Although I work mostly from home, I rent a hot desk at a local business centre, and take my laptop in there to work on a couple of times a week just for a change of scene and because I get a large discount in their cafe. I often need to connect to my home network while I’m there, and I’ve been doing it by having a remote desktop port open on the router. This is far from ideal, and so I decided to set up a VPN. Both the home PC and the laptop are running Windows 7 Ultimate, which has VPN built in, so it should have been a 10 minute job, but it wasn’t. It just took me all morning to get it working.
To test it, I disconnected my laptop from the network and switched off its wireless card. Then I tethered it to my phone, so that it was having to connect as though it was somewhere else.
The server end appears straightforward enough. Go into Control Panel/Network and Sharing Center/Change Adapter Settings, press Alt, then File/New Incoming Connection. Select who can connect (I set up a new user specifically for this purpose with a very long password), then how they connect. I set up TCP/IPv4, File and Printer Sharing and QoS Packet Scheduler (just because they were the defaults, my router doesn’t support TCP/IPv6 on the LAN). This creates an Incoming Connections adapter.
The router needs to be configured to forward port 1723 (pptp) to the desktop PC.
The client should be almost as easy. Go to Control Panel/Network and Sharing Center/Set up a new connection or network/Connect to a workplace. Then Create a new connection, select Use my internet connection, and enter the internet address of the router (it will take a name). It should then ask you for the username/password to connect to, and that should then connect up and give the laptop access to the LAN.
It didn’t for me. I spent a couple of hours googling and experimenting before I could get it to work.
The first problem was that it couldn’t negotiate a protocol. Find the adapter that was created at the client end (the default name is “VPN Connection”), right click and select properties. Under Security, the first item (Type of VPN) is automatic. That doesn’t work. You have to tell it to use PPTP.
Next, under networking you may need to disable access over TCP/IPv6. Maybe it will work for you, but it didn’t for me.
The next problem I had was that, once it connected, it couldn’t get an IP address. It seems that it only manages to negotiate with an MS DHCP server, whereas I use the DHCP on my router. To fix that I had to go into the properties of the adapter at the server end, select Networking and Specify IP addresses (I gave it a range of addresses outside that which the router’s DHCP server will ever use).
At that point, I was able to connect, and some things worked as though the laptop was on the LAN. There are a couple more settings at the client end that it is worth considering changing. Under Options/PPP Settings… there is an Enable software compression option, which is off by default. I haven’t done any tests to see if switching it on speeds it up, but it probably should.
Also in the properties, under Networking/TCP/IPv4 Properties/Advanced/IP Settings there is an option “Use default gateway on remote network”, which is on by default. This will make all internet traffic travel to your router, rather than work directly over the connection the laptop is on. This will be a lot slower, but if you are concerned about security and want to lock down the laptop as much as possible it’s worth considering leaving it as it is, and setting up your firewall on the laptop so that everything is closed except outgoing port 1723 (I haven’t experimented with this, I just switched the option off).
The final (so far) problem I have is that the names of machines on the LAN don’t work over the VPN connection. I can use IP addresses (to ping or in UNC addresses in Explorer) but not the names. There is a setting for enabling NetBIOS over TCP/IP at the client end, and it’s on by default, but it’s in the properties under Networking/TCP/IPv4/Advanced/WINS, which rather implies that it only works if you are running a WINS server on the LAN (which I’m not). I’ve worked around that by adding the machine names and addresses to the hosts file (C:\Windows\System32\Drivers\etc\hosts), which is far from ideal, but is convenient. Obviously, this will only work for machines that have fixed LAN IP addresses.
Connecting my android tablet to the VPN was very easy. There’s a VPN client built into it, and I just had to tell it the address to connect to. Again, NetBIOS names don’t work over the VPN, but I haven’t bothered messing with the hosts file on the tablet (assuming there is one, I’ve never looked).
I would like to be able to change the port number used for the VPN, the one forwarded by the router, to make it less obvious what it is, but this appears to be impossible, unfortunately.
One thought on “Setting up a simple Windows 7 VPN”