check if the basic network is set up right. If the network is configured properly, you will see output of the form "Reply from 192.168.1.4: bytes=32". If the connection was not successful, you will see an output of the form "Request timed out.".

6.6 Installing IPSEC-VPN Dialer for Windows98

Note:
To see if your Windows machine is capable of making IPSEC VPN call, go to My Computer > Control Panel > Network. Check and see if there is a device called Microsoft L2TP/IPSec VPN Adapter. Another device under Network Adapter category should be found as well called Dial Up Adapter (VPN Support). If you have a modem in the machine, this device will be shown as Dial Up Adapter #2 (VPN Support). If those two devices are not found in the machine, then please download and install Microsoft IPSec VPN Client for Windows 98. Or if you already have the latest Dial Up Networking which includes IPSEC Virtual Private Networking then you may only need to Install the VPN Adapter.
.

Double Click MyComputer >>Dial-Up Networking.
In the Dial-Up Networking window that opens click Make a New Connection to open the Make New Connection window.
Give the VPN connection a name. Here enter "vpnipsec" in the text box. In the Device box, set the device to Microsoft L2TP/IPSec VPN Adapter. Click on Next to continue.
Now enter the address of the VPN Server. This is the same as the public IP address of Rainmail Server (in this example 203.199.245.254). Click on Next to continue.
Your connection has been created. Click Finish.
You will find a VPN Dial-Up Networking connection icon, the vpnipsec dialer.
Now right click on your vpnipsec icon and select Properties .
Now click on the Server Types tab. Disable IPX/SPX Compatible and NetBEUI, then click on TCP/IP Settings.
In the TCP/IP Settings window ensure the settings match the picture below. Click on OK when you're done.
To configure your computer to use a pre-shared key,click Start, point to Programs, point to Microsoft IPSec VPN, and click Microsoft IPSec VPN Configuration .
1. Click Use a pre-shared key for IPSec authentication.
2. Type or paste the pre-shared key in Type or paste a pre-shared key in the box below, and click OK.
3. Although the pre-shared key appears in clear text as you type it in, it will appear only as asterisks after you click OK.
Connect to your ISP first.
Then in the Dial-Up Networking window double click vpnipsec connection icon.
To connect, in the User name field enter your user name. Now enter your password in the Password field. Depending on your company's security policy you may want to remove the tick on the Save Password checkbox. Click on the Connect button when ready.

6.7 Configuring Windows 2000 VPN Connection using Certificates

Create a IPSEC + Certificates MMC

Click on Start -> Run.
Enter in MMC in the text field and click OK.
Click on File (or Console) and select Add/Remove Snap-in.
Click on Add...
Click on Certificates, then select Add.
Select Computer Account and click on Next.
Select Local computer and click on Finish.
Scroll down to and click on IP Security Policy Management then click on Add.
Select Local Computer and click on Finish.
Click Close.
Click on OK.

Add the certificate

Click the plus arrow by Certificates (Local Computer)
Right-click Personal and click All Tasks then Import...
Click Next.
Type in the path to the .p12 file (or browse and select the file), and click Next.
Type the export password, and click Next.
Select Automatically select the certificate store based on the type of certificate and click Next.
Click Finish, and say yes to any prompts that pop up.
Click Ok.
Save the current configuration as a file so you don't have to re-add the Snap Ins each time.
Use the default name click Save.
Exit MMC.

6.8 Configuring Windows XP VPN Connection

Click Start -> Programs -> Accessories -> Communications
Start the "New Connection Wizard".
Click Next.
Select Connect to the network at my workplace.
Select Virtual Private Network connection.
Enter a name for this connection.
Enter the (external) IP address or hostname of your Linux server.
Select either "do not dial" or "automatically dial" the initial connection.
Complete the Connection Wizard.
A "Connect To..." window will pop up. Click Properties.
Verify the settings in the Generaltab. You entered these in the previous steps.
Now select the Options tab.
Select the "Security" tab. You will have to disable L2TP/PPP encryption . There are two different ways of doing this:
1. Uncheck "Require data encryption".
2. Or you could select "Advanced (custom settings)"
3. and then add CHAP to the allowed protocols.
4. Set data encryption to Optional.
5. Then click OK.
While still on the "Security" tab, click "IPsec Settings".
1. Check Use pre-shared key for authentication.
2. Enter the PSK (pre-shared key) for this user.
3. This is the same PSK associated with the client's fixed IP address in /etc/ipsec.secrets on the Linux server
4. Click OK.
Select the Networking tab.
1. Change the type of VPN to "L2TP IPSec VPN".
2. Click OK.
Select the Advanced tab.
You're back at the "Connect To..." window.

Enter the username and password .
Click Connect.