VPN

[Matthew]

I need to setup a VPN from one pc to mine. At the moment it will be direct to this pc but when I have finished building it, it will be to a Windows 2000 or 2003 server box.

My question is what ports on the router do I need to open for this?

---------- Post added at 21:59 ---------- Previous post was at 21:41 ----------

Just had a play on the local LAN with a virtual pc, do I need a machine with 2 NICs in for the internet to work?

[handyman]

Try vnc.

I have a good version here http:www.mlweb.co.uk/software/

Remember to set a good password though.

[Matthew]

I'm not after a remote desktop, I already use LogMeIn for that, I am after setting up at VPN connection.

[Aragorn]

Do you mean an 'ssh tunnel' VPN or a 'proper' IPSec based VPN?

If you are using an SSH tunnel, the SSH server is listening on port 22.

Is this for connecting to your home network? If so, a linux system might be a better SSH bridgehead as it will have sshd running as standard and has iptables to stop undesirables getting in.

Edit -
For an IPSec VPN, you would need UDP 500 (and poss 4500) and TCP 50.

[Matthew]

Basically I have my home setup here with several pcs and a server and one or two others dotted around, some with routers, some just standalone with a broadband connection.

I am looking to setup a way that one or two of them can join the domainn that I have running at home using a VPN connection.

[Aragorn]

Sounds like you would need to go the full W2K(3) with ISA Server - certainly non-trivial. As per my edit, that uses udp 500, 4500 and tcp 50.
I guess you need to evaluate what services are needed - an ssh tunnel is a far easier bet than buying and configuring ISA server.

[Matthew]

ISA is way out of the question!

I will have a look I think before I do anything, doesnt seem as easy as I thought it was going to be.

[rikur]

if you are responsible for all the sites, I'd set-up the VPN using routers rather than software on the PC's

It's not that difficult or expensive - a router with builtin VPN support from Netgear will cost you £50 (eg http://www.netgear.co.uk/extra/prosa...all_fvs114.php) , and it has a simple "wizard" interface to create the VPNs.

Compared to the cost of a standard router, it's not really all that more expensive, and the end result is a true virtual private network with IP sec encryption.

---------- Post added at 20:40 ---------- Previous post was at 20:38 ----------

Quote:

Originally Posted by Matthew

ISA is way out of the question!

I will have a look I think before I do anything, doesnt seem as easy as I thought it was going to be.

You don't need ISA server to set-up Windows server VPN, it's built in to both Win2K server and 2003. Set-up using "routing and remote access" from the control panel

---------- Post added at 20:58 ---------- Previous post was at 20:40 ----------

Quote:

Originally Posted by Aragorn

For an IPSec VPN, you would need UDP 500 (and poss 4500) and TCP 50.

It does depend on the type of IP-SEC VPN being used - for example Cisco requires UDP500, UDP4500, UDP10000

Also worth pointing out that many VPN protocols won't work through port address translation (what most people refer to as NAT), for the server hosting the VPN concentrator would need two NIC cards, and would need to act as a firewall/router for your network

[Matthew]

I think I will invest in some NETGEAR routers when I have got the money. Thanks for that.