VPN Server Setup Guide under Windows 2003

The full name of VPN in English is “Virtual Private Network”, which translates to “virtual private network”. As the name suggests, virtual private networks can be understood as virtual internal corporate lines. If you want to use the Internet for secure network communication, shared resources and other applications, VPN is the best solution. Today, I will take you into the world of VPN and teach you how to set up a VPN server under the Windows 2003 operating system.

a, VPN Overview


before the erection of the VPN server, we need to first understand some of the relevant knowledge, because you want to use the VPN service requires a certain network infrastructure . A virtual private network (VPN) is a secure tunnel formed by two devices with VPN-initiated connectivity through the Internet. At the originating end of the tunnel (that is, the server), the user's private data is transmitted on the Internet after being encapsulated and encrypted. At the receiving end of the tunnel (that is, the client), the received data is safely arrived at the user after being unpacked and decrypted. end. It goes without saying that this method can securely transfer private data over a non-secure Internet to implement internet-based networking operations. The effect of VPN technology is similar to the traditional DDN private line networking mode. The network topology is shown in the figure below.


Note: The VPN service is built in the Win2K operating system. This document is based on the configuration of the system's own VPN service.

two, windows 2003 VPN server installation configuration


in windows2003 the VPN service called "Routing and Remote Access", the default state is already installed. Simply configure the service to make it effective.

first step: Select "Start" - "Administrative Tools" - "Routing and Remote Access" to open the "Routing and Remote Access" service window; then right-click the local computer name, select the right window. " Configure and enable routing and remote access."
Step 2: Click Next in the configuration wizard window that appears, and enter the service selection window. If your server has only one network card as mentioned in this document, you can only choose "custom configuration"; the standard VPN configuration requires two network cards. If your server has two network cards, you can be targeted. Choose the first or third item. Then click on the next step all the way to complete the configuration and start the VPN service.

third step: to not end here, just two steps above to open a VPN service, but also through the necessary settings in order to meet our actual use of the environment. To set a question about the IP address, right click on the local server name in the tree in the right, select "Properties" and switch to the IP tab. What I want to say here is, if your internet pull-in method is broadband routing access or DHCP, then you don't need to change it. However, according to the author's experience, the network speed using DHCP dynamic IP is relatively slow; while using static IP can be used. Reduce the IP address resolution time and increase the network speed. The initial IP address and the ending IP address can be set according to the IP address range of your local area, or you can define it yourself. For example, the common LAN segment "192.168.0.X".

Step Four: We put it on the dynamic domain name here. Because the general enterprise access to the Internet should have a fixed IP, so that the client can access the server anytime and anywhere; and if you are using ADSL broadband access for home users, it is generally different every time the Internet address is different. Dynamic IP, so you need to install dynamic domain name resolution software on the VPN server to enable the client to find the server on the network and dial in at any time. It is recommended to use the dynamic domain name resolution software peanut shell, which can be downloaded at www.oray.net. Please refer to the relevant information for installation and precautions, which will not be detailed here.

three, VPN client configuration


end of this configuration is relatively much simpler just to establish a dedicated connection to the VPN server. First of all, the client must also access the internet network. Then the author also uses the Windows 2003 client as an example. The other win2K operating system settings are similar:

Step 1: On the desktop "Network Neighborhood" icon point Right-click on the property, then double-click the "New Connection Wizard" to open the wizard window and click Next; then in the "Network Connection Type" window, click the second "Connect to the network of my workplace", continue to the next step in the network In the Connection Method window, select the second "Virtual Private Network Connection"; then name the connection and click Next.

Step 2: In the "VPN Server Selection" window, wait for us to input the fixed content of the VPN server, which can be a fixed IP or a dynamic domain name parsed by the peanut shell software (this domain name It needs to be downloaded from www.oray.net which provides peanut shell software); the "Available Connections" window that appears next keeps the default option of "just use me"; finally, for convenience, you can check "Create shortcuts on the desktop" "Options, click Finish will bring up the VPN connection window. After entering the legitimate account of accessing the VPN server, the operation is the same as the "Remote Desktop" function under XP. After the connection is successful, an icon will be displayed in the status bar in the lower right corner.

Fourth, the sharing operation


long after the connection had some experience with LAN friends should know how to do it? One way is to find the VPN server shared directory through "Network Neighborhood"; another way is to enter the fixed IP address or dynamic domain name of the VPN server in the browser to open the shared directory resource. This is actually no different from the operation in the same LAN. Naturally, you can directly click on a video program to play, saving you the time to download the file.