Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

XP VPN.

1 view
Skip to first unread message

Clint Sharp

unread,
Jan 20, 2005, 5:43:05 PM1/20/05
to
K, I'm missing something blatantly obvious here, I've set up an XP box
to accept incoming VPN connections which appears to work OK (click on
the Connect to and enter the password, you get a pretty icon in the
systray saying connected) using all the defaults, I have now set up
another XP machine to be the 'client' but cannot 'browse' the remote
network, I can't even connect to a remote share by name. If I ping the
remote machine by name (I.E. SG-2) ping returns the correct remote IP
address (192.168.254.1) but fails to reply to the pings......

WTF is up? I have set up VPN connections before, indeed I have one
working to another site with no problems but that's to a 2K SBS box...
What have I missed?

Both Machines are XP Pro SP1, both routers are EN5861, I assume the
firewall is set up correctly as the tunnel establishes and authenticates
and neither machine is running the network firewall or any other
firewall.
--
Clint Sharp

PJB

unread,
Jan 20, 2005, 6:12:36 PM1/20/05
to

"Clint Sharp" <cl...@clintsmc.demon.co.uk> wrote in message
news:BV5wQPB5...@clintsmc.demon.co.uk...

thought only server versions of Windows would accept incoming VPN sessions,
unless some other program is handling the VPN termination?.

could be soooooooooooooo wrong, mind ;-)

P.


Clint Sharp

unread,
Jan 21, 2005, 12:26:47 PM1/21/05
to
In message <RDRN0D...@roadrunner.wilecoyote.org>, PJB
<m...@privacy.net> writes

>thought only server versions of Windows would accept incoming VPN sessions,
>unless some other program is handling the VPN termination?.
>
>could be soooooooooooooo wrong, mind ;-)
Yeah, XP will accept a single incoming VPN connection, either PPTP or
L2TP, not looked into the certificate side of it for L2TP though
>
>P.
>
>

--
Clint Sharp

plumbum

unread,
Aug 4, 2005, 12:09:24 PM8/4/05
to

Even though the following is related to connecting to a Netgear VPN
endpoint it may be useful on the XP-VPN-client side:

Windows XP [VPN client] to Netgear, say, DG834G [VPN gateway]
configuration:

Create the DG834G - WinXP IPSec Policy

1. Click Start, click Run, and then type secpol.msc.
2. Right-click “IP Security Policies on Local Computer”, and then click
Create IP Security
Policy.
3. Click Next, and then enter DG834G - WinXP IPSec Policy as the name
for your policy.
4. Clear the “Activate the default response rule” check box, and then
click Next.
5. Clear the “Edit properties” checkbox.
6. Click Finish.

Configure Key Exchange Settings

1. Right click on the DG834G - WinXP IPSec Policy you just created and
choose Properties.
2. On the General page, click the Advanced button.
3. Check the “Master key perfect forward secrecy (PFS)” checkbox.
4. Make sure that the key generation time is 3 minutes.
4. Click OK. Click OK again. Apply the settings and click OK.

Create the DG834G to WinXP IP Filter List

1. Right-click IP Security Policies on Local Computer, and then click
Manage IP filter lists and
filter action.
2. Click Add on the Manage IP Filter Lists page.
3. Enter FVS to WinXP IP Filter List the filter list name.Uncheck the
"Use Add wizard".
4. Click Add. The Filter Properties dialog displays.
5. Clear the Mirrored check box (tunnel settings cannot be mirrored).
6. For Source Address, select “A specific IP Subnet”. In the IP address
box punch in 192.168.12.0 and subnet is 255.255.255.0

7. For Destination address, select “A specific IP Address” and punch in
the IP address of the computer.
8. In the Protocol page ensure that “Any” protocol type is selected.
9. Apply new settings, click OK, and close the IP Filter List dialogs.

Create the WinXP to DG834G IP Filter List

1. Right-click “IP Security Policies on Local Computer,” and then click
Manage IP filter lists
and filter action.
2. Click Add on the Manage IP Filter Lists page.
3. Enter Winxp to DG834G IP Filter List as the filter list name. Click
Add. The Filter
Properties dialog displays.
4. Clear the Mirrored check box (tunnel settings cannot be mirrored).
5. For Source address, select “A specific IP Address”. Punch in the IP
address of the computer
6. For Destination Address, sselect “A specific IP Subnet”. In the IP
address box punch in 192.168.12.0 and subnet is 255.255.255.0
mask.
7. In the Protocol page ensure that “Any” protocol type is selected.
8. Apply new settings, click OK, and click close the IP Filter List
dialogs.

Create the DG834G - WinXP Filter Action

1. Right-click “IP Security Policies on Local Computer”, and then click
Manage IP filter lists
and filter actions. Choose the “Manage Filter Action” page.
– Verify that the clear “Use Add Wizard” option is unchecked and click
Add.
– Select “Negotiate Security” and click Add.
– Select “Custom” and click Settings.
– Ensure that the “Data integrity and encryption (ESP)” option is
selected.
– Ensure that integrity algorithm is SHA1.
– Ensure that encryption algorithm is 3DES.
– Select “Generate a new key every” 300 seconds for session key.
2. Click OK to save the changes and return to the Filter Action
Property dialog.
3. Select “Session key perfect forward secrecy (PFS)” option.
– Ensure that “Accept unsecured communication, but always respond using
IPSec” option is
NOT selected.
– Ensure that “Allow unsecured communication with non-IPSec-aware
computers” option is
NOT selected.
4. Go to the General page and enter DG834G - WinXP Filter Action in the
name field
5. Click Apply to save the new filter action settings, and close the
Manage IP Filter lists and
actions dialog.

Create the DG834G to WinXPTunnel Rule

1. Double click on the “DG834G to WinXP IPSec Policy”.
2. Verify that the “Use Add Wizard” option is clear and click Add.
3. For Connection Type select “All network connections”.
4. For IP Filter List select “DG834G to WinXP IP Filter List”.
5. For Filter Action select “DG834G - WinXP Filter Action”.
6. For Tunnel Setting, select the “The tunnel endpoint is specified by
this IP Address:” radio
button, and enter the IP address of the computer
7. For Authentication Method, click Add, select “Use this string to
protect the key exchange
(Preshared key)”. Use the preshared key that was typed in the router.

Create the Winxp to DG834G Tunnel Rule

1. Double click on the “Winxp to DG834G IPSec Policy”.
2. Verify that the “Use Add Wizard” option is clear and click Add.
3. For Connection Type select “All network connections”.
4. For IP Filter List select “Winxp to DG834G IP Filter List”.
5. For Filter Action select “DG834G - Winxp Filter Action”.
6. For Tunnel Setting select the “The tunnel endpoint is specified by
this IP Address:” radio
button, and from our example enter the IP address of the router
7. For Authentication Method select “Use this string to protect the key
exchange (Preshared
key)”. Type the preshared key typed on the router.
8. Apply the new settings.

Now activate the DG834G - Winxp IPSec Policy. Highlight the “IP
Security Policies on Local Machine,” right-click the “DG834G - Winxp
IPSec Policy” policy, and then click Assign. A green dot appears in the
folder icon next to the policy


--
plumbum

0 new messages